How to send OAM 11g session/cookie in authorization response?
Hi All,
Is it possible to send OAM 11g session token/cookie in Authorization policy Response as actions? If so, what cookie (name) has to be used for that?
Thanks
Mahendra.
Once you have a UserSession you can use isAuthorized(ResourceRequest). The UserSession should handle the rest for you...
ObSSOCookie is OAM 10g style and supplied by a different API.
HTH,
--olaf
Similar Messages
-
How to keep OAM 11g session in HTTPS
I have a LB that initiates HTTPS and then forward the request to OHS which is in simulateHTTPS. Webgate is running on this OHS. Problem I am seeing is that request starts off as HTTPS then WG redirects to OAM, its running in HTTP.
How can I keep OAM in HTTPS?Check the thread Re: How to configure Webgate let the Webgate works on HTTPS?
Hope this helps,
Sagar -
Problem with showModalDialog whenever server sends a new session cookie
Hi,
In our application we display a pdf to the user in a modal dialog whenever he clicks on the view button. We use siteminder for authentication.
Only on certain machines we sporadically get a blank modal dialog instead of the pdf. I used HttpAnalyzer to check on the HTTP requests and response. I found that whenever in case of a call to DisplayPDFServlet(see the code below to understand the calls) the siteminder does a "Set-Cookie" in the response, I get a blank modal dialog and the Response content is empty.
I tried to match my IE setting with the machines which do not have this problem, but it has been of no use.
The view action is handled in the code as follows:
1. Call a struts action class which fetches the pdf and puts it in session.
2. In the jsp to which the control is now directed to, we have an object tag wherein the value is a call to a servlet which gets the pdf from the session and writes it to the outputstream
Object tag in the jsp:
<object id="demo" classid="clsid:CA8A9780-280D-11CF-A24D-444553540000" width="750" height="530">
<param name="SRC" value="servlet/com.dcs.century21.display.util.DisplayPDFServlet?<%=System.currentTimeMillis()%>">
</object>
Servlet Code
public void doPost(
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
HttpSession session = request.getSession();
response.setHeader("Cache-Control", "no-cache"); //HTTP 1.1
response.setHeader("Pragma", "no-cache"); //HTTP 1.0
response.setDateHeader("Expires", 0);
//prevents caching at the proxy server response.setContentType("application/pdf");
response.setHeader("Content-Type", "application/pdf");
response.setHeader(
"Content-Disposition",
"inline;filename=somepdf.pdf");
java.io.OutputStream outputStream = response.getOutputStream();
if (session.getAttribute("contractDocumentByteData") instanceof byte[])
byte[] data =
(byte[]) session.getAttribute("contractDocumentByteData");
if (data != null)
response.setContentLength(data.length);
session.removeAttribute("contractDocumentByteData");
outputStream.write(data, 0, data.length);
outputStream.flush();
outputStream.close();
Please Help!!!
VinayHi
I tried appending a "\n" to the end of the string, this didn't work. But, it seemed that using out.println(text) instead of out.print(text) when sending the message through the socket solved the problem.
Thanks a lot for the tip!
CK -
How do I enable per session cookies?
Would someone be so kind as to instruct me on how to enable per session cookies.
I cannot use one website to its fullest without this.
Thank you,
LeefleaSee [[Enabling and disabling cookies]]
-
Re: How do I pass the session when I use response.setHeader
Got it..
I was using setHeader("Location","second.jsp") instead of setHeader("location","second.jsp").
Headers are case sensititve for SunOne Appserver.
-SrinivasIf you are using the Standalone version, then first of all make sure to UNCHECK (BIP10g 10.1.3.4.1)
"AUTO RUN" (it is under General Settings when you select your Report Definition)
Next, you should define the parameters in the corresponding parameter Section.
Its simplest form is of "Text" type so you will have to enter values at runtime.
Then these parameters can be used in your query as bind variables.
When you run the report it will prompt for parameter values. Enter these values
and you would get a sample of your XML data.
This should work and you should not find any issues.
regards
Jorge -
Hi all
I have a issue please answer me.
If users disabled cookies.( other than session cookies)
how i should dynamically switch session cookies.
and how i can generate session cookies in servlet?
thanks
yashvantIf the user has cookies disabled (session, since persistent ones are rarely used for maintaining session state with a browser), then most containers will attempt 'url-rewriting' and insert the session uid there (in the URL). That should work even if cookies are disabled. In order to access a session, you simply call HttpServletRequest#getSession(). If no session exists, one will be created, else the existing one will be retrieved. The J2EE container will send either a cookie in the response or re-write the URL. You don't have to do anything special.
- Saish -
OAM 11g reports with BI publisher 11g
Hi Guys,
I am facing issue while configuring the reports in BI Publisher for 11g while generating report i am getting error
oracle.xdo.XDOException: oracle.xdo.XDOException: oracle.xdo.XDOException: Could not get data source connection for: Audit
i will list down the steps
1. Created a audit database using RCU
2.Created a jdbd data source in weblogic
3. Attach this data source to Audit store in Enterprise manager.
4.deploy the reports in BI publisher
5. created a jdbc data source to point to audit database.
6.Attach this datasource to data modal and then to report. Now when i run the report i am getting this error
oracle.xdo.XDOException: oracle.xdo.XDOException: oracle.xdo.XDOException: Could not get data source connection for: Audit
guys provide me with some pointers.Hi,
Here is a set of instructions on how to run the OAM 11g reports in BI 11g:
http://oraclemiddlewareblog.com/2012/07/31/how-to-run-oam-11g-audit-reports-in-bi-publisher-11g/
Basically, even if you have created the datasource to the XX_IAU schema, you still need to make sure that you enable the audit on the OAM side and that you configure the right filters for the audited operations. -
Enable secure session cookie on Sun ONE Web Server 6.1
How can I enable secure session cookie (JSESSIONID) on Sun ONE Web Server 6.1?.
For 6.0 is <session-cookie is-secure="true"/> inside the <web-app> tags in web-apps.xml but I'm not able to find this setting for 6.1.There is a fix in 6.1sp5 that enables the session cookie to be marked as secure.
See the release notes and search for 6262885 under Issues Resolved in 6.1sp5:
http://docs.sun.com/app/docs/doc/819-2479/6n4p1bdea?a=view -
How to Set up HTTPOnly and SECURE FLAG for session cookies
Hi All,
To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
I have found the below solutions.
For setting up the HTTPOnly for the session cookies.
1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.httponly = true;
For setting up the secure flag for the session cookies.
2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
this.sessioncookie.secure = "true"
Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
<cfapplication setclientcookies="false" sessionmanagement="true" name="test">
<cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
<cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
<cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
</cfif>
But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
Your timely help is well appreciated.
Thanks in advance.BKBK wrote:
Abdul L Koyappayil wrote:
BKBK wrote:
You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
I couldnt understand this. I mean how are you relating this with my question.
When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
Name:
JSESSIONID
Content:
782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
Domain:
xyz.abc.pqr.com
Path:
Send for:
Any kind of connection
Accessible to script:
No (HttpOnly)
Created:
Wednesday, September 3, 2014 2:25:10 AM
Expires:
When the browsing session ends
BKBK wrote:
2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
BKBK wrote:
3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea?? -
$20 to anyone who can help: (I think) how to send the right cookie info
Yes, we're so befuddled and stumped that we are willing to pay $25 by Paypal or any other method (check, money order) to the first person who provides us with a concrete solution that allows us to read this page through a Java application:
http://s1.amazon.com/exec/varzea/subst/your-account/your-open-marketplace-items.html/104-3907538-7794313
The problem (we think) seems relatively simple: how can we pass the correct cookie to a server? We want to search our merchant web pages on amazon.com (and perform other operations, but for the purposes of this problem, just assume we want to read the above web page). We wrote a variation of a webcrawler which works fine on most web pages. However, the Amazon web pages we want to crawl (i.e., http://s1.amazon.com/exec/varzea/subst/your-account/your-open-marketplace-items.html/104-3907538-7794313) require you to sign in first (otherwise you get redirected to http://s1.amazon.com/exec/varzea/subst/your-account/your-won-zshop-items.html/104-0793551-2976761). So we thought that this meant we had to figure out how to get our webcrawler to login first (we implemented the Java Almanac example for accessing password-protected URLs: http://javaalmanac.com/egs/java.net/Auth.html?l=rel). During the course of testing this out (the code seemed to work, though we still got redirected), we realized that the Amazon web page is not actually performing basic authentication (not asking for username/password), but instead seems (that is, seems to inexperienced us) to be looking for a cookie. We believe this because after we sign in to Amazon, we can access all our merchant web pages just fine without ever needing to log in, even if we turn off the browser (or computer). Also, if we try to access the web page after deleting all cookies, we again get redirected to the page requesting that we sign in.
So we took a look at the Amazon cookie that was created after we signed in to Amazon (printed below), and then implemented the cookie-passing code from the Java Almanac (http://javaalmanac.com/egs/java.net/SendCookie.html). This seemed to have no effect:we still got redirected. We hunted around for other Cookie examples and found achase1's example from a previous forum question (http://forum.java.sun.com/thread.jsp?forum=54&thread=375956), which seemed to add a few HTTPUrlConnection.set's, but this also had no effect--our Java crawler still gets redirected to the page that requests that we sign in first.
So we think that either we are somehow passing the wrong cookie information, or are just missing some critical HttpURLConnection setting or parameter.
So, if you can tell us how to read the Amazon page that seems to require a cookie, and your explanation actually works (that is, we can read the page), we will send you $25 immediately--like so many others on the forum, we're frustrated and lost and need an answer that works!
Here is the Amazon account information (naturally, this is a working dummy account on Amazon, not our actual account, in case you want to test your solution before posting it):
username: [email protected]
password: melville
Here is the cookie that is generated:
session-id
104-3907538-7794313
amazon.com/
1536
3382951936
29569409
1475475408
29568127
session-id-time
1055491200
amazon.com/
1536
3382951936
29569409
1475575408
29568127
ubid-main
430-1017936-7312154
amazon.com/
1536
2916341376
31961269
1482485408
29568127
x-main
Z3yciaQAfpzN?CPFkzeRd8z1U2lWcoap
amazon.com/
1536
2916341376
31961269
2005235408
29568127
Here is the extra-simplified version of our webcrawler, which simply tries to read (and print out) the web page:
import java.net.*;
import java.io.*;
public class PasswordReader {
public static void main(String[] args) throws Exception {
// Try to access the page
try {
HttpURLConnection m_urlConn;
URL url = new URL(args[0]);
// Cookie passing code
m_urlConn=(HttpURLConnection)url.openConnection();
m_urlConn.setDoOutput(true);
m_urlConn.setDoInput(true);
m_urlConn.setUseCaches(false);
m_urlConn.setRequestMethod("POST");
// optrional
m_urlConn.setRequestProperty("User-Agent","Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; H010818)");
m_urlConn.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
m_urlConn.setRequestProperty("Cookie" , "session-id=104-3907538-7794313;session-id-time=1055491200;ubid-main=430-1017936-7312154;x-main=Z3yciaQAfpzN?CPFkzeRd8z1U2lWcoap");
m_urlConn.connect();
// end cookie code
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
// Read and print out the web page
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
} catch (MalformedURLException e) {
} catch (IOException e) {
Thank so much to anyone who even tries to help us!! We've been poring through the Sun forums, almanacs, and sample code all week without much evident progress. You'd really be making us very, very happy.
Thank you,
Ogi Ogas
[email protected]"{[VERSION="0" ; NAME="session_id" ; VALUE="@@33f84622845133891a68ec0dffe9f620" ; DOMAIN="my.asu.edu" ; PATH="/" ; SECURE="false" ; EXPIRES="null"]}"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The Cookie!
<HTML><HEAD><!--set cookie-->
<SCRIPT language='JavaScript'><!--
document.cookie = "session_id=@@33f84622845133891a68ec0dffe9f620; path=/;";
// Begin JavaScript
if(!document.cookie) {
var agt=navigator.userAgent.toLowerCase();
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);
// Note: Opera and WebTV spoof Navigator.
var is_nav = ((agt.indexOf('mozilla')!=-1) && (agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1));
var is_nav2 = (is_nav && (is_major == 2));
var is_nav3 = (is_nav && (is_major == 3));
var is_nav4 = (is_nav && (is_major == 4));
var is_nav4up = (is_nav && (is_major >= 4));
var is_navonly = (is_nav && ((agt.indexOf(";nav") != -1) ||
(agt.indexOf("; nav") != -1)) );
var is_nav5 = (is_nav && (is_major == 5));
var is_nav5up = (is_nav && (is_major >= 5));
var is_ie = (agt.indexOf("msie") != -1);
var is_ie3 = (is_ie && (is_major < 4));
var is_ie4 = (is_ie && (is_major == 4) && (agt.indexOf("msie 5.0")==-1) );
var is_ie4up = (is_ie && (is_major >= 4));
var is_ie5 = (is_ie && (is_major == 4) && (agt.indexOf("msie 5.0")!=-1) );
var is_ie5up = (is_ie && !is_ie3 && !is_ie4);
// KNOWN BUG: On AOL4, returns false if IE3 is embedded browser
// or if this is the first browser window opened. Thus the
// variables is_aol, is_aol3, and is_aol4 aren't 100% reliable.
var is_aol = (agt.indexOf("aol") != -1);
var is_aol3 = (is_aol && is_ie3);
var is_aol4 = (is_aol && is_ie4);
var is_opera = (agt.indexOf("opera") != -1);
var is_webtv = (agt.indexOf("webtv") != -1);
var intro_dir = "This installation of Blackboard 5 requires the acceptance of a cookie by your browser software. ";
intro_dir += "The cookie is used to ensure that you <I>and only you</I> are able to access information in the courses, assessments, gradebooks and other features which are appropriate for you. <P>";
intro_dir += "The system has been unable to place the cookie. This may be because cookies are disabled in your browser.<P> To enable cookies in your browser:<ol>";
var nn4dir = "<LI>Select <I>Preferences</I> from your browser's Edit Menu. <LI>Select <I>Advanced</I> from the list in the left-hand pane of the dialog box. ";
nn4dir += "<LI>Under the <I>Cookies</I> box, select either of the first two options ('Accept all cookies' or 'Accept only cookies that get sent back to ";
nn4dir += "the originating server')<LI>Click 'Ok' to close the dialog box. ";
var ie5dir = "<LI>Select <I>Internet Options</I> from your browser's Tools Menu <LI>Select the <I>Security</I> Tab, and click on the 'Custom Level' button. ";
ie5dir += "<LI>Scroll down to the 'Cookies' Section, and select either of the last two options under 'Allow Per-Session Cookies (not stored)' - either 'Enable' or 'Prompt'. ";
ie5dir += "<LI>Click 'Ok' to Close the Security Settings dialog box. ";
ie5dir += "<P><B>NOTE</B> Depending on your institution's set-up of Blackboard 5, you may need to repeat steps 3 & 4 for more than one 'Security Zone'. ";
ie5dir += "<BR>For example, if you are connecting from a computer inside the same firewall or network as the Blackboard 5 machine, you would select the 'Local Intranet Zone'. ";
ie5dir += "<BR>If you are making a connection across the internet from another location, you would select the 'Internet Zone'. <BR>In some cases, you may need to do both.<P>";
ie5dir += "<LI>Click 'Apply' and 'Ok' to close the Internet Options dialog box.";
var ie4dir = "<LI>Select <I>Internet Options</I> from your browser's Tools Menu <LI>Select the <I>Advanced</I> Tab. ";
ie4dir += "<LI>Scroll down to the 'Cookies' Section under 'Security', and select either the first or last option - either 'Prompt before Accepting Cookies' or 'Always Accept Cookies'. ";
ie4dir += "<LI>Click 'Apply' and 'Ok' to close the Internet Options dialog box.";
var browser_dir = "<LI>Please follow your browser's Help instructions for enabling Session (non-stored) cookies that are sent back to the originating server.";
if (is_nav) { browser_dir = nn4dir; }
if (is_ie5up) { browser_dir = ie5dir; }
if (is_ie4) { browser_dir = ie4dir; }
browser_dir += "<LI>Click 'Ok' on this page to return to Blackboard 5.";
document.write("<table border='0' width='100%' cellpadding='0' cellspacing='0'><tr><td align='left' width='40'> </td>");
document.write("<td align='left' width='100%'><b><font face='Arial, Helvetica, sans-serif' size='4'>Browser Cookies Disabled</font></b><hr size=5 noshade></td></tr></table>");
document.write("<table border='0' cellpadding='5' cellspacing='0' width='100%'><tr><td width='20' valign='top'> </td><td width='100%' valign='top'>");
document.write("<font face='Arial, Helvetica, sans-serif' size='2'><b>Browser Cookies Disabled</b></font><br>");
document.write("<font size='2' face='Arial, Helvetica, sans-serif'>"+intro_dir);
document.write(browser_dir);
document.write("</font><br></td></tr><tr><td colspan='6' align='center'><form><input type=button value='Ok' onclick='javascript:history.go(-1)'></td></tr></table></form>");
} else {
var href = document.location.href;
href = href + "?bbatt=Y";
document.location.href = href;
//END JavaScript
//--></SCRIPT>
</HEAD><BODY BGCOLOR='FFFFFF'>
</BODY><HTML> -
OAM 11g Single Sign-On and OAM 11g Cookies
Hi all,
I need to know following,
is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
Regards.Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin -
OBIEE 11g: How to send email from Analysis (via Action Framework)
Hi,
I have installed OBIEE 11g SampleAppLite in my POC box.
One of the features I want to have is to allow users to send their feedback (email) about a report to the report owner. Can this be done without launching Outlook? I tried to Invoke a Browser Script and found that I can display a form showing Recipient, Subject and Message text fields, but I do not know how to send the email.
Thanks!Hi Devarasu,
Thanks for your reply. The link you gave is for sending iBots. But if I do this, users will not be able to send their feedback / comment. -
How to create a session cookie on demand
Hi,
I search the web but couldn't find anything related to creating session cookies on demand. I want to create a session cookie storing encrypted user tokens when there is none, for example, when the first page is called.
The encryption part is OK, but I want how can I intercept every call to a set of pages and create the session cookie if it doesn't exist.
I'm using ADF, of course, and Weblogic.
Anyone can provide some examples or source code?
Thanks.Cookies are accessible via the http request and response, there you can add new cookies and or change existing ones.
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletResponse response = (HttpServletResponse) ectx.getResponse();
// get existing cookies
Cookies [] cookies =((HttpServletRequest)ectx.getRequest()).getCookies();
// create and set a new one
Cookie cookie = new Cookie( "key", "value" );
response.addCookie( cookie );This code should work in a bean. After setting the cookie you need to implement a servlet filter or a page phase listener where you check the requested url and then check for your cookie.
Timo -
Iam using iPlanet 6.0SP6 in NT 4.0.
I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
Then, I make the change to web-apps.xml as below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<session-cookie is-secure="true"></session-cookie>
</vs>
After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
Is there any wrong with my web-apps.xml?Janice,
Thanks for your help.
When I use the below web-apps.xml, I can make the cookie in secure session.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<web-app uri="/" dir="d:/java/docroot" enable="true">
<session-manager class="com.iplanet.server.http.session.IWSSessionManager">
<init-param>
<param-name>maxSessions</param-name>
<param-value>16000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>7200</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>30</param-value>
</init-param>
<init-param>
<param-name>maxValueSize</param-name>
<param-value>8192</param-value>
</init-param>
</session-manager>
<session-cookie is-secure="true"/>
</web-app>
</vs>
However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
THe web.xml is
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>Trade Info Exchange</display-name>
<description>
Trade Info Exchange
</description>
<!-- Define servlets that are included in the example application -->
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fmenu</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fmenu</servlet-name>
<url-pattern>/Fmenu</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fcontent</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fcontent</servlet-name>
<url-pattern>/Fcontent</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Express</servlet-name>
<servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Express</servlet-name>
<url-pattern>/EXPRESS2</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>AppControl</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AppControl</servlet-name>
<url-pattern>/AppControl</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>errorPage</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>errorPage</servlet-name>
<url-pattern>/errorPage</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LoginFail</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginFail</servlet-name>
<url-pattern>/LoginFail</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Logout</servlet-name>
<url-pattern>/Logout</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwdWarning</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwdWarning</servlet-name>
<url-pattern>/ChangePwdWarning</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwd</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwd</servlet-name>
<url-pattern>/ChangePwd</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ReLoginDialog</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ReLoginDialog</servlet-name>
<url-pattern>/ReLoginDialog</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<url-pattern>/TradeTrackProcessSearch</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<url-pattern>/TradeTrackSearchScreen</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackMain</servlet-name>
<servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCIMPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCEXPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLIMP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLEXP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMenu</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMain</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>ctielogin.html</welcome-file>
</welcome-file-list>
</web-app>
Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
thanks
samuel poon -
How to use session cookie property of System object?
Hi all,
I have searched all over the SDN but didnt get anything relevent so here i am posting my query...
My scenario is as follows:
I have created a KM document iview that launches an HTML page, on click of button of HTML page a VC iview is launched. On this iview i have a button that hits BI query.
PS: A system object is created for the connectivity bet portal and backend BI server.
PS: i have configured SSO between portal and backend.
Now when i click on button on iview that fetches the data from backend, i am asked for authentication pop-up, although i have configured SSO why i am asked to enter UID and PWD again??
In system object there is a property named
<b>"session cookie = MYSAPSSO2"</b>
So should i use this property so that cookie will get transfered from one session to other session when i click button on iview??
If yes then HOW??
Is there any other setting remained in Visual Admin?? or Backend or portal?
What could be the missing??
PS: User id are same on portal & backend.
Any help will be highly appreciated...
Regards,
Ameya
Thanks in advance
Message was edited by:
Ameya Pimpalgaonkar
null
Message was edited by:
Ameya PimpalgaonkarHi Ameya,
I do not know the exact answer.However you should look for something called JSESSION ID.
Have a look at the thread:
Re: Problems Using Application Integrator for BSP Application
Reg SSO Logon Tickets and Browser sessions
How to use jsessionid while making HTTP calls??
Hope you find something which can help you.
Regards
Atul Shrivastava
Maybe you are looking for
-
How to find out which job is calling package
Respected sir, How to find out which job is calling my package. Please help me regarding this. Regards, user570124
-
Apparently the print order was pressed several times. Now there is a long list of print orders and the printer will not work.
-
Hi All I am running weblogic 6.0 server with clustering. My server configuration is as follows Servers 1. AdminServer 2. ManagedServer1 3. ManagedServer2 Clusters
-
'no more data to read from socket ' error while installing rcu
hi all, while installing repository creation utility ,i faced 'no more data to read from socket' exactly at step 2(at this step ,i gave database connection details).could anyone please help me.
-
I'm finding spotlight to be quite useless. It seems to stop returning results for files I know are there. I will navigate to a specific folder and ask for a file that I can see in that folder. And it returns nothing-or other files, but not the ones t