Authentificaton - JDBC realm & Form Based in Jdeveloper 10.1.3 and OCJ4
Dear Partners:
Being new working with Jdeveloper 10.1.3 and embedded OC4J,
I'm migrating an application from Tomcat and trying to
setup authentication for my JSP pages: JDBC realm and Form Based.
I succeeded only adding the security constraint to
the application's server.xml file, and creating the
user and user's roles tables. Yet, I got lost
by using the Jdeveloper's menu option Tools->OC4J embedded
OC4J server preferences.
Any documentation or examples are appreciated.
Thank you.
Waheed - we aren't satisfied with our device coverage for mobile devices, hence we're focusing our efforts on Telnet/PDA and working with partners for ADF support for the broader class of mobile devices. Please send me an email or give me a call with any questions ([email protected], +1-408-687-8185).
-Indu
Similar Messages
-
Form based j_security_check with javax.servlet.Filter and some pesky images
We have defined the web app to use Form based authentication. Some of the images internal to our application we would like to allow access without having to formally log into the system. In order to accomodate this we have created an javax.servlet.Filter where we strip off some parameters off of the end of the url to log them in.
This works great for everything EXCEPT urls that are in <img src> tags. urls in these tags will never hit the filter. You can take the same url and place it in the browser and it will hit the filter. Its just urls in <img src> tags.
The images cannot be moved to a public place, they must stay where they are.
Does anyone know why the <img src> tag is doing this? It is fairly easy to replicate. Just use form based authentication, create a filter, and try to access an image from an img src tag.
Be sure to clear your browser cache and try again if you think you have it working.
Any security gods out there?
Thanks,
MarkSince nobody responded, I will tell you what we decided to do. For images, we use a servlet outside of the security wall that loads and streams an image back to the browser instead of a direct image url.
So we do something like this:
<img src="https:\\foo.com\Servlet\ImageDisplay?id=1234&user=23432">
Then our servlet parses the params, finds and streams back the image, and instead of returning back "html\text" in the servlet, the servlet returns something like this:
HttpServletResponse response = blah...
BufferedImage bi = new BufferedImage("load in the image resource");
try {
response.setContentType("image/gif");
ServletOutputStream out = response.getOutputStream();
JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(out);
encoder.encode(bi);
catch (IOException ioe) {
servlet.log("DrawMapAction: IO Exception encoding JPEG to ServletOutputStream.", ioe);
} -
Form based authentication getting logged in username and role
Hi
I have implemented a simple Form based authentication in my web site.
I have maintained tomcat-users.xml file for user names, passwords and roles.
Once my user is authenticated, I need to access his name and role in website.
How can this be done.
Please guide.
ThanksThe request object should contain the information, e.g. use request.getRemoteUser().
-
Form Based Authentication in Tomcat, getting login and password
Sorry for my English.
How I can guess login and password strings of an user, from error page (JSP)using "Form Based Authentication of Tomcat"?
I need know it to lock the count each 3 error tries (if login is ok but
password is bad, insteed).
Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
HttpServletRequest interface have this result: If no user has been
authenticated, returns null, false and null respectly. For this reason, they aren't utils for me.
If I don�t know login what user writed, I can't lock his/her count.
Exist solution for this? Thankshi i am also facing the same problem. could u please tell me how u overcame the situation ?
u will reallly pull me out of my troubles
thanx in advance
[email protected] -
Big problem :anything is accepted by form-based authentication on Jboss
Hi there
I'm new to form-based authentication. I've been stuck on this problem for one and a half day. I set up the form-based authentication(with JDBC realm) on JBoss 3.2/Tomcat 5.0. When I visit the protected area, it did ask me for password. But it accepts whatever I input and forwards the desired page, even when I input nothing and just click on submit, it allows me to go through. No error message at all. I am in desperate need for help.
Here is my configuration. The web.xml is like this
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>LoginTest</display-name>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Manager security role</description>
<role-name>manager</role-name>
</security-role>
</web-app>
I also add the following JDBC realm definition into the server.xml which is under jboss/server/default/deploy/jbossweb-tomcat50.sar
<Realm
className="org.apache.catalina.realm.JDBCRealm" debug="1"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://myipdadress:3306/field_bak"
connectionName="plankton"
connectionPassword="plankton"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"
/>
The JDBC realm is enclosed by the <engine> element. I checked the server log file, when the jboss server is started, it does load the mysql driver correctly and connect to mysql database fine. If I changed the IP of the mysql server to a non-existing one, then when I start jboss server, the server boot process will complain about connection to mysql faiure.
I guess maybe the server doesn't do the authentication by connecting to mysql and verify it when I submit the log in form. It seems the JDBC realm authentication is bypassed. I notice that even I get rid of the JDBC realm definition from the server.xml file, and test the web application. It behaves exactly the same way. It asks me for password but anything will go through even nothing.
Can anybody help me about this? I'm really stuck on this.
Thanks a lot!By the way, I did create database"field_bak" and the tables for the JDBC realm verification.
I also created the users and the roles.
But it seems like Tomcat container doesn't do the JDBC realm authentication. -
FORM Based Authentication and Browser Refreshing
We are using FORM Based Authentication in our web application and it works rather well. I have noticed an interesting bit of behavior that I am unable to explain. After an attempt is made to access the first protected resource the container will display the login page specified in the web.xml file. After successful authentication the original protected resource is displayed as expected. In the Address line of the browser however the original URI requested is now replaced with the following:
http://<domain>:<port>/<root>/j_security_check
Now, when we hit the refresh button on the browser we get the following error:
404 Not Found
Resource /<domain>/j_security_check not found on this server
Two questions. 1. why does it do this? and/or (more importantly) 2. How do I prevent this behavior or work around it?I�m trying to figure out how to pass the user�s ID
and password, using form-based authentication and
file realm, to our JDBC connection. Two separate issues.
I've usually seen it done where there are three tiers, of course. The user provides login credentials from the view tier, which are passed to the controller tier. The controller will validate the user against a database or LDAP. Once they're validated, the credentials are put into session and provided for all apps that need them, including the persistence tier.
The connection pool requires that you create connections using an application ID, not the user ID. You have to move the security out of the database and into the application.
% -
hi,Good evening ,this is my First post in sun.com.......
I am trying to provide Form authentication and authorization in my we application (facelets,glashfish).For this I create one sample database with tables user and grouptable and finally created JDBC realm in glassfish server Successfully.
so this authentication and auth with JSP pages I am success fully providing .But i want with .jsf(.xhtml).I am getting struggle in how to call j_security_check from .xhtml page.But this same method I am successfully calling from .jsp(action="j_security_check").so can u please help me how to call j_security_check from .xhtml. page And what is the configuration for displaying success.xhtml and fail.xhtml after click on submit button in login.xhtml
web.xml
<web-app>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.SKIN</param-name>
<param-value>DEFAULT</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<error-page>
<error-code>403</error-code>
<location>/accesdenaid.jsp</location>
</error-page>
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>/forward.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/pages/cpdownloader/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/pages/cprequester/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<!--<realm-name>default</realm-name>-->
<realm-name>enrollmentsrealm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>and login.xhtml
<ui:composition template="/templates/login_layout.xhtml">
<ui:define name="body">
<h:form id="loginForm1">
<table align="center" cellspacing="0" cellpadding="0">
<tr>
<td height="30px"></td>
</tr>
<tr align="center" >
<td align="center" colspan="2" class="pagetitle">Requester Login</td>
</tr>
<tr>
<td height="10px" ></td>
</tr>
<tr>
<td class="labelname">User Name *</td>
<td class="label"><h:inputText id="j_username" value="#{LoginBean.userName}"/>
</td>
</tr>
<tr>
<td class="labelname">Password </td>
<td class="label"><h:inputSecret id="j_password" value="#{LoginBean.password}"/></td>
</tr><br/>
<tr>
<td colspan="2" height="5px" ></td>
</tr>
<tr>
<td> </td>
<td class="buttonsalign">
<h:commandButton id="login1" value="Login" styleClass="buttonstyle" action="#{LoginBean.submit}"/>
</td>
</tr>
<tr>
<td colspan="2" height="25px" ></td>
</tr>
</table>
</h:form>
</ui:define>
</ui:composition>can u please help me where i did mistake
thanks in advanceI am also having problems trying to get an appclient authenticated.
Could someone post a working example app or provide a link to an example ? -
Help with exporting forms based data to Excel 2007
I have a user who is attempting to export forms based data to Microsoft Excel 2007 and when he attempts this he receives a message stating that Windows does not recognise this file type (tsv). I am not too familiar with Office 2007 so I am unable to direct this users as to how to correct this issue.
Is someone able to give me the navigation path to help me to assist this user? thanksDid you verify the file type from Windows Explorer?
1) Right click on My Computer > Explore
2) Go to Tools > Folder Options
3) Click on File Types tab
4) Check if TSV file is defined there or not. If it is not there, click on New and add the File Extension -
Form Based Authentication without login page
Hi,
i need to use form based authentication in a web page, but without a dedicated login page. So basicly every page will contain a login form in the upper right corner, so the user can login anytime in his browsing session directly from the page he's reading.
I am aware of that the form based authentication config needs a login and a error page.
I need some hints on how this could be implemented so that i dont need them directly. Im quite sure this is possible, if any of you has ideas please share them with me.
dukes are waiting ...sorry - double posted : http://forum.java.sun.com/thread.jspa?threadID=584579&tstart=0
-
JDBC realm of FORM authentication in Web AS 640
Hi, All,
We try to port a web application from Apache Tomcat to WebAS 6.40. In the application we use FORM authentication based on Tomcat JDBC Realm. The configuration in Tomcat server.xml is like:
<Context...>
<Resource name="jdbc/mydb" auth="Container" type="javax.sql.DataSource" username="..." password="..." driverClassName="..." url="..."/>
<Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/mydb" digest="MD5" userTable="users" userNameCol="userName" userCredCol="passwd" userRoleTable="roles" roleNameCol="roleType"/>
</Context>
In database there are 2 tables for authentication purpose: users and roles. There are column userName, passwd in table users and userName, roleType in table roles (correlated with column userName). Then in web.xml we define FORM authentication:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>...</realm-name>
<form-login-config>
<form-login-page>...</form-login-page>
<form-error-page>...</form-error-page>
</form-login-config>
</login-config>
Has anyone tried to port Tomcat JDBC realm mechanism of FORM authentication to WebAS 640? How do we need to configure J2EE server in Visual Administrator or deploy an application with DeployTool to implement the same features? And does WebAS support declarative MD5 digest algorithm in FORM Authentication?
Any help is highly appreciated.
Thanks in advance
Johnevnafets wrote:
The way it works is that you declare which pages in your application have got security around them in your web.xml. Whenever a user tries to navigate to one of those pages, they are presented with the login screen. If they login successfully, then they are taken to the page they originally requested.
You should never actually have a link to your login page - the container will serve it when required.Ok, but how do i stop them entering the URL of the login page?
i get this error after logging in correctly if i directly access the login page:
"HTTP Status 400 - Invalid direct reference to form login page"
i tried adding this constraint but it still happens:
<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<url-pattern>/staffLogin/login.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
>
One possible way around this would be to create a database view which is a union of the two tables, thus giving you one "table" to query for the username/password/role combinations. That should satisfy the realm requirement.
Cheers,
evnafetsThats a good idea, il give that a shot. Thanks. -
Using container managed form-based security in JSF
h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
</navigation-case>
</navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
public String button1_action() {
setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
return "loginproxy";
}h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry RandolphIf you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry -
Hi,
I'm using Oracle JDeveloper 9.0.3 with the embedded oc4j. I have configured for simple FORM based authentication by storing username/password in the principals.xml file.
I am presented with the login form correctly when I try to access a protected resource, but my username/password is always rejected (I'm redirected to the error page after trying to log-in). Can someone pls help??
The relevant portions of the contents of the deployment descriptor files that I'm using:
principals.xml
<principals>
<groups>
<group name="securegroup">
<description>secureusers</description>
</group>
</groups>
<users>
<user username="testuser" password="test">
<description>test user </description>
<group-membership group="securegroup" />
</user>
</users>
</principals>
web.xml
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-name>
</security-role>
</web-app>
orion-application.xml
<orion-application>
<security-role-mapping name="role1">
<group name="securegroup" />
</security-role-mapping>
</orion-application>
application.xml (stored in my D:\JDeveloper\jdev\MyProj\MyProject\WEB-INF\src\META-INF folder)
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
<application>
<security-role-mapping name="role1">
<group name="securegroup" />
</security-role-mapping>
</application>REPOST
<br><br>
Keywords: form-login, principals.xml, embedded OC4J, authentication
<p>
Please see http://forums.oracle.com/forums/message.jsp?id=1266989
<p>
The provided link does not work.<br><br>
In the application.xml of the OC4j config folder I have comemnted out the: <br> <jazn provider="XML" location="./jazn-data.xml"/>
and added my roles mappings from web.xml :<br>
<security-role-mapping name="OES_admin">
<group name="administrators"/>
</security-role-mapping>
<p>
plus in proncipals.xml have created an entry for my test user:<p>
<user username="testusr" password="test">
<description>Just me</description>
<group-membership group="users" />
<group-membership group="guests" />
<group-membership group="administrators" />
</user>
<p>
And still cannot run Form-authentication from inside jdeveloper .... authentication runs fine when the app is deployed to Tomcat5
<p>
Help Please, I'm using jdev 10.1.2.0
Message was edited by:
omar71 -
Im trying to add form based logon in my application and have been running into trouble with it. I get to my logon screen and when I enter the information I get the following error from GlassFish:
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /j_security_check POST)
[Web-Security] hasUserDataPermission isGranted: true
Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
Logging in user [Doug] into realm: Realm using JAAS module: jdbcRealm
Login module initialized: class com.sun.enterprise.security.auth.login.JDBCLoginModule
SEC1112: Cannot validate user [Doug] for JDBC realm, reason: com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'User'.
Cannot validate user
com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'User'.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(Unknown Source)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeQuery(Unknown Source)
at com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.isUserValid(JDBCRealm.java:324)
at com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.authenticate(JDBCRealm.java:299)
at com.sun.enterprise.security.auth.login.JDBCLoginModule.authenticate(JDBCLoginModule.java:72)
at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:295)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:170)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:123)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:479)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:253)
at org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:1011)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:622)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
JAAS authentication aborted.
SEC5046: Audit: Authentication refused for [Doug].
doPasswordLogin fails
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:295)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:170)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:123)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:479)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:253)
at org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:1011)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:622)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 35 more
Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /loginError.jsp GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /images/signon_error_box.jpg GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasResource isGranted: true
[Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /images/signon_error_box.jpg GET)
This is the code I put in web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Secured Area</web-resource-name>
<description/>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/loginError.jsp</location>
</error-page>I have login.jsp and loginError.jsp and login.jsp contains:
<form action="j_security_check" method="POST">
Username: <input type="text" name="j_username" value="" size="15" /><br/><br/>
Password: <input type="password" name="j_password" value="" size="15" /><br/><br/>
<input type="submit" value="Login" />
</form>I created a User table and a Roles table in my database using SQL
User
username varchar NOT NULL
userpass varchar NOT NULL
Roles
username varchar NOT NULL
rolename varchar NOT NULL
created my own Realm called MyReal and set the settings to match the database tables and their columns
the class name is set to: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS context: jdbcRealm
JNDI: Required: jdbc/AAADDD
User Table: User
User Name Column: username
Password Column: userpass
Group Table: Roles
Group Name Column: rolename
Assign Group:
Database User: AAADDD
Database Password: AAADDD
Digest Algorithm: md5
Thanks for the help in advanceIs there anyone who can help me with this?
-
Faces context not found (Form based authentication)
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/jsp/WorkingZone.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/Login/login.jsp</form-login-page>
<form-error-page>/Login/error.jsp</form-error-page>
</form-login-config>
</login-config>
when i tried to login with valid user the the url shows
http://localhost:8080/FormAuth/jsp/WorkingZone.jsp
how to append faces context automatically.
I am not finding for this faces context.
Plz suggest me a solution soon.
Thanks
Raghavendra PattarThe FacesContext is created by FacesServlet which is
definied in the web.xml with an url-pattern.
If you just follow the url-pattern of this
FacesServlet, usually /faces/ or *.faces, or *.jsf,
then the FacesContext will be created.Hi balu,
this is the web.xml that i am using
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.4" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<filter>
<filter-name>UploadFilter</filter-name>
<filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
<init-param>
<description>
The maximum allowed upload size in bytes. If this is set
to a negative value, there is no maximum. The default
value is 1000000.
</description>
<param-name>maxSize</param-name>
<param-value>1000000</param-value>
</init-param>
<init-param>
<description>
The size (in bytes) of an uploaded file which, if it is
exceeded, will cause the file to be written directly to
disk instead of stored in memory. Files smaller than or
equal to this size will be stored in memory. The default
value is 4096.
</description>
<param-name>sizeThreshold</param-name>
<param-value>4096</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UploadFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>ThemeServlet</servlet-name>
<servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ThemeServlet</servlet-name>
<url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file></welcome-file>
</welcome-file-list>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jspf</url-pattern>
<is-xml>true</is-xml>
</jsp-property-group>
</jsp-config>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Default a login configuration that uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/Login/login.jsp</form-login-page>
<form-error-page>/Login/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Define a logical role for this application, needs to be mapped to an actual role at deployment time -->
<security-role>
<role-name>manager</role-name>
</security-role>
</web-app>1)My requirement is Login page should be the first page
If enter the valid user and password
then i will get directory structure
when i click the secured JSF page inside secure
i got this URL
http://localhost/secure/WorkingZone.jsp
obiviously /faces is missing
and i am getting faces context not found.
If u need further clarification i will send u..
Plz reply me... -
Hi,
using Jdeveloper 10.1.3.3 ADF BC & JSF, I've implemented form based login like here: http://technology.amis.nl/blog/?p=1462
the problem is with logout. I have a commandLink and a method:
public void doLogout() throws IOException {
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext ectx = ctx.getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
try {
session.invalidate();
response.sendRedirect("../security/pages/login.jsp");
} catch (java.lang.IllegalStateException ex) {
System.out.println(ex.getMessage();
the thing that bothers me is when user logs out, he is redirected to the login page (session is invalidated ok), but when he enters credentials and tries to log in again he gets 404 Not Found message in browser, when I look in log there are no error messages. I've searched forum all over and everybody uses this way for logout so I don't know what could be wrong.
Please help,
thanks in advance,
Tomislav.found what was the problem. After session.invalidate() I have to redirect user to index.jspx, since session was invalidated it opens login page.
Maybe you are looking for
-
Error RSAR 245 - Can't activate Transfer Rules in BI 7.0
Hello SAP community! I'm working with BI 7.0 trying to create an Infosource for loading an InfoObject (Z version of 0MATERIAL but with less attributes) from a Flat File (CSV file). In my Datasource/Transf.Struct fields are of types CHAR, DATS, and NU
-
How to compile other java files and run them from my own programs?
I'm developing a unit testing tool for AspectJ, which can originally generate the stubs for aspect unit to be tested. All these stubs are java files. After generation of stubs, how can I program the code to compile this unit together with these stubs
-
I have add GLDATE in custom payment program how to do this which field is belongs to GLDATE can some one help me? How to get the xml file for the same Edited by: 958542 on Sep 26, 2012 6:21 AM
-
Hello, I'm using BerkelyDB 4.7.25 (via the BerkeleyDB Perl module) on a FreeBSD system in a forking daemon, with a shared cache environment. Could someone, looking at the output below, tell me whether these statistics are good for the cache? You'd th
-
Preparing to send file to costco
I am confused about a few things. 1. When do I use the export to jpg option and when do I use the print to jpg option? In the print module I have added the correct icc profile for the printer at costco at the location I will go to. If I export to j