Basic Javamail Authentication

Similar Messages

• Basic http authentication not working when consuming Web Service in BPEL.

  Hi,
  I am consuming an AXIS Web Service from BPEL 10.1.3. The Web Service uses basic http
  authentication so we need a way to get username and password into the http
  header. In the Oracle BPEL Process Manager Administrator's Guide 10g
  (10.1.3.1.0) section 1.3.4.1 HTTP Basic Authentication (10.1.2.0.2) is stated
  that this can be done using the properties httpUsername and httpPassword. I
  have set the 2 for the partner link in bpel.xml but username and password does
  not get in to the http header. Has anybody got an idea?
  Regards Pete

  I'm having the same sorts of problems with 10.1.3.1.0. I've got a deployed BPEL suitcase that's trying to hit a BASIC AUTH-secured web service running on a WebLogic 8.1 server. I've set up my partner link according to the documentation, and the BPEL console Descriptor tab even shows the parameters correctly:
  partnerLinkBindings      
  client      
       wsdlLocation      awardService.wsdl
  spsAwardSubmitPartnerLink      
       basicHeaders      credentials
       basicUsername      ko1
       basicPassword      xxxxx
       wsdlLocation      IAwardDraftServiceRef1.wsdl
  However, when I funnel the resultant call to the endpoint specified in IAwardDraftServiceRef1.wsdl, none of the fields I would expect show up in the HTTP header:
  POST /pd2WebServices/service/IAwardDraftService HTTP/1.1
  Host: vm-orcl-app-srv:4444
  Connection: Keep-Alive, TE
  TE: trailers, deflate, gzip, compress
  User-Agent: Oracle HTTPClient Version 10h
  SOAPAction: ""
  Accept-Encoding: gzip, x-gzip, compress, x-compress
  Content-type: text/xml; charset=UTF-8
  Content-length: 3800
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><IAwardDraftSubmitNew xmlns="http://www.caci.com/pd2/pub">
  <IAwardDraft>
  <accessController/>
  <agreementEndDate/>
  Is there some other configuration piece I'm missing?? I've tried the other variation using httpBasicHeaders, with the same results. I even noted that the "Oracle® BPEL Process Manager Administrator's Guide" says that "Starting with Oracle BPEL Process Manager release 10.1.3, all partner link properties are automatically propagated into the HTTP header." I've tried putting "extra" parms in the partner link bindings, but they don't show up either.
  What am I missing??
  Thanks,
  Mike

• Embedding basic http authentication credentials in JNLP file

  I want to embed basic http authentication credentials in the JNLP file.
  Basically, I want the jars to be behind basic http authentication in order to distribute the application only to authorized users (I understand this is not strong security, but it's fine for my purposes) who are all on Windows, and once the java app is initially installed, I never want to have to enter the http login credentials again.
  So I set up the http authentication and in the jnlp file I have:
  <jnlp
       spec="1.5*"
  codebase="http://username:[email protected]"
       href="program.jnlp">
  This doesn't seem to phase the JWS authenticator. So on the first launch from the desktop shortcut I put the credentials in manually and select "save this password in my password list". It seems like I'm in the clear as the next time I launch the application from a desktop shortcut I am not asked for any credentials, but every time the Windows machine is restarted, I get the JWS authenticator again...the password is no longer saved.
  Is there a way to embed the username/password in the JNLP file to get past the JWS authenticator without having to retype the username and password every time the machine is restarted? Or to permanently save the password in the JWS authenticator password list? Or any other way to set it up where once the application is initially installed, the http authentication credentials never have to be manually entered again?
  Thanks!

  Hi everybody,
  I manage to do almost all (I suppose), but I need last help.
  Through SM59 I created the HTTP Destination needed; then, I implemented the code given by SAP here:
  http://help.sap.com/saphelp_47x200/helpdata/en/2d/64d053e74911d6b2e400508b6b8a93/content.htm
  I ran the program, and it gives me the error: "Binder not found for soapAction = null.
  I suppose that I should give the link to the soapAction, but I don't know where in the code.
  Have you any idea?
  Thanks and Regards,
  Francesco

• Internationalizing Basic HTTP authentication browser dialog for UserID

  Is it possible to have multibyte user ID for Basic HTTP authentication? Based on RFC2617 user ID has to be *Text, which basically is ASCII. But I thought maybe someone has a workaround for this limitation. Our entire web app is internationalized, we use UTF-8 as encoding for JPS pages and request processing, and that all works fine, but there is one area where we use Basic HTTP authentication, and so far I was not able to find a way to internatianalize that. Once the resource is reqested, we process request in the servlet and if the user is not authenticated we send authentication challenge response to the browser. Response encoding is set to UTF-8. After user enters the credentials, I process those in the same servlet , again using UTF-8. Of course when I tried to input the japanese ( multibyte)userID, the authentication is failing. I think the browser is corrupting DBCS data once it Base64 encodes it... Does anyone have ideas whether it is possible to internationalize this at all?

  You'll probably need your own ServletFilter to process the authentication header, since servers will mostly decode headers in the locale encoding, regardless of any charset in the Content-type header of the request. Getting browsers to use UTF-8 encoding before base64 might be a bit tricky though.
  It is probably better to use form based login. The procedure for getting UTF-8 encoded form parameters is a well understood FAQ for this forum.

• Basic access authentication

  Hello,
  I'm trying to use a webview to display a web site using Basic access authentication.
  I've downloaded the samples.
  With SwingInterop_browser.jnlp a popup ask the username/password and everything is working fine
  With SwingInterop.jar i get an 401 - Unauthorized
  There is probably an arg to pass to the java -jar command...
  Any idea?
  Thanks in advance
  Edited by: 977177 on 16 déc. 2012 13:16

  We are further forward and have come up with the following approach. We are publishing the output to an an unprotected area. The basic authentication can then be applied to the Tomcat Server as required.
  Read the RoboColum(n).

• Basic HTTP Authentication

  Hi everyone,
  I'm trying to make a portal/gateway environment where a user can be automatically logged in other applications using Basic HTTP Authentication.
  To do this I have enabled the Basic HTTP Authentication in the psconsole (under Secure Remote Access > default > Core).
  I have also added a couple of LDAP attributes in the Portal LDAP: sunPortalGatewayWWWAuthorization.
  Are these the only two steps needed? Or am I forgetting something?
  Could someone tell me how the values in the sunPortalGatewayWWWAuthorization can be formed? I am currently using someone else's code, which used to work on a Portal Server 6 environment. I'm not sure if I understand well how those Basic Authentication values are formed.
  Thanks a lot!
  Sten

  Thank you Yvan, for your reply.
  I have looked at the Access Manager in the old environment, and did not see any SSO functionality being enabled.
  The old environment does not have a psconsole, so I was not able to check the settings over there.
  What bothers me, is that I do not know what kind of values should be stored in the sunPortalGatewayWWWAuthorization attribute. A basic http authentication string would look like this: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
  (This would be a Base64 encoding of Aladdin:open sesame).
  But in the Portal LDAP it seems that everything is encoded in Base64. As far as I understand the code is doing the following:
  - Make-up string: "+hostname+|Authorization: Basic +username+:+password+"
  - additionally, it looks like the whole string is being encrypted too, using a PBEWithMD5andDES algorithm
  Is this a requirement for the Gateway? Or is this for some kind of security reason? And is this correct?
  Thanks,
  Sten

• Safari 5.1 HTML5 HTTP basic access authentication issue video does not load

  I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
  Safari 5.0.5 plays the video fine.  Safari 5.1 fails to load/play the video in the protected folder.  If I move the video to a not protected folder, Safari 5.1 plays it fine.
  This is on iPage.  Back on MobileMe all is fine with 5.1.
  I think this is a HTTP basic access authentication issue with 5.1.
  Anyone have similar issue? Work around?

  Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.

• JAAS NTLoginModule for basic http authentication

  Hi all,
  Can someone point me to the right direction on this subject? I'd like to use JAAS' NTLoginModule to get a user's credentials, then use those credentials to authenticate the user into something that requires a basic http authentication... specifically, a domino web service. (I don't want the user to have to type in his/her password).
  First, is this even doable? and Second, what would I need to do to get this working?
  Thanks in advance.

  I am using IIS 6 with Windows Integrated Authentication which passes all HTTP requests to Tomcat 5.5 for processing via the ISAPI plug-in jk1.2 It does nothing else. Don't ask the obvious, I can't tell you. It just is.
  I have a new requirement for a new web application on our intranet. I would like to be able to identify my users without them typing anything in. How can I capture any part of the Window's user credential's from within my Java web application on Tomcat?
  I'm looking at HttpServletRequest.getRemoteUser() and HttpServletRequest.getUserPrincipals() and I'm thinking I can (minus establishing my own Tomcat realms, etc...).
  Any thoughts? Even if you don't know how, just tell me if you know this can be/is being done somewhere.

• Is it possible bypass basic file authentication in glassfish using default

  I have a glassfish application with basic authentication enabled and a single user setup in the file security realm wth a single group named 'internal'.
  My web.xml is setup with an auth-constraint limited to 'internal' role, my glassfish-web.xml maps the group 'internal' to the role 'internal'
  I have one cluster with an app ('api') running that is already accessed internally without the need for authentication.
  I am trying to set up a standalone instance with a seperate config (publicapi) that runs the same app but can only access functionality of the publicapi rather than the api
  My approach has been to add basic authentication to api with a default principal (internal) in its config. The principal is mapped to a user (internal) in the file security realm that has a single group in its list of 'internal'. My understanding was this would be able to bypass the basic authentication when using this config but it has not.
  This is my config within the api project: glassfish-web.xml
  <glassfish-web-app error-url="">
  <class-loader delegate="true"/>
  <jsp-config>
  <property name="keepgenerated" value="true">
  <description>Keep a copy of the generated servlet class' java code.</description>
  </property>
  </jsp-config>
  <security-role-mapping>
  <role-name>internal</role-name>
  <group-name>internal</group-name>
  <principal-name>internal</principal-name>
  </security-role-mapping>
  </glassfish-web-app>
  web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <security-constraint>
  <display-name>Limit non-internal principals</display-name>
  <web-resource-collection>
  <web-resource-name>Secure Application</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>internal</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Secure Area</realm-name>
  </login-config>
  <security-role>
  <description>Only accssible to internal roles</description>
  <role-name>internal</role-name>
  </security-role>
  </web-app>
  and sun-web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
  <sun-web-app error-url="">
  <security-role-mapping>
  <role-name>internal</role-name>
  <group-name>internal</group-name>
  <principal-name>internal</principal-name>
  </security-role-mapping>
  </sun-web-app>
  So is my understanding of being able to bypass the basic authentication using glssfish default principal flawed? Do default principals match to a user / group list that is added in the Glassfish control panel and therefore assocated with the same roles / groups? Any other info on how to correctly map the default principal to a security group and bypass authentication would be very useful. Thank you

  Haii
  your jsps or struts will not do that kind of client side jobs..u write a java script and do that.......
  regards
  Shanu

• Removal of Basic MII authentication screen

  MII 12.1.5.7
  NW EHP ce 7.1
  Currently, when you log into MII using a UME user, such as Administrator, you are presented with an authentication screen that allows you to type in the username and password. Since our client requires SSO enabled url, the user should never see the basic authentication screen. The issue here is if the user is not authenticated through ABAP or LDAP, it will reroute to the basic authentication screen. This is a security risk for my client. We need to remove or replace this screen. How can this be done?

  Hi,
  Maybe note 1538719 could be of help.
  Setting up SPNego with X.509 should allow direct access once the MII URL is typed.
  Regards,
  Srikishan

• OAM Basic LDAP Authentication

  I have configuered a policy domain with the defautl Basic Over LDAP authentication scheme. I
  Also create a "Role :Any one" on Authz expression and rule.
  I keep getting the Basic LDAP prompt even I enter right credentials. Did I miss anything? I haven't configured any redirect or success stuff? Do I need to?

  The steps tab are showing the correct order. Following is the default Basic over LDAP scheme:
  Name Basic Over LDAP
  Description This scheme is Basic over LDAP, using the built-in browser login mechanism
  Level 1
  Challenge Method Basic
  Challenge Parameter realm:LDAP User Name/Password
  SSL Required No
  Challenge Redirect
  Enabled Yes
  obMappingBase="dc=oimdemo,dc=org",obMappingFilter="(&(objectclass=User)(uid=%userid%))"
  obCredentialPassword="password"
  The log file says ""The HTTP Authorization header does not have the expected format for basic authentication. Format should be 'Basic [username]:[password]'
  IIS site directory security has anonymous access disabled and IWA enabled.

• Performing Basic HTTP Authentication on the iPhone

  Hi,
  I need to perform a HTTP Request with Basic Authentication on the iPhone. To perform the request I use the NSURLConnection and NSMutableURLRequest. The request basically works but I can't get the authentication working. Is there a "convenient" way to do HTTP authentication or do I have to do it by hand?
  Best regards,
  Michael

  Ok thanks - that explains it:
  From the Apple article: "
  Note: Touch ID cannot be used for purchases if Require Password in Settings > General > Restrictions is set to Immediately."
  Not sure why - but clearly intentional.

• BASIC web authentication against Oracle database?

  Hello,
  Here's what I want in a nutshell. When someone goes to one of my webpages
  under WLS 8.1, I want them to be presented with a BASIC authentication
  dialog. That part is configured between web.xml and weblogic.xml and I
  think I'm OK with doing that. But the part I don't have quite figured out
  is how to get do authentication against a table in an Oracle (or any other,
  for that matter) database.
  Can someone point me (or do you have) any examples that accomplish this?
  I'm sure I'm not the only one who's tried to do this. As far as I can
  tell, I need to create a custom Authenticator (and possibly a custom
  Asserter) and my implementation of those would do the search against the
  database. Correct?

  Hi
  You probably need to develop a custom login module. WLS uses JAAS so do some JAAS
  research the go to
  http://dev2dev.bea.com/products/wlserver/security.jsp
  then click
  http://dev2dev.bea.com/codelibrary/code/security_prov.jsp and get and customize
  the sample code.
  The example code does NOT show how to use form based authentication with your
  custom LoginModule, I'm still working on that, but I assume the WLS servlet container
  creates and appropriate CallbackHandler so you can access the supplied username
  and pw which you can then use to authenticate against your RDBMS
  I need to create a custom LoginModule for Blockade and am going down this track,
  still working on it.
  "KissFan 1973" <[email protected]> wrote:
  Hello,
  Here's what I want in a nutshell. When someone goes to one of my webpages
  under WLS 8.1, I want them to be presented with a BASIC authentication
  dialog. That part is configured between web.xml and weblogic.xml and
  I
  think I'm OK with doing that. But the part I don't have quite figured
  out
  is how to get do authentication against a table in an Oracle (or any
  other,
  for that matter) database.
  Can someone point me (or do you have) any examples that accomplish this?
  I'm sure I'm not the only one who's tried to do this. As far as I
  can
  tell, I need to create a custom Authenticator (and possibly a custom
  Asserter) and my implementation of those would do the search against
  the
  database. Correct?

• JavaMail Authentication (Newbie)

  Hi all,
  When specifying Javamail properties when obtaining a session, e.g:
  Properties p = new Properties();
  p.put("mail.store.protocol", "imap");
  Session.getInstance(p, null);... is it possible to specify a username and password in the properties object when the mail server requires authentication, e.g.
  Properties p = new Properties();
  p.put("mail.store.protocol", "imap");
  p.put("username", "my_username");
  p.put("password", "my_password");
  Session.getInstance(p, null);

  Hi all,
  When specifying Javamail properties when obtaining a session, e.g:
  Properties p = new Properties();
  p.put("mail.store.protocol", "imap");
  Session.getInstance(p, null);... is it possible to specify a username and password in the properties object when the mail server requires authentication, e.g.
  Properties p = new Properties();
  p.put("mail.store.protocol", "imap");
  p.put("username", "my_username");
  p.put("password", "my_password");
  Session.getInstance(p, null);

• Basic User Authentication

  I'm a Dreamweaver beginner, and am trying to create a user account creation page.  I've created the basic form and applied "User Authentication->Check New Username" (checking for username field in my database).  The problem I'm having is that while I was able to successfully create one account, all subsequent account creation attempts are unsuccessful and take me back to my "If already exists..." page.  This seems like a simple thing, and in fact, there're aren't too many options that I can try to get this working.  Yet I'm still stumped.
  Any ideas?

  Sorry for not including this initially.  Here's the full code module for my Sign Up page.
  <?php require_once('Connections/iband_db.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  // *** Redirect if username exists
  $MM_flag="MM_insert";
  if (isset($_POST[$MM_flag])) {
    $MM_dupKeyRedirect="taken.php";
    $loginUsername = $_POST['username'];
    $LoginRS__query = sprintf("SELECT id FROM user_profile WHERE id=%s", GetSQLValueString($loginUsername, "int"));
    mysql_select_db($database_iband_db, $iband_db);
    $LoginRS=mysql_query($LoginRS__query, $iband_db) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    //if there is a row in the database, the username was found - can not add the requested username
    if($loginFoundUser){
      $MM_qsChar = "?";
      //append the username to the redirect page
      if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
      $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
      header ("Location: $MM_dupKeyRedirect");
      exit;
  $editFormAction = $_SERVER['PHP_SELF'];
  if (isset($_SERVER['QUERY_STRING'])) {
    $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
  if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
    $insertSQL = sprintf("INSERT INTO user_profile (id, first_name, last_name, username, password, email_address) VALUES (%s, %s, %s, %s, %s, %s)",
                         GetSQLValueString($_POST['username'], "int"),
                         GetSQLValueString($_POST['first_name'], "text"),
                         GetSQLValueString($_POST['last_name'], "text"),
                         GetSQLValueString($_POST['username'], "text"),
                         GetSQLValueString($_POST['password'], "text"),
                         GetSQLValueString($_POST['email_address'], "text"));
    mysql_select_db($database_iband_db, $iband_db);
    $Result1 = mysql_query($insertSQL, $iband_db) or die(mysql_error());
    $insertGoTo = "index.php";
    if (isset($_SERVER['QUERY_STRING'])) {
      $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
      $insertGoTo .= $_SERVER['QUERY_STRING'];
    header(sprintf("Location: %s", $insertGoTo));
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Sign Up Page</title>
  </head>
  <body>
  <h1>Sign Up!</h1>
  <form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
    <p>
      <label>First Name:
        <input type="text" name="first_name" id="first_name" />
      </label>
  </p>
    <p>
      <label>Last Name:
        <input type="text" name="last_name" id="last_name" />
      </label>
    </p>
    <p>
      <label>Username:
        <input type="text" name="username" id="username" />
      </label>
    </p>
    <p>
      <label>Password:
        <input type="password" name="password" id="password" />
      </label>
    </p>
    <p>
      <label>Email:
        <input type="text" name="email_address" id="email_address" />
      </label>
    </p>
    <p>
      <label>
        <input type="submit" name="button" id="button" value="Sign Up" />
      </label>
    </p>
    <input type="hidden" name="MM_insert" value="form1" />
  </form>
  <p> </p>
  </body>
  </html>