DIGEST Authentication and using Cookies

Similar Messages

• Is it possible to bypass JAAS authentication and use Authorisation alone?

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J

  I have to implement jsp level security (by checking roles) for my JSF application.
  Authentications in my appln are done by a different servers. I don't want to disturb that.
  I have to implement authorisation alone using JAAS.
  Is it possible to bypass JAAS authentication and use Authorisation alone?
  I am using custom login module( implements DatabaseLoginModule) for authorisation.
  Moreover, after logging in, when a user tries to access a secured jsp page, he should NOT be redirected to login page again. Rather the role checks should be done using existing user credentials stored somewhere. How to invoke the custom DataBaseLoginModule without taking user to login screen?
  Any help would be great.
  Thanks,
  Adhil.J

• How to define and use cookies so that same login is used on all application

  Hi
  I have 3 apps in a single workspace and all of them SSO enabled
  However when I go from one apps to other, it ask for login again
  I have read in the forum that we can use cookies so that we use the single login on all apps within the same workspace
  But I'm not sure how to define and use cookies.Please assist

  See this presentation:
  http://www.sumneva.com/apex/f?p=15000:395:0::NO::P395_PRESENTATION_KEY:MANY_TO_ONE

• How to use create and use cookie in portalet by jsp

  I am developing web application using JSP (JPDK_1_4). portal version is portal30 3.0.7.6.2

  The following is a link regarding calling conventions and the LabView Call Library Function:
  http://digital.ni.com/public.nsf/3efedde4322fef19862567740067f3cc/58596f5d41ce8efb862562af0074e04c?OpenDocument
  Chris_Mitchell
  Product Development Engineer
  Certified LabVIEW Architect

• Digest Authentication with OC4J standalone

  Hi,
  I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
  I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
  Advance thanks for help

  could anyone please reply to this thread asap

• OWSM, Digest Passwords and Authentication Using Gateway or Agent

  I want to send username, and passwords in digest mode to a web service's agent or gateway and authenticate the user.
  In basic mode(plain text) I use extract credentials, WS-BASIC and use LDAP Authenticate as a further step.
  What should I do in Digest Mode?
  Regards
  Farbod

  Thank you Sitaraman,
  I know that I can send hashed password in the header of the request. But how can I tell the OWSM treat it as hash value?
  In the agent or gateway's policy I have:
  1. Extract Credentials -> WS-Basic (plain-text) ---> what should I put here?
  2. LDAP Authenticate -> How should I tell LDAP that this password is hashed?
  Just setting the TYPE property (PasswordDigest) isn't enough, is it?
  Regards
  Farbod

• LDAP Authenticator and Password Digest

  Hi All,
  I am implementing proxy services uisng OSB 11g . The security requirement is to enforce authentication using password digest. Users & passwords are stored in a central external LDAP server.
  OSB supports password digest in SOAP messages , but all the dcoumentation suggest enabling the password digest flag in Default Authenticator . When I configure the external LDAP server in security realm it does not provide any option to enable Password Digest.
  Is it possible to have passwordDigest based authentication agiant a external LDAP server ?
  If yes can some one please suggest how its done ?
  Thanks !

  Got the answer
  Out of the box Password Digest is only supported with DefaultAuthenticator . For PasswordDigest authentication with external LDAP , custom authenticators need to be developed and used.

• HTTP digest Authentication, using HttpURLConnection

  Hi,
  My requirement is simple, my stanalone applicaiton creates a XML request sends that to a web Application. Now to do this the Web application needs a HttpDigest Authentication. To do this wat we are doing is create a http url connection and get 401 response and then use that ot create the digest. to accomplish this the same urlConnection need to be used, else the new URL connection will send a new request. But in HttpUrlConnection there is a limitation that it can be used for only single request-response cycle.... can anybody suggest on this, wats the best practice to do HTTP digest authentication while communicating from a Stand alone application to a web application........................

  I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
  http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
  If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

• Unable to connect to Wi-Fi connection using WPA2 PSK authentication and encryption type TKIP

  I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
  My issue is copy/pasted below:
  Original Title: TKIP selection in WiFi network settings
  I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
  On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
  Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
  7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
  When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
  if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
  the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

  I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
  My issue is copy/pasted below:
  Original Title: TKIP selection in WiFi network settings
  I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
  On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
  Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
  7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
  When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
  if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
  the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

• Using cookies and JavaScript to create a page to page timer.

  I have long wanted to be able to measure the time it takes to get from one page to another.  While reading in my JavaScript reference the other day, I came across cookies.  I've long known about cookies but have never used them.  The thing that looked attractive was that you can access cookies from both JavaScript and CF.
  So I put together the procedures to store the "start time" (startTimeP8D) for the transition and activated it on the onUnload event of a 1stpage.  After a few rewrites I got it working.   Here is the JavaScript to do that: it consists of two functions: doTimer which is the input section and setCookie, which writes to the cookie.  Not the two numbered alert statements.
  doTimer - results for "start" from the doTimer function called from page 1 when it unloads. (See doTimer below)
       Please note that the two startTime8D values are the same immediately after they are stored.
  On the 2nd page in the sequence, I run the corresponding code to determine the "end time", compute the delta and write it out to the page.  It didn't all run on the first try, but it now seems to be running without a crash, which can be misleading.
        second set of outputs from page 2:    
       Please not that while the endTimeP8D match, the startTimeP8D value no longer matches the previously stored value. 
  There is one major hitch in the get along which has me stymied:  As you can see, when you compare the startTimeP8 in the setCookie – results above and the "startTimeP8" in the doTimer results below the startTimeP8 is not the value that I wrote to the cookie @ unload of page 1.  I have checked and checked and do now see anywhere that the startTimeP8D value is being overwritten.  Based upon my limited experience with JavaScript cookies, it seems to me that you get an entry for each time you set the cookie.  So I would expect to see to startTimeP8D entry for each setCookie event, not a different value.
       The result of the failed computation is shown on the bottom of the page.  As you can see, the Total Elapsed Time is negative, which is never a good sign.  The other time shown, Page build time, is the run time from the server.  The whole purpose is to be able to show folks that the reason the code might be show is because of their overloaded network and not our code.  We had one client whose had users running on 56k modems.  It was so slow their VPN software was timing out!!!  Still the had the never to blame us!!!
  I am using SQLServer 2005, CF8, IE8 on W7. 
  I'm not married to this way of doing this so if anyone has a better/easier way of doing a "page to page timer", I'm up for it.  I'd prefer to fix this one since I've been working on it for the past 3 days.
  Thanks in advcance for your help.
  Len, PHRED SE

  Here it is with no JQuery or console logging calls using cookie utility functions found here:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
         "http://www.w3.org/TR/html4/loose.dtd">
  <html>
  <head>
       <title>Test JavaScript Page Load Timer</title>
       <script>
            window.onload = function(){
                 var previousPageUnload = getCookie('unloadTime');
                 if(previousPageUnload){
                      var d = new Date();
                      var loadTime = d.getTime() - previousPageUnload;
                      alert(loadTime + 'ms');
            window.onunload = function(){
                 var d = new Date();
                   setCookie('unloadTime',d.getTime());
            function setCookie(c_name,value,expiredays) {
                 var exdate=new Date();
                 exdate.setDate(exdate.getDate()+expiredays);
                 document.cookie=c_name+ "=" + escape(value) + ((expiredays==null) ? "" : ";expires="+exdate.toUTCString());
            function getCookie(c_name) {
                 if (document.cookie.length>0) {
                   c_start=document.cookie.indexOf(c_name + "=");
                   if (c_start!=-1)
                     c_start=c_start + c_name.length+1;
                     c_end=document.cookie.indexOf(";",c_start);
                     if (c_end==-1) c_end=document.cookie.length;
                     return unescape(document.cookie.substring(c_start,c_end));
                 return null;
       </script>
  </head>
  <body>
       <h1>Test JavaScript Page Load Timer</h1>
  </body>
  </html>
  Note that overwriting global window events like this is not a good idea, which is why I used JQuery in my earlier example. I strongly suggest you look at JQuery or one of the other JS libraries (YUI, etc.) to help with event handling. I'll leave it at that as this is getting into JavaScript development, not really on topic for a ColdFusion forum.

• Please help me-it's urgent,maintaining session and security using cookies.

  hi folks,
  i presently developing a web site for an engineering colleege ,i am facing prob in maintaining the session using cookies,and destroying a cookie and keeping security to the user,There are four links on my webpage ,including a logout link,when i click the other links other than the logout,it works perfectly,and when i click the logout link,i am not able to disable the cookie and still able to visit previous pages by clicking the back button.please give a suggestion as such to disable the cokie and maintain the security for my web site.
  Thank u....

  Try out this login if it helps you.
  Create a bean that stores some String value. Then make a object of this bean using the useBean tag with session scope when a user logs in. Store the name of the user in the bean and also set the same name value in the Session object. Then on every JSP page compare the value set in the session object with the bean variable (which will be having a session scope). If the value match, then the JSP page output must be displayed to the user. Then on the logout link, invalidate the session object using the invalidate() method of the session class. As a result now when you will try to navigate back to the old JSP page, null will be returned to you when you will try to retrive the name value from the session object. And since this null will not match with the value in the bean, you should not proceed further with generating the output. Hope this help
  Nirav ([email protected])

• Preserving link and default state using cookies

  Hello,
  I am not sure where to post this with the re-design of this forum; it's been a while so please forgive me if this is in the wrong g place.
  I have a very basic link wrapped in a UL tag.
  I am using JQuery to give the links a color when they are clicked by performing an add/remove class function, the link state is than preserved by cookies so if a user returns to a page; it shows what tab they were viewing.
  The problem is; this is a single page and I want to set a default link or tab; say the first one. I do not know how to do this.
  This is what I am looking to accomplished:
  A user visits the page and the first link is colored red (default)
  If the user clicks on another link that link becomes active and the first link looses it's default status
  When the user returns the first link is nolonger the default, it is whatever link the user selected when first visited; that's because that link was rememberd using cookies.
  The first link will ONLY maintain the default state if the user deletes his cookies or visits the page for the first time.
  Here is a peice of JQuery I have used to maintain the selected state:
  $(document).ready(function() {
      var idActive = $.cookie('cookieActive');
      if (idActive) {
          $('#'+idActive).addClass('activeLink');
      $('ul li a').click(function() {
          var id = $(this).attr('id');
          $("ul li a").removeClass("activeLink");
          $(this).addClass("activeLink");
          $.cookie('cookieActive', id);
          $.cookie('cookieActive', id, { expires: 10000});

  Good day Mr. Powers!!
  Thank you as always; you are so helpful.
  I am editing this post because I did not get this to work due to my error with applying the ID.
  It is working now and thank you so much!
  By the way any more PHP books in the works?
  DR
  Code is now working with selecting default tab.

• If user disable cookie how to set and use session with URL Rewritting

  if user disable cookie how to set and use session with URL Rewritting by append session ID in url

  If cookies are disabled, then app server will automatically try to use URL rewriting for session control. Programmer's responsibility is to encode any links or redirects using
  response.encodeURL("/yourPage.jsp")
  and
  response.encodeRedirectURL("/yourPage.jsp")
  See API for details
  http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String))

• Windows Authentication by using HTMLDB and Active directorty (AD)

  Is it possible to write an application by using HTMLDB to use windows authentication by using Active Directory (AD) ?
  Thanks!

  Hi Tanya,
  The IS_MEMBER routine won't necessarily work with AD since it actually checks for the sort of user/group relationship that is stored in OID (AD can store the relationship in a different way).
  To check group membership you will need to write your own code which checks the group and/or user to determine whether they are in a specific group or not. I believe there are already some examples of that code in this forum, if you search for 'group and ldap' you should be able to find some examples.
  If not, then post back and I'll try and dig something out.

• How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?

  Hi,
  How do I know WinRM uses Kerberos for authentication, and does not fall-back to NTLM?
  /SaiTech

  Hi SaiTech,
  Kerberos will be selected by default in an AD domain, The default (assuming the client is in a domain, and is not connecting to itself via 127.0.0.1 or ::1 addresses) is to use Kerberos authentication, and not to fall back to NTLM.
  Please also Note that you may have to take some other steps as well to get non-Kerberos authentication working.  Specifically, you'd have to set up an HTTPS listener on the remote host, or modify the client's TrustedHosts list.
  Refer to:
  WINRM kerberos & Negotiate
  Authentication for Remote Connections
  In addition, you can also use Network Monitor to check the authentication method.
  If there is anything else regarding this issue, please feel free to post back.
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]