ASP login success by authorization

I am trying to create a login page in ASP where, on login
success, the the user is directed to one of three separate pages.
The SQL Table is LogIn
The user name column is "email"
The Password column is "password"
The Access column is "permission"
(If I create a simpler page where access is restricted by
permission, then that works. So it would seem that the recordset is
correctly set)
Here is the code that I cannot get to work:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

<%
Dim logIn
Dim logIn_cmd
Dim logIn_numRows
Set logIn_cmd = Server.CreateObject ("ADODB.Command")
logIn_cmd.ActiveConnection = MM_Fetchit_STRING
logIn_cmd.CommandText = "SELECT * FROM fetchit_admin.LogIn"
logIn_cmd.Prepared = true
Set logIn = logIn_cmd.Execute
logIn_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction =
MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("email"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd
MM_fldUserAuthorization = "Permission"
MM_redirectLoginSuccess = "ALoginSuccess.asp"
MM_redirectLoginFailed = "ALoginFail.asp"
MM_loginSQL = "SELECT email, Password"
If MM_fldUserAuthorization <> "" Then MM_loginSQL =
MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM fetchit_admin.LogIn
WHERE email = ? AND Password = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_Fetchit_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append
MM_rsUser_cmd.CreateParameter("param1", 200, 1, 50, MM_valUsername)
' adVarChar
MM_rsUser_cmd.Parameters.Append
MM_rsUser_cmd.CreateParameter("param2", 200, 1, 50,
Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
' redirect user based on Access level
If Session("MM_UserAuthorization") = "Admin" Then
MM_redirectLoginSuccess = "1index.asp"
ElseIf Session("MM_UserAuthorization") = "Account" Then
MM_redirectLoginSuccess = "2Index.asp"
Else MM_redirectLoginSuccess = "3index.asp"
End If
if CStr(Request.QueryString("accessdenied")) <> "" And
false Then
MM_redirectLoginSuccess =
Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form id="form1" name="form1" method="POST"
action="<%=MM_LoginAction%>">
<input type="text" name="email" id="email" />
<input type="text" name="password" id="password" />
<input type="submit" name="button" id="button"
value="Submit" />
</form>
</body>
</html>
<%
logIn.Close()
Set logIn = Nothing
%>

Are you saying that the code below does not work?
' redirect user based on Access level
If Session("MM_UserAuthorization") = "Admin" Then
MM_redirectLoginSuccess = "1index.asp"
Else
If Session("MM_UserAuthorization") = "Account" Then
MM_redirectLoginSuccess = "2Index.asp"
Else MM_redirectLoginSuccess = "3index.asp"
End If
if CStr(Request.QueryString("accessdenied")) <> "" And
false Then
MM_redirectLoginSuccess =
Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>

Similar Messages

New scene after login success AS3

Hi guys,
I'm really new to actionscript so i have trouble in understanding the code. I tried many ways to go to a new scene after login successful but sadly failed. I followed one of the tutorials on the login part..It works and i'm happy wif it..but currently, it displays only the success message. Instead, i wanna go to a new scene but don't know how. I'll post the code below. Hope u can help ..I have a dateline for this project. Thanks!
[actionscript]
package actions {
    import flash.display.MovieClip;
    import flash.events.*;
    import flash.net.*;
    import flash.text.*;
    public class main extends MovieClip {
        public function main ():void {
            submit_button.buttonMode = true;
            submit_button.addEventListener(MouseEvent.MOUSE_DOWN, checkLogin);
            username.text = "";
            password.text = "";
        public function checkLogin (e:MouseEvent):void {
            if (username.text == "" || password.text == "") {
                if (username.text == "") {
                username.text = "Enter your username";
                if (password.text == "") {
                password.text = "Enter your password";
            } else {
                processLogin();
        public function processLogin ():void {
            var phpVars:URLVariables = new URLVariables();
            var phpFileRequest:URLRequest = new URLRequest("login.php");
            phpFileRequest.method = URLRequestMethod.POST;
            phpFileRequest.data = phpVars;
            var phpLoader:URLLoader = new URLLoader();
            phpLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
            phpLoader.addEventListener(Event.COMPLETE, showResult);
            phpVars.systemCall = "checkLogin";
            phpVars.username = username.text;
            phpVars.password = password.text;
            phpLoader.load(phpFileRequest);
        public function showResult (event:Event):void {
            result_text.autoSize = TextFieldAutoSize.LEFT;
            result_text.text = "" + event.target.data.systemResult;
[php]
<?php
include_once "dbconnect.php";
$username = $_POST['username']; //variables from flash
$password = $_POST['password'];
if ($_POST['systemCall'] == "checkLogin") {
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$query = mysql_query($sql);
$login_counter = mysql_num_rows($query);
if ($login_counter > 0) {
print "systemResult=Welcome $username!";
} else {
print "systemResult=Invalid User!";
?>

You probably want to check the value that it returns and use it to decide whether to go to the next scene or not.
        public function showResult (event:Event):void {
            result_text.autoSize = TextFieldAutoSize.LEFT;
            result_text.text = "" + event.target.data.systemResult;
            if(String(result_text.text).indexOf("Welcome") == 0) {
                   gotoAndPlay(1, "Scenename");
What the first line does is checks to see if the word Welcome is at the start of whatever is in the textfield (starts at index 0). If it does, then it issues the command to move to another frame/scene

Users only login successfully under safeboot, 10.5.8

I have a large OD deployment with mixed PPC/Intel clients, freshly imaged with 10.5.8. At first login the authentication is fast and successful and any mobile users are delivered home folder data at speed, however for an type of OD client the delay in delivering the final desktop is about 30 minutes, (dock, desktop icons or menu bar). On second login to the same machine the process is sub 60 seconds.
Summary of investigations so far;
1.Neither client or server logs state any issues, and I have removed any 3rd party launch daemons, agents or startup items.
2.Under system level safeboot the login as it at the correct speed, at user level the problem still occurs.
3.Known good machine not from deployed image experiences the same issue.
4.If you disconnect ethernet at the long desktop build stage it resolves itself instantly, making me think there is some network call not timing out, these machines have no WAN connection.
I can only think there is an OS extension not loaded in safeboot causing the problem but I'm unable to track it down. TCP dump tomorrow but was keen to see if anyone has experienced anything similar. We have completed 8 similar deployments this summer and not come any similar issues.
Thanks in advance.

Not sure if this is the same thing for me or not, but I am seeing some strangeness in logins too. We can have a full class login just fine, same class the next day cannot login. We are all at 10.5.8, server and client and I have been pouring over server logs to see what the culprit might be. One thing I have seen is this...
Client application bug: DNSServiceResolve
This seems to be happening over Airport or rather, that's where we're seeing it. When the slowdown occurs, even putting a machine on 'wire' doesn't seem to make a difference. I have spoken to apple and their suggestion is to re-image the machines. I am thinking that this is a server issue and not a client in need of re-imaging issue.
I'll post more as I figure this one out.

Help! 2 logins, 2 Accounts - authorization issue

Hi,
I'm trying to help a friend here. He and his wife have separate logins on their PC. Each login has iTunes installed. Each user has their own iTunes account.
Their problem is this: when one of them logs in and uses their account, it deauthorizes the other users account. Then, when the 2nd user authorizes their accoount, the first one gets deauthorized. So, any iTunes purchases they have made become a bit troublesome, asking to be authorized.
Is there not a way in which both users can authorized? I thought that authorization was for up to 5 computers. For computers, should that read 'accounts'?
Thanks
Lee

Well, does your provider actually allow PHP-Mailer?
Mylenium

ISE Guest portal CWA - Webauth exit button on Login Successful page not working (Safari and Chrome)

Hello
Has anyone else experienced the issue where this exit button works when IE is used to login to the ISE Guest portal, but not when Chrome is used. Same for Safari (from IPAD).
Sent from Cisco Technical Support iPad App

Google Chrome is not a fully supported browser for use with the Administrative User Interface of the Identity Services Engine (ISE), Version 1.1.3 and earlier.

RMAN could not login successful through UNIX shell

Hello All,
I meet the problem with executing rman by UNIX shell on Solaris OS. I have two scripts files: backup.rman and backup.sh. Both of them were created by root with chmod 755, and the Oracle user could not modify them.
---------backup.sh
rman target / @/var/opt/dpa/bin log /var/opt/dpa/log/backup.log
---------backup.rman
backup database plus archivelog all;
After I login OS as Oracle user, I did three operations separately.
1. Add the backup.sh script into crontab job
2. Execute the shell script as 'nohup ./backup.sh &'
3. oracle$dpdb> rman target / @/var/opt/dpa/bin log /var/opt/dpa/log/backup.log
For the first two operations, the log recorded insufficient privileges as below, but the third one can be executed no problem.
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-01031: insufficient privileges
Can anybody tell me why this happened? and how can I correct it? Thanks
Edited by: user10142484 on Feb 11, 2010 12:41 PM
Edited by: BigTeddy on Feb 22, 2011 12:08 PM

Hi Hemant,
I did add the the environment variables into shell script as below:
# .profile then has different relative position
cd `/bin/dirname $0`"/.."
b=`pwd`
if [ "`basename $b`" = "backup" ]; then
. $b/../../.profile
else
. $b/../.profile
fi
# Specify the path and file name where the log file shall be created
LOGFILE=/var/opt/dpa/log/backup.log
# Specify the directory where the RMAN restore and recover scripts reside
SCRIPTDIR=/var/opt/dpa/backup/bin
echo "Starting full backup..."
rman target / nocatalog @$SCRIPTDIR/whole_backup.rman log $LOGFILE

ASP Login

I'm trying to automate a process of downloading a file from a website. The thing is that I have to fill in the username and password then click a button on this website. This webpage is using ASP. I have checked with the company maintaining the website and they don't have another protocol for downloading that file. I know this can be done in VB.NET, can this be done in Java?
Thanks.

sure you can do this in java.
for example just create an URL Object containing all the nessecary paramaters like userid and password and then make an URLConnection with that URL Object to the website and read in the answer. Then just save it to a file an here you go. No big thing.

Blackberry: SUP: login success notification

Hi all
I'm new to Blackberry and Sybase and I must admit that I'm really hating the lack of info for both...
trying to write a plugin that will allow me to connect and login to my sybase.
I'm currently blocked by this line
SUP101DB.loginToSync("supAdmin", "s3pAdmin");
loginToSync returns void so ... how do I know if I succeeded with my login or not ?
the IOS version of the SUP registers a eventlistener and a callback
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(onLoginSuccess:) name:ON_LOGIN_SUCCESS object:nil];
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(onLoginFailure:) name:ON_LOGIN_FAILURE object:nil];
how can I do the same with Blackberry ?

I am moving further questions to the thread (SUP for Blackberry) JCo unknown type error when using PT_ARQ_REQUEST* RFC as it might move from the original topic of this one. My question concering SAP login with the SUP is answered. I also found another nice explanation that I want to share:
1) SUP user info can be synchronized with LDAP but not synchronized with ERP.
2) SUP uses 1 technical user to connect to ERP
3) SUP uses 2 filter approaches to deliver data from ERP to devices
A) use u201Eload parameteru201C to filter data from ERP to SUP
B) use u201Esynchronization parameteru201C to filter data from SUP to devices
either of above parameters can use u201Esynchronizaion keyu201C created in device application
4) u201Esynchronization keyu201C can use device user name/password data
I hope this helps someone else, too =) Thank you for the support!
Edited by: Jenny Bachmann on Feb 8, 2011 9:32 AM

Support forum does not let me past login success to provide details when already logged in.

I have to log out first for the "Ask a Question" form to redirect correctly.

Try clearing your browser cache.
Tools > Clear Recent History... - hit Details and make sure only Cache is selected, then select Everything and hit the Clear Now button.

Use DBLoginModule (DBTableLoginModule) in JBoss

Hi,
Anyone know how to deploy web app using DBLoginModule (DBTableLoginModule,DBTableOraDatasourceLoginModule) to Jboss or Tomcat
I create sample web App and configure JASS to use DBLoginModule and test it in JDeveloper 10g R3 it is working.
But i want to deploy to Jboss 4.0.2 or Tomcat 6.0.16 please if anyone can help me.
<application>
<name>current-workspace-app</name>
<login-modules>
<login-module> <class>oracle.sample.dbloginmodule.dbtablelm.DBTableLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>user_table</name>
<value>users</value>
</option>
<option>
<name>roles_table</name>
<value>USER_ROLES_VIEW</value>
</option>
<option>
<name>username_column</name>
<value>email</value>
</option>
<option>
<name>password_column</name>
<value>password</value>
</option>
<option>
<name>roles_column</name>
<value>role_name</value>
</option>
<option>
<name>user_pk_column</name>
<value>user_id</value>
</option>
<option>
<name>roles_fk_column</name>
<value>user_id</value>
</option>
<option>
<name>debug</name>
<value>true</value>
</option>
<option>
<name>realm_column</name>
<value>REALM_NAME</value>
</option>
<option>
<name>application_realm</name>
<value>SecureApp</value>
</option>
<option>
<name>jdbcUrl</name>
<value>jdbc:oracle:thin:@DB IP:1521:orcl</value>
</option>
<option>
<name>db_schema</name>
<value>scott</value>
</option>
<option>
<name>db_schema_pw</name>
<value>tiger</value>
</option>
</options>
</login-module>
</login-modules>
</application>

Hello Frank,
Thanks for your replay.
I work begin on DBLoginModule (DBTableLoginModule) the authenticate is work (Login success) but authorize is not working the log of class tell me i have the role but Jboss not find any role assign to user.
code add to login-config.xml
<authentication>
<login-module code="oracle.sample.dbloginmodule.dbtablelm.DBTableLoginModule"
flag="required">
<module-option name = "jdbcUrl">jdbc:oracle:thin:@10.0.0.56:1521:odb</module-option>
               <module-option name = "db_schema">obligation</module-option>
               <module-option name = "db_schema_pw">oracle</module-option>
<module-option name = "user_table">users</module-option>
<module-option name = "roles_table">USER_ROLES_VIEW</module-option>
<module-option name = "username_column">email</module-option>
<module-option name = "password_column">password</module-option>
<module-option name = "roles_column">role_name</module-option>
<module-option name = "user_pk_column">user_id</module-option>
<module-option name = "roles_fk_column">user_id</module-option>
<module-option name = "debug">true</module-option>
<module-option name = "realm_column">REALM_NAME</module-option>
<module-option name = "application_realm">SecureApp</module-option>
</login-module>
</authentication>
If you have time look to log from Jboss :
LoginModule Class: oracle.sample.dbloginmodule.dbtablelm.DBTableLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=roles_fk_column, value=user_id
name=jdbcUrl, value=jdbc:oracle:thin:@10.0.0.56:1521:odb
name=user_pk_column, value=user_id
name=db_schema_pw, value=oracle
name=debug, value=true
name=application_realm, value=SecureApp
name=user_table, value=users
name=roles_table, value=USER_ROLES_VIEW
name=roles_column, value=role_name
name=db_schema, value=obligation
name=username_column, value=email
name=realm_column, value=REALM_NAME
name=password_column, value=password
2008-04-28 14:03:20,203 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.dbtablelm.DBTableLoginModule, false)
2008-04-28 14:03:20,203 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,203 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.dbtablelm.DBTableLoginModule)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.interfaces.DBLoginModule, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.interfaces.DBLoginModule)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.spi.LoginModule, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.sql.SQLException, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.callback.UnsupportedCallbackException, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.login.LoginException, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.Subject, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.callback.CallbackHandler, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.util.ScreenLoggerImpl, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.util.ScreenLoggerImpl)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.interfaces.LMLogger, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.interfaces.LMLogger)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.StringBuilder, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.io.PrintStream, false)
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option debug = true
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option jdbc Url = jdbc:oracle:thin:@10.0.0.56:1521:odb
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option jdbc Class = oracle.jdbc.driver.OracleDriver
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option log level = log all
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option logger class = null
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option db schema = obligation
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option user table = users
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option roles table = USER_ROLES_VIEW
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option username column = email
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option password column = password
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option roles column = role_name
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option user pk column = user_id
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option roles fk column = user_id
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option password encoding class = null
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option realm_column = REALM_NAME
2008-04-28 14:03:20,218 INFO [STDOUT] [DBTableLoginModule] option application_realm = SecureApp
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.jdbc.driver.OracleDriver, false)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.jdbc.driver.OracleDriver)
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@e8ef4c
2008-04-28 14:03:20,218 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2008-04-28 14:03:20,234 INFO [STDOUT] [DBTableLoginModule] login called on DBTableLoginModule
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.callback.Callback, false)
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.callback.NameCallback, false)
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.callback.PasswordCallback, false)
2008-04-28 14:03:20,234 INFO [STDOUT] [DBTableLoginModule] Calling callbackhandler ...
2008-04-28 14:03:20,234 INFO [STDOUT] [DBTableLoginModule] Username returned by callback = [email protected]
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.sql.DriverManager, false)
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.hsqldb.jdbcDriver, false)
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.hsqldb.jdbcDriver)
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@e8ef4c
2008-04-28 14:03:20,234 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2008-04-28 14:03:20,562 INFO [STDOUT] [DBTableLoginModule] Connection: jdbc:oracle:thin:@10.0.0.56:1521:odb username: obligation password: **************
2008-04-28 14:03:20,562 INFO [STDOUT] [DBTableLoginModule] User query string: select user_id,password from users where email= (?)
2008-04-28 14:03:20,562 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.sql.Connection, false)
2008-04-28 14:03:20,781 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.sql.PreparedStatement, false)
2008-04-28 14:03:20,843 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.sql.ResultSet, false)
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] User primary key value found = 205
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.interfaces.DBLoginModuleEncodingInterface, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.interfaces.DBLoginModuleEncodingInterface)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] User [email protected] authenticated successfully
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] Roles query string: select role_name from USER_ROLES_VIEW where user_id= (?) and REALM_NAME = 'SecureApp'
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] DBUser Principal Name: [email protected]
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.principals.DBUserPrincipal, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.principals.DBUserPrincipal)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.interfaces.UserPrincipal, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.interfaces.UserPrincipal)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.security.Principal, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,875 INFO [STDOUT] [DBTableLoginModule] DBRole Principal Name: admin
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.principals.DBRolePrincipal, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.principals.DBRolePrincipal)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(oracle.sample.dbloginmodule.interfaces.RolePrincipal, false)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(oracle.sample.dbloginmodule.interfaces.RolePrincipal)
2008-04-28 14:03:20,875 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,890 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2008-04-28 14:03:20,890 INFO [STDOUT] [DBTableLoginModule] Logon Successful = true
2008-04-28 14:03:20,890 INFO [STDOUT] [DBTableLoginModule] Subject contains 0 Principals before auth
2008-04-28 14:03:20,890 INFO [STDOUT] [DBTableLoginModule] Local LM commit succeeded
2008-04-28 14:03:20,890 INFO [STDOUT] [DBTableLoginModule] Subject contains 2 Principals after auth
2008-04-28 14:03:20,890 INFO [STDOUT] [DBTableLoginModule] Cleaning internal state!
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] defaultLogin, lc=javax.security.auth.login.LoginContext@114a41, subject=Subject(19008277).principals=oracle.sample.dbloginmodule.principals.DBUserPrincipal@366191(DBUserPrincipal: [email protected])oracle.sample.dbloginmodule.principals.DBRolePrincipal@14118174(DBRolePrincipal: admin)
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] updateCache, inputSubject=Subject(19008277).principals=oracle.sample.dbloginmodule.principals.DBUserPrincipal@366191(DBUserPrincipal: [email protected])oracle.sample.dbloginmodule.principals.DBRolePrincipal@14118174(DBRolePrincipal: admin), cacheSubject=Subject(20767108).principals=oracle.sample.dbloginmodule.principals.DBUserPrincipal@366191(DBUserPrincipal: [email protected])oracle.sample.dbloginmodule.principals.DBRolePrincipal@14118174(DBRolePrincipal: admin)
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f9cdda[Subject(20767108).principals=oracle.sample.dbloginmodule.principals.DBUserPrincipal@366191(DBUserPrincipal: [email protected])oracle.sample.dbloginmodule.principals.DBRolePrincipal@14118174(DBRolePrincipal: admin),credential.class=java.lang.String@12759798,expirationTime=1209382400203]
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] End isValid, true
2008-04-28 14:03:20,890 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: [email protected] is authenticated
2008-04-28 14:03:20,890 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
     Principal: DBUserPrincipal: [email protected]
     Principal: DBRolePrincipal: admin
, sc=org.jboss.security.SecurityAssociation$SubjectContext@e62a39{[email protected],subject=14555958}
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f9cdda[Subject(20767108).principals=oracle.sample.dbloginmodule.principals.DBUserPrincipal@366191(DBUserPrincipal: [email protected])oracle.sample.dbloginmodule.principals.DBRolePrincipal@14118174(DBRolePrincipal: admin),credential.class=java.lang.String@12759798,expirationTime=1209382400203]
2008-04-28 14:03:20,890 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: [email protected]: [email protected]
2008-04-28 14:03:20,890 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@e62a39{[email protected],subject=14555958}
2008-04-28 14:03:20,890 TRACE [org.jboss.security.plugins.JaasSecurityManager.MyLogin] getUserRoles, subject: Subject:
     Principal: DBUserPrincipal: [email protected]
     Principal: DBRolePrincipal: admin
2008-04-28 14:03:20,890 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[[email protected]()]
2008-04-28 14:03:20,890 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of '[email protected]' was successful
2008-04-28 14:03:20,890 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/SecureApp/faces/app/page1.jspx'
2008-04-28 14:03:20,890 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/SecureApp/faces/app/j_security_check
2008-04-28 14:03:20,890 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 8EE35D9896AF1B9CBE2C17D4768D51F7
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /SecureApp/faces/app/page1.jspx
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[user Page]' against GET /faces/app/page1.jspx --> true
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[admin Page]' against GET /faces/app/page1.jspx --> false
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session '8EE35D9896AF1B9CBE2C17D4768D51F7'
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated '[email protected]' with type 'FORM'
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
2008-04-28 14:03:21,078 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[[email protected]()]
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.realm.RealmBase] Username [email protected] does NOT have role user
2008-04-28 14:03:21,078 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: user
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.realm.RealmBase] Username [email protected] does NOT have role admin
2008-04-28 14:03:21,078 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: admin
2008-04-28 14:03:21,078 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking for all roles mode: authOnly
2008-04-28 14:03:21,078 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed accessControl() test
2008-04-28 14:03:21,078 TRACE [org.jboss.security.SecurityAssociation] clear, server=true

Authorization denial messages to clients or URL redirection once denied?

Our client would like to setup a Internet access solution for a limited number of employees belonging to a certain AD group. I have Central web auth working and can easily grant or deny access/authorization by AD group memberships, but I want a more friendly "not authorized" message or url sent to the users whom are not in the permitted AD group. Currently, a user not in the group (not permitted) can get the portal login page, followed by the AUP page, then they get the "login successful" just as the permitted users do. This seems inappropriate when they then have no access to anything.
Note, we would like to do this without any advanced license needs on ISE. We are using ISE solely for hosting our guest portals and then both local and external (AD) user authentication/authorization.
David

Step by step, how did you arrive at seeing this agreement?

Ask for help with form based authentication & authorization

Hi:
I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
Any idea ?
Thanks in advance.
HaiMing
attach config files
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecureBit1</web-resource-name>
<description>no description</description>
<url-pattern>/control/signin</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/control/formbasedlogin</form-login-page>
<form-error-page>/control/formbasedloginerror</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>the customer role</description>
<role-name>customer</role-name>
</security-role>
weblogic.xml
<security-role-assignment>
<role-name>
customer
</role-name>
<principal-name>
customer_group
</security-role-assignment>
weblogic.properties
weblogic.password.user1=user1pass
weblogic.password.user2=user2pass
weblogic.password.user3=user3pass
weblogic.security.group.customer_group=user1,user2

Hi, Paul:
Thanks a lot for your reply.
Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
<auth-constraint>
<description>no description</description>
<role-name>customer</role-name>
</auth-constraint>
So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
What not happen are :
1. user1 & user2 pass, but redirect to /
2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
(login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
Any idea ?
HaiMing
"Paul Patrick" <[email protected]> wrote:
If I understand what your trying to do, everyone should get access to the
login page since roles are not
associated with principals until after they authenticate. If I follow what
you specified in the XML files,
authenticated users user1 and user2 are members of a group called
customer_group.
The principal customer_group (and therefore its members) is mapped in the
weblogic.xml file to the role
customer.
I can't speak to the reason your being redirected to the document root.
Paul Patrick
"HaiMing" <[email protected]> wrote in message
news:[email protected]...
Hi:
I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
web.xml, weblogic.xml & weblogic.properties)
1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
the user does not have the necessary role
in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
/ error message which complain about the authorization / access control
error
2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
Any idea ?
Thanks in advance.
HaiMing
attach config files
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecureBit1</web-resource-name>
<description>no description</description>
<url-pattern>/control/signin</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/control/formbasedlogin</form-login-page>
<form-error-page>/control/formbasedloginerror</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>the customer role</description>
<role-name>customer</role-name>
</security-role>
weblogic.xml
<security-role-assignment>
<role-name>
customer
</role-name>
<principal-name>
customer_group
</security-role-assignment>
weblogic.properties
weblogic.password.user1=user1pass
weblogic.password.user2=user2pass
weblogic.password.user3=user3pass
weblogic.security.group.customer_group=user1,user2

Config command authorization not enabled

Can someone tell me why I'm getting this message. I'm beginning to think this has something to do with my device failing authorization.
Show version
Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.1(19)EW1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Yep! I'm really running 12.1!
I'm receiving the message once i include "aaa authorization exec default group radius local if-authenticated" in the config.
Login is successful, however authorization does not allow me to go directly into enable mode. If I take the aaa authorization line out I can login to user mode and then use the enable password to move forward but that is not what I wish to achieve.
sh run | i aaa
aaa new-model
aaa authentication attempts login 5
aaa authentication banner ^C
aaa authentication fail-message ^C
aaa authentication login My-RADIUS group radius local
aaa accounting exec My-RADIUS start-stop group radius
aaa session-id common
Is there somewhere specific I was suppose to configure the aaa authorization enabled, because I'm not seeing it.
Let me know what other thoughts you may have.
Thanks
Nik

3640 - AAA/AUTHOR: config command authorization not enabled

Hello, I have a 3640 router with c3640-ik9o3sw6-mz.122-8.T.bin version but when I try to validate the username and password with a radius server, the debbug message is "AAA/AUTHOR: config command authorization not enabled" and I'm sure that the radius validates the user and the packet arrive to the router.
I've tried to update the IOS with c3640-ik9o3s-mz.122-46a.bin and I can validate but I cannot use "crypto isakmp client configuration group mygroup" to configure Easy VPN server.
I attach you the files with config and logs.
Thanks you in advance.

Yep! I'm really running 12.1!
I'm receiving the message once i include "aaa authorization exec default group radius local if-authenticated" in the config.
Login is successful, however authorization does not allow me to go directly into enable mode. If I take the aaa authorization line out I can login to user mode and then use the enable password to move forward but that is not what I wish to achieve.
sh run | i aaa
aaa new-model
aaa authentication attempts login 5
aaa authentication banner ^C
aaa authentication fail-message ^C
aaa authentication login My-RADIUS group radius local
aaa accounting exec My-RADIUS start-stop group radius
aaa session-id common
Is there somewhere specific I was suppose to configure the aaa authorization enabled, because I'm not seeing it.
Let me know what other thoughts you may have.
Thanks
Nik

Can not login access manager

mail server version is JES messaging Server 6 2005Q4 :
My Access Manager:http://hostname:8080/amserver
last week, i login access manager, under the web label or configuration label�F
in "ldap" item�Ci add new dc=xx,dc=xx,dc=xx�C
then save configuration.
but after that i can not login access manager.
when i user admin login,it print:"
Authentication failed".
what should i do to restore access manage?
thanks!

javatoall wrote:
Hi,
I login Access Manager, access sample "realm" -> Authentication->
Advance Properties -> User profiles and then I choiced "Dynamic with user Alias".
Then I only configure JDBC authentication with mysql database that I don't used ldapservice.
When I created a one new user in MySQL, I can login into web application that i security as "sample.war" successfull but new user don't right access resource that i protected before.
When i login access manager with amdmin user, I can not find user that i has been created it in MySQL database. t
When the users are created through the dynamic profile, the default cn/sn are set to "default" , after creation you need to login to amconsole as amadmin and change/add proper values for these attributes.
Alternatively you can set the protected resource's policy subject to Authenticated users. This will work but not sure will meet your requirement
>
When i login access manager console with new user, it login successful, and view Profile of new user that I has been created.
Can you tell me How to manage new user that I has been new in MySQL by Access manager console ?
I want to configure access proteced resourse for that user. How to configure that ?
read above use the authenticated users subject
Thank for every help.
VinhND.

ASP login success by authorization

Similar Messages

Maybe you are looking for