Form Base Login

Similar Messages

• 5.1 sp9 and Form Base login

  Hi,
  We've just upgraded to 5.1 sp9 from sp8 and the form base login seem to have died.
  We are using LDAPRealm to authenticate and ServletAuthentication class for the
  form login.
  This is the error we get
  java.lang.SecurityException: Authentication for user adminuser denied in realm
  wl_realm
  at weblogic.rmi.extensions.AbstractRequest.sendReceive(AbstractRequest.java:76)
  at weblogic.jndi.toolkit.BasicWLContext_WLStub.lookup(BasicWLContext_WLStub.java:246)
  at weblogic.jndi.toolkit.WLContextStub.lookup(WLContextStub.java:545)
  at javax.naming.InitialContext.lookup(InitialContext.java:350)
  at com.citec.payserv.AdminStart.setEJBHomeInterface(AdminStart.java:213)
  at com.citec.payserv.AdminStart.doGet(AdminStart.java:412)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:120)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:915)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:879)
  at weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:269)
  at weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:365)
  at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:253)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
  Seems strange that it is referencing wl_realm and not LDAPRealm. It was working
  on sp8, is anybody aware of anything like this?

  seems like a regression in SP9.
  I have filed a bug report. In case if you contact support refer CR046236
  Kumar
  Peter Buus wrote:
  I have just downloaded SP9 and now my defaultFileName does'nt work any more.
  I used to have the following entry
  weblogic.httpd.initArgs.file=defaultFilename=/menu/start.htm
  Prior to SP9 a request to http://myserver would yield
  http://myserver/menu/start.htm
  Now WL 5.1 presents a directory browsing of the root. It works if
  http://myserver/menu is requested.
  However, I have a lot of users using http://myserver - is there any way to
  include a directory in a defaultfilename?
  Thanks/Peter

• Security - Password Expiration with Form Base Authentication

  Hi everbody,
  I have configured the security of my application and this works
  fine.
  I configured the roles and match roles with groups defined in my
  LDAP
  I used the form base authentication. Perfect, but now I configure in
  LDAP
  that the user password can be expired, and the user can change password.
  My problem is when the user try to log at my application and the
  password was expired, I need to allow that user change the password
  ( showing another pag, and ask about the new password).
  Nowadays when the user try to log and the password was expired the
  page that I have set for my login error page (form base authentication)
  is call, this page is call if the user is invalid or the password is
  invalid too.
  I have try to get the exception at this page using :
  String codeObj =
  req.getAttribute("javax.servlet.error.status_code");
  String messageObj =
  req.getAttribute("javax.servlet.error.message");
  String typeObj =
  req.getAttribute("javax.servlet.error.exception_type");
  But all of this String are null. It's independent if the user is
  invalid or the password or either if the password was expired.
  I always get this null Strings. But if the person isn't authorized I
  call another pag and at this time I can get the code, message
  and the exception type
  So my question is how can I treat this ? how can I get this kind of
  exception ?
  I also make a java application that only try to connect with Ldap,
  and if the password is expired
  I can get the com.netscape.LDAPExpection with code 45 and message
  Invalid Credential.
  Is it impossible to get this exception in my actual solution ? I
  need to make one component for that ?
  Someone can help me ?
  Any tip will be good !!
  Thanks
  Daniela Pistelli Gomes
  Technical Consultant
  Summa Technologies
  http://www.summa-tech.com

  Hi Robert,
  thanks very much for ur pointers on the AuthFilter class.. will try that out.
  Robert Greig <[email protected]> wrote:
  Stephen wrote:
  I am using WLS 6.1 and tried using a custom filter to intercept theauthentication
  request submitted from a FORM BASE jsp (using the j_security_checkform).
  However, no matter what i've tried, it is always the authenticationpart that
  gets executed before the filter.
  Any idea how could I intercept the request before the j_security_checkservlet
  calls the security provider for authentication?There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
  I haven't used it because it is deprecated but I think it does what
  you're after.
  In my apps, I make the FORM auth submit to my own servlet which can then
  do what j_security_check does (most although not all is accessible
  through public APIs).
  Robert

• Protected url, form base

  i need access to a html protected page
  for base authentication it's simple, i use a class like this :
  public class MyAuthenticator extends Authenticator {
  String username = "";
  String password = "";
  public PasswordAuthentication getPasswordAuthentication() {
  return new PasswordAuthentication(username, password.toCharArray());
  and I install the authenticator in the servlet
  MyAuthenticator ma = new MyAuthenticator();
  Authenticator.setDefault(ma);
  my problem is to access form based protected resources, and i really don't know how ro do it.
  Any idea?

  mybe i have a solution, but i don't know if this is a good code.
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // log in ----------------------------------------------------------------
       String data = URLEncoder.encode("userid", "UTF-8") + "=" + URLEncoder.encode("mamma", "UTF-8");
  data += "&" + URLEncoder.encode("password", "UTF-8") + "=" + URLEncoder.encode("aaa", "UTF-8");
  //login
            URL url = new URL("http://localhost:8087/Mamma/j_security_check");
            URLConnection conn = url.openConnection();
  conn.setDoOutput(true);
  OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
  wr.write(data);
  wr.flush();
            String key = "";
            String id = "";
            // Get session cookie ----------------------------------------------------------------
            if (conn != null)
                 for (int i = 1;(key = conn.getHeaderFieldKey(i)) != null; i++)
                      if (key.equalsIgnoreCase("set-cookie"))
                           id = conn.getHeaderField(key);
                           id = id.substring(0, id.indexOf(";"));
                      }     //if
                 }     //for
            }     //if
            String jSessionId = id;
  // Get the response ----------------------------------------------------------------
  BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
  String line;
  while ((line = rd.readLine()) != null) {
  System.out.println(line);
  wr.close();
  rd.close();
  // access form base protected resource ---------------------------------------------------
  URL url2 = new URL("http://localhost:8087/Mamma/situazione");
            URLConnection conn2 = url2.openConnection();
  conn2.setDoOutput(true);
  //System.out.println("jSessionId:"+jSessionId);
  conn2.setRequestProperty("Cookie", jSessionId);
  BufferedReader rd2 = new BufferedReader(new InputStreamReader(conn2.getInputStream()));
  String line2;
  while ((line2 = rd2.readLine()) != null) {
  System.out.println(line2);
  //wr2.close();
  rd2.close();
       }

• Form based login, iframes and session time out

  Hi all,
  I'm trying to create a site using form based login.
  The site contains a page protected page, default.jsp that have a logout button/link (clicking it invalidates the session), and a navigation bar with links linking opening them in iframes inside the default.jsp page:
  I have also a login.jsp page and and a error.jsp page
  Everything works fine I can login, I can logout. My problem occurs when the session times out and the user tries to access protected contents in the internal frames. He then is promted for a new login. The problem is that the login,jsp page now turns up inside the jframe designatet for my contents.
  I woud have liked the login page to turn up at the top level i.e. filling the entire browser window (i.e on the same level as the default.jsp page). Is this somehow possible?
  Regards
  Uno Engborg

  Easy answer: use JS to jump out iframe.
  Best answer: don't use iframes, but use server side includes like jsp:include. Iframes have too much disadvangages, topping the extremely bad SEO and UX.

• Help: FORMS Oracle login screen

  Hi,
  I am working on an Oracle FORMS application. When this pass to the user, we do not want to know or to type which Oracle DB they are logging in, but the user name and password.
  Question: Is there are way to modify the FORMS default login screen to achieve the above task and allow me to modify the appearance to make it the way users want?
  Any suggestions are greatly appreciated.
  Thanks.
  Jimmy

  You can write your own "logon"-fmb. start if giving a "dummy-connection", retrieve the SID using GET_APPLICATION_PROPERTY(CONNECT_STRING) and offers the fields for username and password (and of course, the logon-button). When user clicks on Login, do a LOGOUT and LOGON again using the enterd values and the formerly retrievred SID.

• How to get username from Form-based login

  I am using form-based login in my web.xml file.
  When I attempt to access a protected .jsp page, I get sent to my login page as expected.
  When I enter my username/password successfully it forwards me to the .jsp page I was trying to go to, as expected.
  From that .jsp page, how do I get the username/password info from the login form? I looked at the session attributes, request attributes, and request parameters, but I don't see anything. Does the form-based authentication remove these variables?
  I need the username that is filled out in the login form, so that I can do custom work with it. I cannot ask the user for it again after they login, as that is inefficient and sloppy.

  Found it.
  request.getUserPrincipal().getName()

• How to call System Form base on User Form

  I want to reuse System Form that "list of items" on service call,
  Show the "list of items" Form base on my own Form,
  How to do?
  thanks
  Tony

  Hi Tony,
  Have you looked at the ChooseFromList object? This is available in the UI API and allows you to easily create the 'lists' windows for all the main objects, including items. There is an example of using the ChooseFromList in the samples in the SDK.
  Kind Regards,
  Owen

• Tomcat problem with form based login

  Hi,
  I have a page for form-based login, but the problem is that the image and css files dont load on the login page request. What I gather from other discussions is that this is because these are still protected when the page is requested. How do I exclude them from being protected.
  Nirav

  Hi tolmank,
  Earlier I just filtered out the login page and images based on the extension, but now I am trying the second approach i.e. making a protected directory, but my application does not start. When i start it from the tomcat manager, it gives me this error,
  FAIL - Application at context path /<app dir> could not be started
  <web-resource-collection>
       <web-resource-name><app dir></web-resource-name>
       <url-pattern>/protected/*.jsp</url-pattern>
  </web-resource-collection>
  <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
            <form-login-page>Login.jsp</form-login-page>
            <form-error-page>Error.jsp</form-error-page>
       </form-login-config>
  </login-config>
  what could be wrong?

• Does Form Base Project budgeting support Budget Forecasting?

  Hello Expert,
  Can you please help me in understanding that does form base budgets in project costing support budget forecasting? if no then is that it can be achive only through Project Management?
  Your help will be appreciated.
  Thanks
  Uday

  Hi
  If you use the Forms for budgeting you can setup various budget types, like approved cost budget, proposal cost plan, funded revenue budget, forecast cost, etc...
  For each one of those types you have the same functionality, and budget entry is just keying in the quantities and amounts on the budget form. You could automate the calculation of burdened cost based on the entry of raw cost amount, or that based on quantity. Such automation is done using the budget client extension, and that extension is called immediately as you key in the line value.
  With Oracle Project Management (PJT) a new entity was introduced called Financial Plans. A financial plan type is an enhancement of a budget type. The entry of financial plan is done on HTML pages. You could set up financial plans for Firm annual budget, for forecast, for funded revenue etc. With PJT Oracle also delivered a concurrent program called Forecast. That program can generate the plan amounts and insert them on the financial plan defined as parameter. Such calculation functionality is not supported on the Form based budgets.
  Dina

• FORM based login form-error-page

  Hi,
  I have activated FORM based login for EM (oracle 9iAS on Solaris). So, in web.xml for EMD, I have
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/error/oc4j_error.html</form-error-page>
  </form-login-config>
  </login-config>
  When I login as ias_admin, everything seems fine. However, when I login as any other user (not in ias_admin role), the browser redirects to /emd/console/ias/applicationServer...
  Why is the container not redirecting to /emd/error/oc4j_error.html ?
  Any input will be truly appreciated. Hopefully I am doing something wrong.
  Thanks,
  Krishnendu

  Hi Frank,
  Thanks for your reply. If I have a error page in the FORM login, then the container (according to j2ee specs) should redirect to /emd/oc4j_error.html if I authenticate as a user without administrator privileges.
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/oc4j_error.html</form-error-page>
  </form-login-config>
  </login-config>
  For all other containers (WAS, WebLogic and Sun Application server, Tomcat), it seems to work fine.
  Thanks,
  Krishnendu

• Form based login for KM

  Hi,
  We have the problem that we get an basic login box when we try to access documents in the KM. (e.g with a link in an eMail)
  Is it possible to switch from basic login to form based login for the KM?
  If this is possible, how?
  Best regards,
  Manuel

  Good question! On a training server, using /irj/go/km/docs/documents/Public%20Documents/Laptops/Development/Test%20Reports/Performance%20EVO%20N610c%20in%20Network.doc gives the Windows authentication, but http://twdf0399.wdf.sap.corp:50000/irj/go/km/navigation/documents/Public%20Documents/Laptops/Development/Test%20Reports/Performance%20EVO%20N610c%20in%20Network.doc (changing docs to navigation in the URL) gives the form based...

• SSL and login form for form based login over ldap

  Hello,
  i have configured an apache reverse proxy with virtual named host and the the webgate is also running on this server.
  On a second server i have configured a webserver with the login form.
  Access to the protected ressources is working when i use the following parameters in my Authentication schema
  form:/form/login.html
  action:/dummy
  creds:userid password
  ssoCookie:httponly
  passthrough:no
  SSL Required No
  Challenge Redirect http://dummyserver.dummy.org
  Changing the SSL required to yes and the url to https has the following result.
  After filling out the login form and pressing the submit button "the requested URL /dummy was not found on this server"
  Any hints are welcome.
  Kind regards

  Hi Colin,
  Yes the dummy url is protected. Otherwise it should not work when using http.
  I assume that i am not redirected back to the origin source. The obSSOCookie should do this in some way, when i remember that correctly.
  I can see that the obSSOCokkies are created for both urls but the content is "loggedoutcontinue". Thats the difference to the http communication.
  Is there anything else to configure when using SSL with a form based login. Have i missed some basics?
  In the documentation it looks really simple - just trning it on - looking for access - and everything works :-)
  KR

• How to configure a form based login page with entitlement role

  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the security on a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of the portal (for
  exemple by sending urls like "http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_pageLabel=mypage")"
  by email to portal users) and need a simple mecanism of authentication before
  redirecting to the portal page.
  Inste

  Olivier,
  You can't reference WLP visitor roles in weblogic.xml, but you can
  reference global roles (created using the WLS console):
  - <security-role-assignment>
  <role-name>PortalSystemAdministrator</role-name>
  <externally-defined />
  </security-role-assignment>
  -Phil
  "Olivier" <[email protected]> wrote in message
  news:[email protected]..
  >
  We need to have login page to our portal app.
  When using "form based" authentication is it possible to map the securityon a
  "entitlement role" ?
  Our need is to be abled to give direct url acces to some pages of theportal (for
  exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
  Label=mypage")"
  by email to portal users) and need a simple mecanism of authenticationbefore
  redirecting to the portal page.
  Inste

• Tomact examples and form base authentication

  I am looking at the tomcat examples web.xml security constrains and login info settings:
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
  <url-pattern>/jsp/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
       <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <!-- Anyone with one of the listed roles may access this area -->
  <role-name>tomcat</role-name>
       <role-name>role1</role-name>
  </auth-constraint>
  </security-constraint>
  <!-- Default login configuration uses form-based authentication -->
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
  <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  As we can see form-login page and form-error page uri match url-pattern settings.
  url-pattern: /jsp/security/protected/*
  form-login page: /jsp/security/protected/login.jsp
  form-error page: /jsp/security/protected/error.jsp
  There is no binding of unauthenticated user to ether one of specified roles
  Question: What place in the servlet spec allows serving secured resource for a user without appropriate role association?

  Kinda then beat the the whole idea of authentication then, if you allow a user in that is not assigned to a security role? Anyway, I think you are looking to send the user to another page if they are not in a role but have an id, correct? Well, first it has to be a page outside the secure directory/ies. The error it generates is a 403. So add to your web.xml:
      <error-page>
         <error-code>403</error-code>
         <location>/403.jsp</location>
      </error-page>Anytime a user who is not a member of the allowed roles attempts a login, they will be redirected to this page.
  Ross