Jbo.security.enforce and FORM Auth
i have web application on JHeadStart with FORM based auth.
when i change jbo.security.enforce = None to
jbo.security.enforce = Auth i ha exception:
Authentication failed:
User null does not exist in system.
why?
This sounds like a OC4J/J2EE issue that is not related to JHeadstart. To simplify the test case, you could create a simple drag-and-drop ADF application without JHeadstart, use that as the 2nd application, and see if the same problem occurs there. Can you please log a TAR at MetaLink ( http://metalink.oracle.com/ ), or ask this question at the OC4J/J2EE forum at OC4J ? Thanks.
kind regards,
Sandra Muller
JHeadstart Team
Oracle Consulting
Similar Messages
-
Jbo.security.enforce and JHeadStart
i have web application on JHeadStart with FORM based auth.
when i change jbo.security.enforce = None to
jbo.security.enforce = Auth i ha exception:
Authentication failed:
User null does not exist in system.
why?repost
i use web auth. -
Nescesary actions to make jbo.security.enforce=Must working
Hi,
We use JHeadstart 10.1.3 .3.75. Within the JHeadstart Application Definitions we configured the folowing security options:
Authentication Type = JAAS
Use Role-based Authorization? = true
Authorization Type = JAAS and Custom
Authorize Using Group Permission = true
Everything worked fine but in the database we want to know which user modifies certain data(auditing). Therefore we implemented the "setting context feature" as described by Sandra in
[JHeadstart Blog|http://blogs.oracle.com/jheadstart/2007/11/row_level_security_using_vpd_a.html#adfbc].
Then we ran into the issue that the getUserPrincipalName() method and (SessionImpl)getDBTransaction().getSession().getUserPrincipalName() were null.
In the ADF Developer guide , chapter 9.8, refers to setting the jbo.security.enforce property to Must or Auth.
I followed the guide, which resulted in the following error:
08/10/24 16:09:18 [554] Resetting AM=MedewerkersApp
08/10/24 16:09:18 [555] AMPoolMessageBundle (language base) being initialized
08/10/24 16:09:18 [556] Failed to create BindingContainer from reference :MedewerkersPageDef
08/10/24 16:09:18 [557] JBO-30003: De applicatiegroep local.achmeavastgoed.avh.model.appl.MedewerkersAppLocal kon een applicatiemodule-instance vanwege de volgende uitzondering niet uitchecken.
oracle.jbo.JboException: JBO-29000: JBO-33021: Verificatie van gebruiker null mislukt.
at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:2002)
at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
at oracle.jbo.http.HttpSessionCookieImpl.useApplicationModule(HttpSessionCookieImpl.java:233)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
at oracle.adf.model.bc4j.DCJboDataControl.rebuildApplicationModule(DCJboDataControl.java:1543)
at oracle.adf.model.bc4j.DCJboDataControl.beginRequest(DCJboDataControl.java:1404)
at oracle.adf.model.binding.DCDataControlReference.getDataControl(DCDataControlReference.java:99)
at oracle.adf.model.BindingContext.get(BindingContext.java:457)
at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:280)I saw some posts about this error but no solution was given.
Could you give me some advise with this matter?
Thanx,
RomanoHi Ibrahim,
1) Did you set jbo.security.enforce to Must or Auth
I tried both. But the result was the same.
2) Did you configure login and security in your web.xml, and how?
I used the JHeadstart example.
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml,/WEB-INF/JhsCommon-beans.xml,/WEB-INF/MedewerkersApp-Breadcrumb-beans.xml,/WEB-INF/Medewerkers-beans.xml,/WEB-INF/faces-config-menu.xml,/menu/beanconfig/MenuAdminService-Breadcrumb-beans.xml,/menu/beanconfig/UserInterfaceSkins-beans.xml,/menu/beanconfig/JhsModules-beans.xml,/menu/beanconfig/JhsRootMenuItems-beans.xml,/menu/beanconfig/JhsChildMenuItems-beans.xml,/menu/beanconfig/MenuTranslationLov-beans.xml,/WEB-INF/faces-config-security.xml,/security/beanconfig/SecurityAdminService-Breadcrumb-beans.xml,/security/beanconfig/Users-beans.xml,/security/beanconfig/UserRoleGrants-beans.xml,/security/beanconfig/Roles-beans.xml,/security/beanconfig/RoleUserGrants-beans.xml,/security/beanconfig/RolePermissionGrants-beans.xml,/security/beanconfig/Permissions-beans.xml,/security/beanconfig/PermissionsLov-beans.xml</param-value>
</context-param>
<context-param>
<param-name>CpxFileName</param-name>
<param-value>local.achmeavastgoed.avh.view.DataBindings</param-value>
</context-param>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<url-pattern>*.jspx</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>ordDeliverMedia</servlet-name>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>ordDeliverMedia</servlet-name>
<servlet-class>oracle.jheadstart.ord.html.OrdPlayMediaServlet</servlet-class>
<init-param>
<param-name>releaseMode</param-name>
<param-value>Stateful</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>JhsLoginErrorServlet</servlet-name>
<servlet-class>oracle.jheadstart.controller.LoginErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ordDeliverMedia</servlet-name>
<url-pattern>ordDeliverMedia</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>JhsLoginErrorServlet</servlet-name>
<url-pattern>/loginErrorServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllPages</web-resource-name>
<url-pattern>*.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/security/pages/Login.jspx</form-login-page>
<form-error-page>/loginErrorServlet</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<role-name>USER</role-name>
</security-role>
</web-app>3) If you're running your app in the JDeveloper embedded OC4J, how is your system-jazn-data.xml configured for the local app?
I am not sure what you mean by this question. However, the jazn-data.xml file is added to the META-INF source directory.
Whithin that file the users SKING, AHUNOLD and some databaseusers are present.
Within the embeded oc4j preferences, the users SKING and AHUNOLD are present in the Current Workspace section. In the global section the users anonymous, oc4jadmin and JtaAdmin are present.
FYI: There seems nothing wrong with this configuration. When setting jbo.security.enforce to None, I am able to login with the SKING account.
Regards,
Romano -
WS security, SSL and client auth
Hello all,
I need to secure a web service using SSL with client auth (client has a certificat issued by the web service provider wich he can use to access it... i suppose).
Being a newbie i have no idea what are the options and how to implement them.
If good tutos are available on the subject it would be nice.
I also had another question: with a web service, what guarantee do i have that the client has consumed the web service and received the information he wants etc., it is critical for me to know that everything went ok...
CheersHi
One of the best books I found that covers security is located at:
http://www.lulu.com/content/214643
You will, or get you company to :), buy it (it's not expensive). It covers axis1.3, note that axis2 is out, but since your just starting with web services this will be a very good start on many of the concepts and how to implement them.
Should you decide to use Axis give it's documentation and many tutorials a look, the main site is: http://ws.apache.org/axis2/
Re: getting a guarantee, I might be wrong, but I do not see how this can be done with services and to be honest with any other type of application (especially the "received the information he wants" bit). The only way I can think one to do this is to include it as part of the SOP (standard operating procedure) for specific functionality in your application. The "it" would be an additional step that the user needs to do e.g. click an "accept" button that kicks of another "request" to the web service indicating that the initial request satisfied the users query - logically this request will need to contain some type of identifier that will enable you to map it to a previous request. -
Hi,
I have recently started using 6.0 and have configured security to
force form auth.
I start the server and then I open a browser and login via the form.
I have noticed that after around 1.5 hours of inactivity, I get logged
out. The current user is set to
"guest" and I am returned to the login form.
Is this new with 6.0? How can the timeout be configured? Is the
timeout only based on inactivity or is it just periodic?
Thanks,
Rob
[email protected]Rob Appelbaum wrote:
Hi,
I start the server and then I open a browser and login via the form.
I have noticed that after around 1.5 hours of inactivity, I get logged
out. The current user is set to
"guest" and I am returned to the login form.
Is this new with 6.0? How can the timeout be configured? Is the
timeout only based on inactivity or is it just periodic?
Rob,
This is not new behavior. It is straight from the servlet spec. It
happens after a certain amount of inactivity and is set using the
session-timeout element of the web.xml deployment descriptor.
HTH.
Tom Mitchell
[email protected]
Very Current Stoneham, MA Weather
http://www.tom.org -
security-role and auth-constraint
Hi Everybody,
I want to know the relation between the <role-name> tags defined under <security-role> tag and the <auth-constraint> tag (defined for web-resource-collection).
Assuming that tomcat is being used, should the <role-name> of <security-role> map to a role defined for tomcat and then the <role-name> of <auth-constraint> map to the <role-name> of <security-role>.
Or how does it all work ? How are these two <role-name> tags related ?
Thanks in advance for your time.
Vikasin <security-role> you define the roles, in <auth-contraint> you tell which role is allowed to use the protected resource
-
Form Auth and Russian Language
I have a probleme with Form based Auth. When i try edit data , my encoding is broken
why?
when i off form auth - i edit data normali have web application with Master - Detail relationship. I can add and edit data. Then i add BASIC auth , i can add and edit data too, but when i change BASIC auth to FORM auth (jsp/UIX - same) i have probleme
with edit/add data- my data is broken - i see (????) instead of my russian language. Why?
in web.xml i add cp1251 and UIX page with 1251 encoding
but i have probleme with Form ayth
it's mysticism for me :-)) -
FORM AUTH: JDBCRealms WILL NOT WORK HELP ! ! !
hello,
i have followed the tomcat JDBCRealms setup.....but it never allows me through to secure page it always redirects to loginerror....when using valid user/pass pair !!!!!!!!!!!!!!!!
i am a student and this is part of a reasearch project to compare .NET with J2EE.........
HELP
my project details are below
. loginForm.html <<<<<<<<<<<<<<<<<<<<<<<<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Login Form</title>
</head>
<h1>Login Form</h1>
Welcome to the login page. You will have to authenticate to get access to the secure area:
<form method="POST" action="j_security_check">
Username: <input type="text" name="j_username">
Password: <input type="password" name="j_password">
<input type="submit" value="Login">
<input type="reset" value="Reset">
</form>
</html>
web.xml <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcatRole</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>tomcatRole</role-name>
</security-role>
</web-app>
extract from server.xml (in tomcat 3.2.2/conf dir) <<<<<<<<<<<<<<<<<<<!--
UnComment the following and comment out the
<RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" debug="0" />
-->
<RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@MADDZILLA:1521:Store" connectionName="SYSTEM" connectionPassword="manager" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />
server.xml <<<<<<<<<<<<<<<<<<<<<<altered part...
<!-- commented out memoryrealm request
<RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" debug="0" />
-->
added jdbcrealm request
<RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@MADDZILLA:1521:Store" connectionName="SYSTEM" connectionPassword="manager" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />
. tables created for tomcat security example <<<<<<<<<<<<<<<<create table users
user_name varchar(15) not null primary key,
user_pass varchar(15) not null
create table roles
role_name varchar(15) not null primary key
create table user_roles
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key( user_name, role_name )
INSERT INTO users (user_name, user_pass) VALUES (tomcat,tomcat);
INSERT INTO users (user_name, user_pass) VALUES (user1,tomcat);
INSERT INTO users (user_name, user_pass) VALUES (user2,tomcat);
INSERT INTO users (user_name, user_pass) VALUES (user3,tomcat);
INSERT INTO roles (role_name) VALUES (tomcatRole);
INSERT INTO roles (role_name) VALUES (otherRole);
INSERT INTO user_roles (role_name, user_name) VALUES (tomcatRole,user1);
INSERT INTO user_roles (role_name, user_name) VALUES (otherRole,user2);
INSERT INTO user_roles (role_name, user_name) VALUES (otherRole,tomcat);
INSERT INTO user_roles (role_name, user_name) VALUES (tomcatRole,tomcat);I've tried jdbc realm, and it works fine for me. I'm not using the form_auth, rather it pops-up a network login dialog for me. If you need details, get in touch on [email protected]
-
Tomact examples and form base authentication
I am looking at the tomcat examples web.xml security constrains and login info settings:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
As we can see form-login page and form-error page uri match url-pattern settings.
url-pattern: /jsp/security/protected/*
form-login page: /jsp/security/protected/login.jsp
form-error page: /jsp/security/protected/error.jsp
There is no binding of unauthenticated user to ether one of specified roles
Question: What place in the servlet spec allows serving secured resource for a user without appropriate role association?Kinda then beat the the whole idea of authentication then, if you allow a user in that is not assigned to a security role? Anyway, I think you are looking to send the user to another page if they are not in a role but have an id, correct? Well, first it has to be a page outside the secure directory/ies. The error it generates is a 403. So add to your web.xml:
<error-page>
<error-code>403</error-code>
<location>/403.jsp</location>
</error-page>Anytime a user who is not a member of the allowed roles attempts a login, they will be redirected to this page.
Ross -
FORM auth-method not working, it still gives a BASIC type pop-up box.
Hi All,
I'm trying to secure a web application running on Web As 7. I created a login module stack and put it into web-j2ee-engine.xml along with the security role map...
<login-module-configuration>
<login-module-stack>
<login-module>
<login-module-name>EvaluateTicketLoginModule</login-module-name>
<flag>sufficient</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
<login-module>
<login-module-name>BasicPasswordLoginModule</login-module-name>
<flag>requisite</flag>
</login-module>
<login-module>
<login-module-name>CreateTicketLoginModule</login-module-name>
<flag>optional</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
</login-module-stack>
<password-change-config/>
</login-module-configuration>
<security-role-map>
<role-name>AppEveryone</role-name>
<server-role-name>all</server-role-name>
</security-role-map>
Then I added the auth-method, security-role, and security-constraint to the web.xml file...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>AppRealm</realm-name>
</login-config>
<security-role>
<description>AppEveryone</description>
<role-name>AppEveryone</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>General access restriction</web-resource-name>
<description>
</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>AppEveryone</description>
<role-name>AppEveryone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
... and everything works fine. If the user allready has a logon ticket they get right into the application, and if they don't have a ticket, a standard web-browser dialogue box pops-up and asks for a username and password. If they authenticate with the dialogue box, they are then given a logon ticket and sent to the application.
So now I want to use an html page rather than the dialog-pop-up box for entering the username and password. So from what I can tell, I still need to use the BasicPasswordLoginModule but I need to change the login-config section of web.xml.
So I changed the <login-config> section of the web.xml to this...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>AppRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
I then created the login.html and error.html files and put them in the same directory as the .WAR file (I also put copies in the \root directory incase my path wasn't right). They are as follows...
<b>login.html</b> -
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Login Form</title>
</head>
Login Form
Welcome to the login page.
You will have to authenticate to get access to the secure area: <form method="POST" action="j_security_check"> Username: <input type="text" name="j_username">
Password: <input type="password" name="j_password">
<input type="submit" value="Login"> <input type="reset" value="Reset">
</form>
</html>
<b>error.html</b> -
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Test: Error logging in</title>
</head>
<body bgcolor="#FFFFFF">
Error Logging In...
I am sorry, you must have put in the wrong username/password.
</body>
</html>
But for whatever reason I'm still getting the browser pop-up box instead of my form when I try to access the application. What am I doing wrong? I am making all these changes after the app has been deployed, do these changes to the xml files need to be done during the build phase? If anybody has any ideas please let me know... you will be rewarded.The issue has been resolved. There was no interesting work-a-round or fix involved.
-
Basic auth in proxy server breaks managed server form auth
Hi,
I have a proxy server configured in front of 2 managed servers.
The managed servers have secure pages and are using form auth and the
proxy server is working properly. In other words, I point my browser
at the proxy and I end up being services by one of the managed servers.
If I attempt to access a secure page via the proxy I am sent to the form
login page via the proxy.
Now for the problem:
If I configure the proxy server to use basic auth, and secure all
pages in the proxy, I must provide my userid/password to the proxy
server (this is working fine) before I can get to one of the managed
servers. I can get to the welcome page of the managed server (which is
not secure) There is a link to a secure page on the welcome page. When
I click on the link to the secure page, I am sent to the form auth by
the managed server. I authenticate, but I can never see the secure
page. I end up being redirected to the form login page endlessly.
Both the proxy server and the managed server are usign the default
JSESSIONID.
Here is a section of the web.xml for the proxy server:
<servlet>
<servlet-name>HttpClusterServlet</servlet-name>
<servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
<init-param>
<param-name>WebLogicCluster</param-name>
<param-value>${ProxyConfig}</param-value>
</init-param>
<init-param>
<param-name>SecureProxy</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>Debug</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>DebugConfigInfo</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>JSESSIONID</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>wlauthcookie_</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gcmgui/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>applauncher/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>ssoadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>default/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>domainadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gsc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>psr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>broadcastclient/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>nra/*</url-pattern>
</servlet-mapping>
Here is the proxy debug:
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/jsp/AppLaunche
r.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
ProxyConnection(isSec
ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Create connection:
ProxyConnection(isSecureProxy
=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:07 EDT 2003>: Cookie:
JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
<Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
<Fri Jul 11 14:40:07 EDT 2003>: Location:
https://localhost:18002/applauncher/un
restricted/jsp/FormLogin.jsp
<Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/unrestricted/j
sp/FormLogin.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:08 EDT 2003>: Cookie:
JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
<Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
<Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
<Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
ProxyConnecti
on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
Thanks,
RobI typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.
-
Logon/security examples and tutorials and missing one
So far, I have found examples on Sun's site for:
DB based security
http://developers.sun.com/prodtech/javatools/jscreator/reference/techart/signon_app.html
JAAS security (bottom right of screen)
http://developers.sun.com/prodtech/javatools/jscreator/ea/jsc2/learning/tutorials/index.html
But suprisingly, I can not find any examples/tutorials on using container-based security (such as Tomcat/J2EE/Sun's own App Server).
To be concise, I do not see how to use web.xml's <security-constraint> tags via BASIC or FORM auth for security.
Does anyone have any more links to be added to this thread, hopefully including the infamous missing j_security_check login with JSF?
Thanky,
-DHi,
My case:
My login.jsp uses <html:form action="/postLogin" method="post"> and is inturn redirected to LoginAction action class. In the execute method of this class, after a bunch of statements, I have
return new ActionForward("j_security_check");
My web.xml looks something like -
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/denied.do</form-error-page>
</form-login-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
What happens now is that when I try to access http://localhost:8080/..../login.do, it takes me to index.jsp by default.
My problem is, I have a third field (dropdown) in the login page - depending on which my landing page must change. How can I do this (I want to retain the container based authentication)? Please reply as I have been working on this for quite sometime without a solution :(
Thanks in adv
Sri -
Form auth problem? action work but link not work??
Hi all,
I try to use form auth to securite my site, but I have problem at
my login page is point to formlogin servlet , I use
getServletContext().getRequestDispatcher
("/secure/search2.html");to sdirect all correct login action to my sequences.html file and have group of action, jump to other page,this step work fine. but the problem my search1 file also on my secure folder , when I click the search1 link it jump to login page. what is wrong ?? is because I have
<url-pattern>/secure/*</url-pattern>in my web xml page? or other problems?
how to deal with it ? by the way I have some duck dollars left , but i can't use it , why??
and how to dealJulio,
Good point. Exactly why I recommend not to use referenced code. libraries are the only way to go when sharing forms code. Just to many headaches when using referenced code.
Just my 2c.
--pat -
I have no "Rescue email" contact in order to reset my security questions!! I've been trying now for 4 days to contact Apple/Itunes but I only get sent answers from a support team that say they cannot help me with my problem!!
The thing is that I can't ever remember answering any security questions and without a rescue email, I'm unable to reset them or even set them for the first time!!
I can't believe that no-one from Apple/Itunes can help me with this simple problem but unfortunately that is the case - Incredible, isn't it!!!
Would anyone know how I could solve this problem online??? Because each time I sign into Itunes, the same security questions reappear and reappear and reappear. In fact I've got to the point where I feel like uninstalling Itunes and downloading an alternative.
Many thanksYou need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(111154) -
I got a new iPhone and i am trying to buy songs but when I go to buy a song on iTunes it says I have to answer my security questions and I don't remember the answers. I pressed where it says for them to email you your answers but I haven't gotten an email. Is there another way to change or get the answers for the security questions?
If the email hasn't arrived after a few hours and isn't in a spam filter, you need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(106007)
Maybe you are looking for
-
Using OleDbDataAdapter Update with InsertCommands and getting blocking locks on Oracle table
The following code snippet shows the use of OleDbDataAdapter with InsertCommands. This code is producing many inserts on the Oracle table and is now suffering from contention... all on the same table. How does the OleDbDataAdapter produce inserts f
-
My sms are not memorized from the receiver
hi, i have a Nokia 1200. From few a have this problem: the sms the sms that i send are not memorized from the receiver . It is only possible read it when arrive and cancel it.I've tried to move the sim card to another phone and i have not problem. An
-
I have downloaded flash player. I still get a white or black screen. What should I do now?
-
While trying to download adobe reader Error msg: already have a more productive application?
while trying to download adobe reader Error msg: already have a more productive application?
-
Latest versions of flash players not loading images on my website page
I was informed by a friend of mine that my website page http://www.frederickgingell.com/photogallery.htm was not loading the photos, which was most unusual because it has been running properly for the last 5 years. As I have two PCs, I tested on bo