Get current password in a basic authentication JSP

Hello.
I've written some JSP pages and I've protected them with BASIC authentication.
I'd like to get the password that the user used to log in, because I need to execute a EJB method running on other server and this EJB method is also protected.
Thanks in advance for your help
Kind regards.

I've just resolved it!
Password comes in the request instance as "authorization" header coded in Base64.
Only had to retrieve the header and decode it.

Similar Messages

How set UserName and Password for HTTP Basic Authentication for a servlet

Hi..
How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
But i dont know how do it in JBOSS..
I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
Thank u

Hi Raj,
You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
Store the user information in a database table and check the username and password when the user enters it.
You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
CASE sy-ucomm.
    WHEN 'BACK'.
      LEAVE PROGRAM.
    WHEN <fcode for submit>.
      SELECT SINGLE uname pwd
       FROM <DB table>
       INTO (user, pass)
       WHERE username = user AND
               password = passwd.
      IF sy-subrc = 0.
<Go to next screen for further processing>
      ELSE.
<Display Error message and exit>
      ENDIF.
ENDCASE.
Regards,
Amit
Message was edited by:
        Amit Kumar

Password Needed - Networking basic authentication twice??

Why do I have to authenticate twice??? Using basic authentication, IIS asks me my username and password but then I also get another popup from Sun JVM asking to login again! I've seen other posts on this topic with no solutions yet. Anyone have any idea? Sun, are you working on fixing this issue? I'm so sad that MSJVM will be discontinued. It was much faster and less problematic.

Nope, no answer yet. Until Sun addresses this problem, the only suggestion I can make is not to use the Sun JVM.
You can disable it in Internet Explorer by choosing:
1. Tools
2. Internet Options...
3. Advanced
4. Uncheck (disable): Use Java 2 v1.4.2_04 for <applet> (requires restart)
5. Under Microsoft VM, should already be checked but if not check(enable): JIT compiler for virtual machine enabled (requires restart)
Other reference: http://www.java.com/en/download/help/switchvm.jsp
Of course this is only a temporary workaround for now, but hopefully Sun will fix this before Microsoft completely ends their support for MSJVM on December 31, 2007.
http://www.microsoft.com/mscorp/java/
http://www.microsoft.com/mscorp/java/faq.asp
New Microsoft products will not have MSJVM included so in that case you will need to find, download, and install msjavx86.exe (might be gambling on security if not the most updated version, oh well).
Personally, I don't care which company's JVM software I have to use, I just want one that completely works, is fast, and not problematic.

How do I get around a limitation of Basic Authentication

Dear all,
your input on the following problem would be appreciated:
We have encountered a problem with both the "logout" and "timeout" functionality used in eCRM, due to the use of basic authentication.
Following a users logout and/or timeout period expiring, we are invalidating the user's session, so any user info will be removed from the server memory, and if the user attempts to access the site again there will be a security challenge.
But since basic authentication is being used and the browser already has your authentication information, it just sends it again transparently.
Whether users will notice will depend on how many windows they have open, and which browser they're using.
For example, in IE 5, if you open the secure site in a browser window, and close that window (using the close button on the logout confirmation page), it will "forget" the authentication information. But if I open other windows while connected to the secure site, it remembers the authentication info. Even if the users don't notice, there is a security issue associated with this behaviour.......
Any thoughts/ideas on getting around this problem (other than the obvious - not using basic authentication!!)
Regards,
Chris Adianto

Chris Adianto wrote:
Dear all,
your input on the following problem would be appreciated:
We have encountered a problem with both the "logout" and "timeout" functionality used in eCRM, due to the use of basic authentication.
Following a users logout and/or timeout period expiring, we are invalidating the user's session, so any user info will be removed from the server memory, and if the user attempts to access the site again there will be a security challenge.
But since basic authentication is being used and the browser already has your authentication information, it just sends it again transparently.
Whether users will notice will depend on how many windows they have open, and which browser they're using.
For example, in IE 5, if you open the secure site in a browser window, and close that window (using the close button on the logout confirmation page), it will "forget" the authentication information. But if I open other windows while connected to the secure site, it remembers the authentication info. Even if the users don't notice, there is a security issue associated with this behaviour.......
Any thoughts/ideas on getting around this problem (other than the obvious - not using basic authentication!!)Send HttpServletResponse.SC_UNAUTHORIZED (401) in the response header: http://www.tapsellferrier.co.uk/Servlets/FAQ/authentication.html has more info.
Cheers,
Alex

Outlook 2013 - Exchange 2013 - Prompts for username and password when EWS basic authentication is enabled

So we have an Exchange 2013 environment, and a CRM solution that requires basic authentication to EWS internally. Problem is, after a reboot of our Exchange server, all of our Outlook clients begin prompting for username and password (which nothing
works) which also starts locking users AD accounts out due to failed login attempts (somehow). If I disabled basic authentication on EWS, Outlook authenticates as normal using NTLM and there are no issues. Once Outlook has authenticated, I can
turn back on basic authentication, and Outlook will be fine until the next time the Exchange server is rebooted.
Any ideas?

Hi,
According to your description, I understand that Outlook client prompted for username and password when Exchange server restart and basic authentication is enabled for EWS.
If I misunderstand your concern, please do not hesitate to let me know.
It’s normal. This caused by the difference between basic authentication and NTML authentication:
Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 or later world, Basic can mean no need to authenticate every time you open/reconnect,
but in all earlier versions, you will have to enter creds every time.
NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication
at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

Why do I get a message that says "your account cannot be authenticat.se enter the most current password in settings to continue receiving emails" ? I can't get emails and this is the second time si

Why do I get a message that says "your account cannot be authenticated. If you have recently changed your email password please enter the the most current password in settings to continue...? I can't get my email. Help!

Hi there ninjajune! We understand the importance of receiving e-mails! Which e-mail account are you having this trouble with? Have you tried to delete the e-mail account and add it back? What is the make and model of your device? Additionally, are you able to access the e-mail account from a PC? Looking forward to your reply so tha I can better assist!
LenaA_VZW
Follow us on Twitter @VZWSupport

Configuring Basic Authentication with Username and password on BizTalk Schema Service

Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh S

Hi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

Get Username/Passwd from Basic Authentication in Handler

Is it possible to extract the username/password in a JAX-RPC Handler chain in a
Web Service after a Basic Authentication ?

Yes, it gives me a string like [[email protected] ?

(JAAS) Getting LoginContext when using BASIC authentication

I am using basic authentication in JAAS to authenticate users for JSF web resources. My web.xml is configured as follows:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>eccgroup</realm-name>
</login-config>
How can I get hold of the LoginContext that (I assume) was created in order to logout?
The Principal is available on the HTTPRequest but I cannot find where the LoginContext is stored?

As far as I know, vendors are not required to rely on a JAAS LoginContext to perform BASIC auth. Different vendor implementations may do different things. So you may have to rely on a programmatic logout API, but I'm not personally aware of any standard API for this.

How do i get it: ENTER CURRENT PASSWORD

how do I get off it. ENTER CURRENT PASSWORD
I do not know what I need. my brother has allegedly done nothing and now it shows me that.
My English is not so good by writing translator of google, but I hope it is still evident

Hi
This is the BIOS password.
if the BIOS password has been set, then this window would appear and BIOS asks you to enter the password.
Do you know this password?
If you dont know this password then you will need to ask the Toshiba ASP technician to delete this.

How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

hi all,
i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
this is the simplified folder structure of my application on the server:
[application]
[etc]
    xyz.xml
[jars]
    myapp.jar
launch.jnlp
website.jsp
initial start and basic authentication:*
my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
second start and basic authentication:*
if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
and now the actual problem:*
during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
related thougts:*
i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
my current solution:*
for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
a possible alternative:*
i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
the only real solution:*
should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
WHAT HAVE I MISSED???
AM I COMPLETELY WRONG???
WHAT IS THE EASIEST WAY???
AND WHAT IS THE BEST WAY???
thank you so much,
stephan

Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
if you have a structure like this:
/ctxroot/
       launch.jnlp
       /app/
           *.jar
           *.whateveryou may use in your web.xml:
     <servlet>
          <servlet-name>JnlpDownloadServlet</servlet-name>
          <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
     </servlet>
     <servlet-mapping>
          <servlet-name>JnlpDownloadServlet</servlet-name>
          <url-pattern>*.jnlp</url-pattern>
          <url-pattern>/app/*</url-pattern>
     </servlet-mapping>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>Application</web-resource-name>
               <url-pattern>/app/*</url-pattern>
               <http-method>GET</http-method>
               <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
               <role-name>bla</role-name>
               <role-name>fahsel</role-name>
          </auth-constraint>
          <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>Subscription</web-resource-name>
               <url-pattern>*.jnlp</url-pattern>
          </web-resource-collection>
          <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>whatever-realm</realm-name>
     </login-config>
     <security-role><role-name>bla</role-name></security-role>
     <security-role><role-name>fahsel</role-name></security-role>
...Than you may use the Service stuff like:
     BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
     URL codeBase = bs.getCodeBase();
     URL pu = new URL(codeBase.toString() + "whatever.bla");
     HttpURLConnection res = (HttpURLConnection) pu.openConnection();
     res.setInstanceFollowRedirects(true);
     res.setRequestMethod("GET");
     res.setConnectTimeout(10 * 60 * 1000);
     res.connect();
     String enc = res.getContentType();
...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
<b>For, point one,</b>
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
<b>For point 2,</b>
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Basic Authentication, how to make it work?

Your input will be highly appreciated.
I am trying to make http basic authentication work in BEA Weblogic, and I am using
'examplesWebApp' as my sample program. So far, I can see the browser popup dialogbox,
but I always got authentication failure message after I gave login and password.
Steps which I did:
1. Start server - Start examples server which is weblogic700/samples/server/config/examples/startExamplesServer.sh
(I am on Sun's Solaris).
2. Start descriptor editing window -- In Management Console, select Deployment -->
Web Applications --> examplesWebApp, then start "Edit Web Appliation Deployment Descriptors.."
in another browser window.
3. Login Config - In the new window, select "Web App Descriptor", then "Configure
a new Login Config...", then select "Basic" for Auth Method , and type in "myrealm"
for "Realm Name".
4. Specify constraints - Select "Security Constraints", and then "Configure a new
Security Constraint". Use "MySecurity Constraint" as the display name, and use "MyWeb
Resource Collection" as Resource Name. Type in /* in the "Url Patterns" field.
5. Configure a security role - Select "Security Constraints", and then "Configure
a new Security Role". Type in Admin for "Role Name".
6. Configure a Auth Constraint - Select "Security Constraints" --> "MySecurity Constraint",
then "Configure a new Auth Constraint...". Click on Create button in Configuration
tab, then move Admin from Available to Choosen column, then click on Apply
7. Persist these changes and then restart the server
That's all what I did, and then I use 'weblogic/weblogic' as login/password to try
to login to http://localhost:7001/examplesWebApp/HelloWorld2. I can see the popup
dialogbox, but I always get a failure message. By the way, weblogic/weblogic (login/password)
always work for Management Console window.
The user "weblogic" is a user defined in myrealm, and it is also in Administrators
group. The role definition of "Admin" in myrealm has "Caller is a member of group
Administrators" as one of its conditions. So my understanding is that it should work,
but unfortunately it doesn't. I must miss some steps or part of my understanding
may not be right.
Hope somebody can give me some help.
Thanks.
Yunpeng Zhang

Hello Abhilash,
lets check what is the authentication selected for the Central Admin web applicaiton.
go to CA --> Appliaction management --> manage web applicaiton --> select the central admin web app --> on the top ribbon select "Authentication Providers".
here , verify under IIS authenticaiton settings section, which option is selected, if the basic authenticaiton check box is checked, please uncheck it and select "integrated Windows Authentication".
if this doesnt work,
try unprovisioning and reprovisioning the CA usning command ..
psconfig.exe -cmd adminvs -unprovision
psconfig.exe -cmd adminvs -provision -port 0000 -windowsauthprovider onlyusentlm
REF: http://technet.microsoft.com/en-in/library/cc263093(v=office.14).aspx
or ..
if you have other servers in the farm, you can just start the Central Admin service on other server and stop it on the current one from "Services on server
" option on CA.
let me know afterwards ...
Thanks, Noddy

Problems with basic authentication example

I am trying to run the basic authentication example from the Professional JSP book (Chapter 16) although for some reason I continue to get "AUTHENTICATION MECHANISM NULL" instead of "AUTHENTICATION MECHANISM BASIC". I do not even get the pop-up window with the prompt for Username and Password. I am running Tomcat 4.0-dev and have tried to access the login window by pointing the browser to the appropriate file:
//localhost:8080/ch16-basic/index.jsp
Still not login window???
I have added the extra user and password to the tomcat-users.xml file (username="projsp" password="projsp" roles="superuser")
Still no luck????
Could someone please let me know what could possibly be going wrong.
Thank you!!!!

The index.jsp is:
<html>
<head>
<title>Protected Area Page</title>
</head>
<body>
<%
out.println("<H2>Authentication Mechanism "+ request.getAuthType() +" </H2>" );
%>
</body>
</html>
The tomcat-users.xml is:

<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="projsp" password="projsp" roles="superuser" />
</tomcat-users>
And the web.xml is:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ProJSP Authentication Example</realm-name>
</login-config>
</web-app>
WHY ISN"T THIS WORKING!!!!

Get current password in a basic authentication JSP

Similar Messages

Maybe you are looking for