Form Authentication Servlet and MD5
Dear forum,
I have the following servlet to authenticate a user via form. If you go to the root url you get the login html and the authentication works fine but if the user knows the url of a specific html just by typing the url gives access to the page without going through the authentication. The website is composed of htmls and servlets. How can I force the authentication for the htmls and the servlets. I included at the bottom how I added the Login servlet to the web.xml. I suspect that the servlet definition in the web.xml is the problem.
Also I would like to use MD5 encryption, would someone suggest how this can be accomplished.
Thanks.
This is the code:
import java.io.*;
import java.util.*;
import javax.servlet.http.*;
import javax.servlet.*;
import java.sql.*;
import javax.sql.*;
public class LoginServlet extends HttpServlet {
public void doPost (
HttpServletRequest request,
HttpServletResponse response
) throws ServletException, IOException
String item = request.getParameter("account");
doGet(request,response);
public void doGet (
HttpServletRequest request,
HttpServletResponse response
) throws ServletException, IOException
HttpSession session = request.getSession(true);
PrintWriter out = response.getWriter();
try {
String driverName="sun.jdbc.odbc.JdbcOdbcDriver";
String dbUrl="jdbc:odbc:Virtual_Library_DB";
Class.forName(driverName);
Connection db =DriverManager.getConnection(dbUrl,"","");
if ((session.getAttribute("user") == null) || (!session.getAttribute("ip").equals(request.getRemoteAddr()))){
PreparedStatement pStmt = db.prepareStatement("SELECT * FROM Login WHERE Login.account =? AND Login.password=? ");
pStmt.setString(1, request.getParameter("account"));
pStmt.setString(2, request.getParameter("password"));
pStmt.setString(3, request.getParameter("level"));
ResultSet rs = pStmt.executeQuery();
System.out.println("hello");
if(!rs.next()){
System.out.println("Account is not valid.");
request.setAttribute("msg", "Account is not valid.");
RequestDispatcher rd = request.getRequestDispatcher("LoginInvalid.html");
rd.forward(request, response);
else do {
int id = rs.getInt(1);
String account = rs.getString(2);
session.setAttribute("user", new Integer(id));
session.setAttribute("account", account);
session.setAttribute("ip", request.getRemoteAddr());
System.out.println("User " + session.getAttribute("user") +" has logged on.");
request.setAttribute("msg", "User has logged on.");
RequestDispatcher rd = request.getRequestDispatcher("index.html");
rd.forward(request, response);
} while(rs.next());
rs.close();
else {
System.out.println("User has already logged on.");
request.setAttribute("msg", "User has already logged on.");
RequestDispatcher rd = request.getRequestDispatcher("index.html");
rd.forward(request, response);
db.close();
catch(Exception exp){
System.out.println("Exception: "+ exp);
out.close();
web.xml
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>
Check the session in the servlets that are allowed only for logged-in users.
public class ServletUtils
public static boolean checkLogin(HttpServletRequest request, HttpServletResponse response)
HttpSession session = request.getSession(false); // false = don't create a new session if not logged in
if (session != null)
return true;
Logging.log("tried to access page without login, redirecting to login");
...redirect to login.html...
return false;
// At the start of your doGet()'s:
if (!checkLogin(request, response))
return;Do you really need static documents to be authenticated? dot.gif's and all? Someone can make a zip file of them anyway and post it to their own web site or Kazaa.
If you have a couple of html pages you want authenticated, easiest is to write them as servlets (+ maybe JSP's) and do the login check there.
Ok, let's say you have ...what, an "image database" (heh) that you want available to logged-in users only. Write a servlet that serves those pages. That servlet checks the session, and then copies the appropriate file to the user (remember to set content type; consider caching the files if hit rate is very high.) The servlet would be called like /images/show?id=gerbilsex/closeup.gif to fetch the named file. Put the files outside the web server's document directory so they are not accessible except through the servlet. Perform strict checks on the file name to disallow nastiness like id=../../../etc/passwd. A similar database solution is also possible. Another variant is to map a servlet to a "virtual directory name" and get the actual file name from the URL path -- similar to the ?id= solution, except the URLs don't have parameters.
About md5: md5 isn't an encryption algorithm, it is a hash algorithm (aka "message digest" or "fingerprint"). It can't be decrypted. What do you really want to accomplish - encryption or hashing?
Similar Messages
-
Weblogic/forms 11g servlet and webforms app menu error
Help!
I have OWLS 11gR1 (10.3.3) and FWM, FormsReports (11.1.1.3) installed on Windows 2008-64bit.
I also have OWLS 11gR1 (10.3.3) and FWM, FormsReports (11.1.1.3) installed on Windows XP (32-bit).
I've compiled my app in each environment, respectively, and I'm getting different results: FRM-41068 on 64bit; No errors on 32bit.
Here's the scenario:
I have a custom menu with parent and menu items built from the database (cursor fetches in menu start up code and placed using set_menu_item_property built-in). Based on the user's privs, the menu is built dynamically.
After I log into my 64bit version, I immediately get error "FRM-41068: Error in Set_Menu_Item_Property."
Once I "OK" my way through the messages, my form is displayed with the attached menu, however, my menu placeholders display "<New Item>", as though the cursors failed on the fetch to the database and did not return my menu item names. If I click on one of the "<New Item>" menu items, I again "OK" my way through the messages... just as mentioned above.
I don't have this problem in my 32bit XP environment (This also was not an issue with 10g AS (10.1.2.3, 32bit)).
Also, to add, when I turn on session tracing for the session getting the FRM-41068, the errors go away, the forms and menus load correctly.
Is there a Weblogic setting I'm missing somewhere (forms/ohs1/webcache)?
[Forms 11g - Windows 2008 64bit - FRM-41068 - Menu Issues]
Thanks for your help!Why wouldn't you post in the proper forum, i.e the Forms forum
-
UNIX: problem running an DEV & QA environment using form/report servlets
UNIX: problem running an DEV & QA environment using form/report servlets
I am trying to setup on one server an DEV and QA environment using the Forms Servlet, Forms Listener Servlet and Report Servlet.
I think I have the Forms Servlet and Forms Listener Servlet running properly. The problem is setting up the DEV and QA environment for running reports.
For example, when in DEV environment I would like to run a report from a directory specified in the REPORTS60_PATH. This doesn't seem possible.
It might be easier if I describe my configuration first:
DEV: run all forms and reports from the directory /data/release/dev
QA: run all forms and reports from the directory /data/release/qa
---DEV & QA Settings Forms Listener Servlet:
zone.properties:
# DEV
servlet.fl60dev.code=oracle.forms.servlet.ListenerServlet
servlet.fl60dev.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/dev.env
# QA
servlet.fl60qa.code=oracle.forms.servlet.ListenerServlet
servlet.fl60qa.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/qa.env
---DEV & QA Settings Forms Servlet:
servlet.f60servlet.code=oracle.forms.servlet.FormsServlet
--- Settings for Reports Servlet:
servlet.RWServlet.code=oracle.reports.rwcgi.RWServlet
Custom Env files since we are using Developer 6i Patch 7
dev.env and qa.env
Here I specify FORMS60_PATH and REPORTS60_PATH,
eg: DEV -> FORMS60_PATH=/data/release/dev
REPORTS60_PATH=/data/release/dev
likewise for QA ../qa
In the formsweb.cfg file i have something like:
[dev]
serverURL=/servlet/fl60dev
form=test.fmx
[qa]
serverURL=/servlet/fl60dev
form=test2.fmx
I have tested the following and they work without problems:
1. forms listener test page, eg: http://webserver:7777/servlet/fl60dev
2. running forms from the 2 environments
eg: http://webserver:7777/servlet/f60servlet?config=dev
this runs the form in the FORMS60_PATH (/data/release/dev)
Now my problems start with Reports.
When I run a report from forms (using run_report_object) it will not run any reports
as specified in the REPORTS60_PATH
Even using this url:
http://webserver:7777/servlet/RWServlet?server=rep60&report=test.rdf&destype=cache&desformat=html&
userid=scott/tiger@test9i
It NEVER seems to pickup and use the REPORTS60_PATH. I have tried nearly everything.
I have gone throught the instructions in "Integrating Oracle9iAS Reports in Oracle9iAS Forms -
White Paper"
(http://otn.oracle.com/products/forms/pdf/277282.pdf)
and Forms6i Patch 7: Oracle Forms Listner Servlet for Deployment of FOrms on the Internet
(http://otn.oracle.com/products/forms/pdf/p7listenerservlet.pdf)
plus any other documents in metalink relating to forms, or report servlets. I am
totally confused, please help.
I have tried setting the REPORTS60_PATH in the following files without success:
custom.env (as specified by initArgs=EnvFile in zone.properties)
jserv.properties
in the zone.properties I have tried to set a custom env file for the report servlet:
servlet.RWServlet.code=oracle.reports.rwcgi.RWServlet
servlet.RWServlet.initArgs=EnvFile=/u01/app/oracle/product/ias/6iserver/forms60/server/dev_rep.env
NO LUCK.
The only place that I can set the REPORTS60_PATH
is in "[6iserver home]/reports60_server" file when I start the reports server (did I even
get this right - I do have to have a reports server running don't I?)
Does this meaan I have to run multiple report servers for each of my environments?
Based on all the documentation I thought that REPORTS60_PATH as specified in the files relating
to the forms servlet would be the place to specify the path.
As you will understand I am getting really fustrated with this and it seems to
me that the reports servlet configuration in 6i is really half baked and since 9i
is coming out it will never be fixed.I am even not able to run forms servlets from two different forms60_path, Is there any configuration do you make other than what you have mentioned in this post.
I already open a TAR in this regard, I am still waiting reply from ORACLE.
Thanks,
Shaik Ather Ahmed -
User Authentication using Servlet and JSp
Hi,
I am developing a web app where i need to implement user Authentication to allow members to view and upload files on a certain directory say /data
For this i am using a servlet as a controller which then forwads request to other jsps/servlets based on user response. I tried using servlet mapping in web.xml so that all browser requests would be directed to controller servlet and would branch from there on. However the problem all RequestDispatcher.forward() requests redirected to the servlet putting it in a loop.
Is there another way to achieve this. (Apart from using form-based Basic Authentication).
I am using Resin 1.2.8 servlet/jsp container.
Any response as soon as possible would be appreciated.
Thanks,
KushagraRequestDispatcher.forward() cause the HTTP request to be sent through the request processing flow as if the original request for the resource being forwarded to.
It seems the servlet mapping you are talking about in web.xml should be made more specific. i.e. the mapping should be such that only your so called controller servlet will match up.
You might want to specify the mapping for the controller servlet to be noticeably/effectively different from the mapping for other servlets and JSPs. -
Hi,
We have to get all the claims providers associated with a web application and its identity claim encoding type using API.
For example:
If the identity claim of windows authentication is user name and the user name is a string, then we should get
"i:0#.w".
If the identity claim of forms authentication is
email and the provider name is "fba" , then we should get "i:0!.f|fba|".
The below link shows us to get all claims providers associated with a web application, but how do we get the identity claim encoding type of each provider?
http://msdn.microsoft.com/en-us/library/gg650432(v=office.14).aspx#SP_WCP_Tip3
using (SPSite theSite = new SPSite("http://someContosoUrl"))
// Get the web application.
SPWebApplication wa = theSite.WebApplication;
// Get the zone for the site.
SPUrlZone theZone = theSite.Zone;
// Get the settings that are associated with the zone.
SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
// Get the list of authentication providers that are associated with the zone.
foreach (SPAuthenticationProvider prov in
theSettings.ClaimsAuthenticationProviders)
{ // Need to get the identity claims encoding type using the SPAuthenticationProvider
Is windows authentication's identity claim encoding type always i.0#.w or the identity claim is always the user name?
Thanks & Regards,
Kalai.If the requirement is to be able to convert claim identities to windows identities that can be used with other LOB/legacy application that still relies on NTLM/Windows Auth, then I would recommend to explore C2WTS.
Here are some references:
http://msdn.microsoft.com/en-us/library/office/ee539739(v=office.14).aspx
http://blah.winsmarts.com/2013-11-Use_C2WTS_to_get_a_classic_windows_identity_from_a_claims_identity.aspx
http://henrymcclain.blogspot.in/2013/05/claims-to-windows-token-service-c2wts.html
http://blogs.msdn.com/b/rodneyviana/archive/2011/02/20/claims-to-windows-token-service-c2wts-may-not-start-automatically-when-you-reboot-your-server-don-t-blame-sharepoint-for-that.aspx
http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
Thanks!
These postings are provided "AS IS" with no warranties, and confers no rights. -
Simple authentication and authorization with a servlet and a filter
Could somebody point me to code example that do simple authentication/authorization using one servlet and one filter? (without Spring, Struts, JSF or any framework)
I’m having a lot of problems with that, apparently, easy task.
These are the rules:
- A simple login page
- Two roles (admin, registered).
- If the user loged is an admin, redirect to his entry page (private/admin/index.jsp).
- If the user loged is of role registered, redirect him to his entry page (private/registered/index.jsp).
- If it’s not a valid user, redirect again to login page.
- Admin’s users cannot go to private/registered/ area.
- Registered users cannot go to private/admin/ area.
- Non authenticated user cannot go to private/ area
Thanks a lot in advance!
Edited by: JLuis on 25-ago-2010 15:27AccessControl.java:
package com.tlsformacion.security;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.tlsformacion.utils.Log;
public final class AccessControl extends HttpServlet {
private static final long serialVersionUID = 5741058615983779764L;
private static final String USERNAME_ATTR = "username";
private static final String PWD_ATTR = "password";
private static final String LOGIN_PAGE_ATTR = "login_page";
private static final String ROL_ATTR = "role";
private boolean isAuthentic = false;
private String role = null;
private String loginPage = null;
public AccessControl() {
super();
public void init(ServletConfig config) throws ServletException {
loginPage = config.getInitParameter(LOGIN_PAGE_ATTR);
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doGet");
doAccessControl(request, response);
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doPost");
doAccessControl(request, response);
private void doAccessControl (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAccessControl");
doAuthentication(request, response);
if (isAuthentic) { //Authentic user
doAuthorization(request, response);
} else { //User NOT authentic
doRejection(request, response);
private void doAuthentication(HttpServletRequest request, HttpServletResponse response) {
debug("Inside doAuthentication");
String requestedURI = request.getRequestURI();
if (requestedURI.contains("/AccessControl")) { //Comes from login page
debug("Comes from login page");
String username = request.getParameter(USERNAME_ATTR);
String pwd = request.getParameter(PWD_ATTR);
role = getRole(username, pwd);
if (role != null) {
isAuthentic = true;
request.getSession().setAttribute(ROL_ATTR, role);
} else { //Doesn't comes from login page
debug("Doesn't comes from login page");
if (isInSession(request)) {
debug("Rol is in session");
isAuthentic = true;
} else {
debug("Rol is NOT in session");
private void doAuthorization(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside doAuthorization");
String requestedURI = request.getRequestURI();
debug("requestedURI: " + requestedURI);
if (requestedURI.contains("/AccessControl")) { //Comes from login page
goHomePage(request, response);
} else if (requestedURI.contains("/private/" + role)) { //Trying to access his private area
goRequestedPage(request, response);
} else { //Trying to access other roles private area
goLoginPage(request, response);
private void doRejection(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRejection");
role = null;
goLoginPage(request, response);
private void goHomePage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goHomePage");
String homePage = "private/" + role + "/index.jsp";
goPage(request, response, homePage);
private void goLoginPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goLoginPage");
goPage(request, response, loginPage);
private void goRequestedPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
debug("Inside goRequestedPage");
String contextPath = request.getContextPath();
debug("contextPath: " + contextPath);
String requestedPage = request.getRequestURI().replace(contextPath + "/", "");
goPage(request, response, requestedPage);
private void goPage(HttpServletRequest request, HttpServletResponse response, String page) throws IOException, ServletException {
debug("Inside goPage ...trying to go to: " + page);
//Option A
response.sendRedirect(page);
//Option B
//RequestDispatcher requestDispatcher = request.getRequestDispatcher(page);
//requestDispatcher.forward(request, response);
private boolean isInSession(HttpServletRequest httpRequest) {
boolean inSession = false;
role = (String)httpRequest.getSession().getAttribute(ROL_ATTR);
if (role != null && !role.equals("")) {
inSession = true;
return inSession;
//PENDIENTE: mock method!
private String getRole(String username, String pwd) {
String role = null;
if (username.equals("admin") && pwd.equals("admin")) {
role = "administrator";
} else if (username.equals("regis") && pwd.equals("regis")) {
role = "registered";
return role;
private void debug(String msg) {
Log.debug(msg);
}Proyect Folder Structure:
WebContent
login.html
private
administrator
index.jsp
registered
index.jspBasically, the problem is that if you try to log as admin/admin (for example) the servlet AccessControl executes infinitely
Edited by: JLuis on 26-ago-2010 8:04 -
OC4J and Forms Listener Servlet
We are currently using Apache/JServ to deploy our Forms applications with the Forms Listener Servlet. Can we use the OC4J servlet container to deploy them and stop using JServ or must we keep the 2 containers (JServ and OC4J) in parallel ?
Oracle9iDS includes a copy of OC4J so you can develop and test your Web applications on your own machine without the need to install the full Oracle9iAS.
However when you finished developing and you want to deploy your application, you'll do this on an Oracle9iAS installation on a separate server since this is the scalable supported way. (and also the correct way in terms of licensing). -
Webservices and forms authentication
Hello,
we have a jsf web application that uses forms authentication (using ProgrammaticLogin).
Now we want to provide some webservices that need authentication too, because only registered users hould be able to use the webservices.
Is there a way, that the webservices use the same authentication system as the webapp.
Or should we split it into different applications?
Thanks
Dirk
Edited by: Freak.2k on Mar 1, 2009 11:35 PMYou need to make different mechanism for authentication in web services as they are supposed to be consumed by another application not by a human being.
-
JDBC realm of FORM authentication in Web AS 640
Hi, All,
We try to port a web application from Apache Tomcat to WebAS 6.40. In the application we use FORM authentication based on Tomcat JDBC Realm. The configuration in Tomcat server.xml is like:
<Context...>
<Resource name="jdbc/mydb" auth="Container" type="javax.sql.DataSource" username="..." password="..." driverClassName="..." url="..."/>
<Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/mydb" digest="MD5" userTable="users" userNameCol="userName" userCredCol="passwd" userRoleTable="roles" roleNameCol="roleType"/>
</Context>
In database there are 2 tables for authentication purpose: users and roles. There are column userName, passwd in table users and userName, roleType in table roles (correlated with column userName). Then in web.xml we define FORM authentication:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>...</realm-name>
<form-login-config>
<form-login-page>...</form-login-page>
<form-error-page>...</form-error-page>
</form-login-config>
</login-config>
Has anyone tried to port Tomcat JDBC realm mechanism of FORM authentication to WebAS 640? How do we need to configure J2EE server in Visual Administrator or deploy an application with DeployTool to implement the same features? And does WebAS support declarative MD5 digest algorithm in FORM Authentication?
Any help is highly appreciated.
Thanks in advance
Johnevnafets wrote:
The way it works is that you declare which pages in your application have got security around them in your web.xml. Whenever a user tries to navigate to one of those pages, they are presented with the login screen. If they login successfully, then they are taken to the page they originally requested.
You should never actually have a link to your login page - the container will serve it when required.Ok, but how do i stop them entering the URL of the login page?
i get this error after logging in correctly if i directly access the login page:
"HTTP Status 400 - Invalid direct reference to form login page"
i tried adding this constraint but it still happens:
<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<url-pattern>/staffLogin/login.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
>
One possible way around this would be to create a database view which is a union of the two tables, thus giving you one "table" to query for the username/password/role combinations. That should satisfy the realm requirement.
Cheers,
evnafetsThats a good idea, il give that a shot. Thanks. -
I want to send a response from the servlet and then call another servlet.
Hi,
I want to send a response from the servlet and then call another servlet. can this happen. Here is my scenario.
1. Capture all the information from a form including an Email address and submit it to a servlet.
2. Now send a message to the browser that the request will be processed and mailed.
3. Now execute the request and give a mail to the mentioned Email.
Can this be done in any way even by calling another servlet from within a servlet or any other way.
Can any one Please help me out.
Thanks,
RameshMaybe that will help you (This is registration sample):
1.You have Registration.html;
2.You have Registration servlet;
3.You have CheckUser servlet;
4.And last you have Dispatcher between all.
See the code:
Registration.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Hello registration</TITLE>
</HEAD>
<BODY>
<H1>Entry</H1>
<FORM ACTION="helloservlet" METHOD="POST">
<LEFT>
User: <INPUT TYPE="TEXT" NAME="login" SIZE=10><BR>
Password: <INPUT TYPE="PASSWORD" NAME="password" SIZE=10><BR>
<P>
<TABLE CELLSPACING=1>
<TR>
<TH><SMALL>
<INPUT TYPE="SUBMIT" NAME="logon" VALUE="Entry">
</SMALL>
<TH><SMALL>
<INPUT TYPE="SUBMIT" NAME="registration" VALUE="Registration">
</SMALL>
</TABLE>
</LEFT>
</FORM>
<BR>
</BODY>
</HTML>
Dispatcher.java
package mybeans;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Dispatcher extends HttpServlet {
protected void forward(String address, HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
RequestDispatcher dispatcher = getServletContext().
getRequestDispatcher(address);
dispatcher.forward(request, response);
Registration.java
package mybeans;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Registration extends Dispatcher {
public String getServletInfo() {
return "Registration servlet";
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
ServletContext ctx = getServletContext();
if(request.getParameter("logon") != null) {
this.forward("/CheckUser", request, response);
else if (request.getParameter("registration") != null) {
this.forward("/registration.html", request, response);
CheckUser.java
package mybeans;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
public class CheckUser extends Dispatcher {
Connection conn;
Statement stat;
ResultSet rs;
String cur_UserName;
public static String cur_UserSurname;;
String cur_UserOtchestvo;
public String getServletInfo() {
return "Registration servlet";
public void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try{
ServletContext ctx = getServletContext();
Class.forName("oracle.jdbc.driver.OracleDriver");
conn = DriverManager.getConnection("jdbc:oracle:oci:@eugenz","SYSTEM", "manager");
stat = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_UPDATABLE);
String queryDB = "SELECT ID, Login, Password FROM TLogon WHERE Login = ? AND Password = ?";
PreparedStatement ps = conn.prepareStatement(queryDB);
User user = new User();
user.setLogin(request.getParameter("login"));
String cur_Login = user.getLogin();
ps.setString(1, cur_Login);
user.setPassword(request.getParameter("password"));
String cur_Password = user.getPassword();
ps.setString(2, cur_Password);
Password = admin");
rs = ps.executeQuery();
String sn = "Zatoka";
String n = "Eugen";
String queryPeople = "SELECT ID, Surname FROM People WHERE ID = ?";
PreparedStatement psPeople = conn.prepareStatement(queryPeople);
if(rs.next()) {
int logonID = rs.getInt("ID");
psPeople.setInt(1, logonID);
rs = psPeople.executeQuery();
rs.next();
user.setSurname(rs.getString("Surname"));
FROM TLogon, People WHERE TLogon.ID = People.ID";
ctx.setAttribute("user", user);
this.forward("/successLogin.jsp", request, response);
this.forward("/registration.html", request, response);
catch(Exception exception) {
}CheckUser.java maybe incorrect, but it's not serious, because see the principe (conception).
Main is Dispatcher.java. This class is dispatcher between all servlets. -
In our java web application trying establish the connection for sharePoint 2013
using Windows claims authentication (NTLM ), I am getting error message "Server was unable to process request. ---> Site is not configured for Claims Forms Authentication". But In the Sharepoint 2013 our Site is is configured for Windows
claims only.
In the Sharepoint 2013 server in the IIS manager settings for authentication it is enabled for both Windows claims and Forms authentication,
but if I disable Forms authentication that I will be able to connect it through my application but with the direct access i.e., by running the URL in the browser I am not able to connect getting error message "sorry this site has not been shared with
you" in the browser Kindly help me on this.Hi,
This issue is always caused that you had missed FBA configuration in web config of your web application.
You can configure the FBA authentication then check whether it works.
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
http://chrisbarba.com/2013/07/16/sharepoint-2013-forms-based-authentication-fba/
more reference:
http://stackoverflow.com/questions/5686378/sharepoint-2010-claim-base-authentication-error
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/2d82dcd4-0e57-4de5-81bc-60ffc3cb9a9f/sharepoint-2010-claim-authentication-and-authenticationasmx?forum=sharepointgeneralprevious
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support -
Help With Integrating Servlet and JSP Page?
Hello There
--i made jsp page that contain name and description fields and add button
--and i made servlet that contain the code to insert name and description in the database
--and i want to make that when the user hit the add button
-->the entered name and description is sent to the servlet
and the servlet sent them to database?
here's what i 've done:
the jsp code:
<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Categories Page
</title>
<html:base/>
</head>
<body style="background-color: white">
<form action="jpage.jsp" method="get">
<h1>
<center>
categories Operations
</center>
</h1>
<h3>
<label>Name</label>
<input type="text" name="name" value="" size="10" />
<label>Description</label>
<input type="text" name="description" value="" size="10" />
<input type="submit" value="Add" name="button" />
</h3>
</form>
</body>
</html:html>the servlet code:
import java.io.*;
import java.util.Enumeration;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.net.*;
class NewServlet1 extends HttpServlet{
Connection conn;
private ServletConfig config;
public void init(ServletConfig config)
throws ServletException{
this.config=config;
public void service (HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
HttpSession session = req.getSession(true);
res.setContentType("text/html");
try{
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost/struts", "root", "");
PreparedStatement ps;
ps = conn.prepareStatement ("INSERT INTO categories (Name, Description) VALUES(?,?)");
ps.setString (1, "aa");
ps.setString (3, "bb");
ps.executeUpdate();
ps.close();
conn.close();
}catch(Exception e){ e.getMessage();}
public void destroy(){}
}The JSP Code:
<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Categories Page
</title>
<html:base/>
</head>
<body style="background-color: white">
<form action="actionServlet.do?action=Additem" method="*post*">
<h1>
<center>
categories Operations
</center>
</h1>
<h3>
<label>Name</label>
<input type="text" name="name" value="" size="10" />
<label>Description</label>
<input type="text" name="description" value="" size="10" />
<input type="button" value="Submit">
</h3>
</form>
</body>
</html:html>The Servlet Code:
import java.io.*;
import java.util.Enumeration;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.net.*;
public class NewServlet1 extends HttpServlet implements SingleThreadModel {
public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException,IOException {
doPost(request,response);
public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException,IOException {
String action = request.getParameter("action"); // action = "Additem"
if (action.equals("Additem")) {
String name = request.getParameter("name");
String description = request.getParameter("description");
RequestDispatcher reqDisp = null;
try{
Connection conn;
PreparedStatement ps;
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost/struts", "root", "");
ps = conn.prepareStatement ("INSERT INTO categories (Name, Description) VALUES(?,?)");
ps.setString (1, name);
ps.setString (3, description);
ps.executeUpdate();
ps.close();
conn.close();
reqDisp= request.getRequestDispatcher("./index.jsp");
reqDisp.forward(request, response);
catch (Exception ex){
System.out.println("Error: "+ ex);
}The web.xml code:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>NewServlet1</servlet-name>
<servlet-class>NewServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>NewServlet1</servlet-name>
<url-pattern>/NewServlet1</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>actionServlet</servlet-name>
<servlet-class>com.test.servlet.NewServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>actionServlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app> -
Site is not configured for Claims Forms Authentication
Hi All
I have one custom login page for my Sharepoint 2013 site where i am trying to use
SPClaimsUtility.AuthenticateFormsUser(uri, strUserName, strPwd);
But i am getting this exception ---> Site is not configured for Claims Forms Authentication
I checked ULS long and there it is --> Not in claims forms auth for url 'https://domain/sitecollection/'.
Web.config enteries are
<authentication mode="Forms">
<forms loginUrl="/_layouts/TarsForwardLogin.aspx" />
</authentication>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA"
connectionPassword="spad1n2" server="10.100.5.119" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="cn" userContainer="o=toyota" userObjectClass="Inetorgperson"
userFilter="(ObjectClass=Inetorgperson)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn,fullname,language,mail" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="rolemanager" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA" connectionPassword="spad1n2" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=15.0.0.0,
Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="10.100.5.119" port="389" useSSL="false" groupContainer="ou=groups,ou=GSP,ou=Applications,o=toyota" groupNameAttribute="cn" groupMemberAttribute="member"
userContainer="o=toyota" userNameAttribute="cn" userDNAttribute="entryDN" dnAttribute="entryDN" groupFilter="(ObjectClass=groupOfNames)" userFilter="(ObjectClass=Inetorgperson)" scope="Subtree"
/>
</providers>
</roleManager>
Can
someone please help/Guide
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |Hi All
I tried like this and it worked...
SPIisSettings iisSettings = SPContext.Current.Site.WebApplication.IisSettings[SPUrlZone.Internet];
SPFormsAuthenticationProvider formsClaimsAuthenticationProvider = iisSettings.FormsClaimsAuthenticationProvider;
SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
formsClaimsAuthenticationProvider.MembershipProvider, formsClaimsAuthenticationProvider.RoleProvider, strUserName, "", SPFormsAuthenticationOption.PersistentSignInRequest);
if (null != token)
base.EstablishSessionWithToken(token, SPSessionTokenWriteType.WriteSessionCookie);
base.RedirectToSuccessUrl();
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS | -
How to send array of bytes to a servlet and store it in a file
Hi,
How to send array of bytes to a servlet and store it in a file.
I am new to Servlets. if possible for any one, please provide the code.
Thanks,
cmblThrough HTTP this is only possible with a POST request of which the encoding type is set to multipart/form-data. You can use Apache Commons FileUpload to parse such a multipart form data request into useable elements. From the other side (the client) you can use a HTML <input type="file"> element or a Java class with Apache Commons PostMethod API.
You may find this article useful: http://balusc.blogspot.com/2007/11/multipartfilter.html -
Forms Authentication - SQL 2008 Reporting services
Hi Experts,
I am trying to implement a forms authentication in SQL 2008 reporting services based on this article,
http://msdn.microsoft.com/en-us/library/ms160724(v=SQL.100).aspx#2
Everything worked fine, but the display page is not loading the default reports, connections etc.
Have attached screen shot, any suggestions appreciated.
Thank you,
Satwick
satwickHi satwick,
Thank you for your question.
I am trying to involve someone more familiar with this topic for a further look at this issue. Sometime delay might be expected from the job transferring. Your patience is greatly appreciated.
Thank you for your understanding and support.
Thanks,
Wendy Fu
If you have any feedback on our support, please click
here.
Maybe you are looking for
-
J2SE Installing on XP Home Freezing UP
J2SE v1.4.2 and Netbeans IDE 3.5.1 Installer Freezes up at: Preparing J2SDK 1.4.2 components for installation 8% This occurs either when installing over net "Open" and when installing from hard drive "save" Have disk space and administrrator privledg
-
Hii all, how can we create a report for purchase tax register
Purchase Tax Register 2: Fields on selection screen (input screen) : Vendor Code from to , Date from to, Material Type from to, Tax Code from to . Field in the output List : Document Number , PO Number ,PO Date , Vendor C
-
Inbound Adapter / 'Sink' failing for Content Server on Subscription Client
I am running into an issue in configuring the Outbound - Inbound Adapters for Connection Server / Subscription Client against Content Server. The details are below. Would sincerely appreciate if anyone can help with this. I have installed a Oracle UC
-
Can't remember my password for my Game Center account
Game Center has always signed in automatically from my ipod touch. But all of a sudden not too long ago it asked for my login info and I can't remember my password. There are no FAQs or anything for the app, as far as I can tell, and I don't even kno
-
Import Metadata Wizard not loaded
Hi, I'm new to Oracle Warehouse Builder, I want to load data from a flat file (source file) but Import Metadata Wizard not loaded after creation of flat file module or nor launch Import Metadata Wizard manually. It shows me the screen as in the link