JNLP with JARs behind form auth?

Similar Messages

• How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

  hi all,
  i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
  this is the simplified folder structure of my application on the server:
  [application]
    [etc]
      xyz.xml
    [jars]
      myapp.jar
    launch.jnlp
  website.jsp
  initial start and basic authentication:*
  my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
  second start and basic authentication:*
  if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
  and now the actual problem:*
  during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
  related thougts:*
  i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
  my current solution:*
  for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
  a possible alternative:*
  i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
  the only real solution:*
  should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
  WHAT HAVE I MISSED???
  AM I COMPLETELY WRONG???
  WHAT IS THE EASIEST WAY???
  AND WHAT IS THE BEST WAY???
  thank you so much,
  stephan

  Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
  if you have a structure like this:
  /ctxroot/
         launch.jnlp
         /app/
             *.jar
             *.whateveryou may use in your web.xml:
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
            <url-pattern>/app/*</url-pattern>
       </servlet-mapping>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Application</web-resource-name>
                 <url-pattern>/app/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>bla</role-name>
                 <role-name>fahsel</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Subscription</web-resource-name>
                 <url-pattern>*.jnlp</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>whatever-realm</realm-name>
       </login-config>
       <security-role><role-name>bla</role-name></security-role>
       <security-role><role-name>fahsel</role-name></security-role>
  ...Than you may use the Service stuff like:
       BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
       URL codeBase = bs.getCodeBase();
       URL pu = new URL(codeBase.toString() + "whatever.bla");
       HttpURLConnection res = (HttpURLConnection) pu.openConnection();
       res.setInstanceFollowRedirects(true);
       res.setRequestMethod("GET");
       res.setConnectTimeout(10 * 60 * 1000);
       res.connect();
       String enc = res.getContentType();
  ...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

• FORM AUTH:  JDBCRealms  WILL NOT WORK     HELP ! ! !

  hello,
  i have followed the tomcat JDBCRealms setup.....but it never allows me through to secure page it always redirects to loginerror....when using valid user/pass pair !!!!!!!!!!!!!!!!
  i am a student and this is part of a reasearch project to compare .NET with J2EE.........
  HELP
  my project details are below
  . loginForm.html <<<<<<<<<<<<<<<<<<<<<<<<?xml version="1.0"?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <title>Login Test: Login Form</title>
  </head>
  <h1>Login Form</h1>
       Welcome to the login page. You will have to authenticate to get access to the secure area:
  <form method="POST" action="j_security_check">
  Username: <input type="text" name="j_username">
  Password: <input type="password" name="j_password">
  <input type="submit" value="Login">
  <input type="reset" value="Reset">
  </form>
  </html>
  web.xml <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <welcome-file-list>
  <welcome-file>index.html</welcome-file>
  </welcome-file-list>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <description>Security constraint for resources in the secure directory</description>
  <url-pattern>/secure/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>tomcatRole</role-name>
  </auth-constraint>
  <user-data-constraint>
  <description>SSL not required</description>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/LoginForm.html</form-login-page>
  <form-error-page>/LoginError.html</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>tomcatRole</role-name>
  </security-role>
  </web-app>
  extract from server.xml (in tomcat 3.2.2/conf dir) <<<<<<<<<<<<<<<<<<<!--
  UnComment the following and comment out the
            <RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" debug="0" />
  -->
  <RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@MADDZILLA:1521:Store" connectionName="SYSTEM" connectionPassword="manager" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />
  server.xml <<<<<<<<<<<<<<<<<<<<<<altered part...
  <!-- commented out memoryrealm request
  <RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" debug="0" />     
  -->
  added jdbcrealm request
  <RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="oracle.jdbc.driver.OracleDriver" connectionURL="jdbc:oracle:thin:@MADDZILLA:1521:Store" connectionName="SYSTEM" connectionPassword="manager" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" />
  . tables created for tomcat security example <<<<<<<<<<<<<<<<create table users
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
  create table roles
  role_name varchar(15) not null primary key
  create table user_roles
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key( user_name, role_name )
  INSERT INTO users (user_name, user_pass) VALUES (tomcat,tomcat);
  INSERT INTO users (user_name, user_pass) VALUES (user1,tomcat);
  INSERT INTO users (user_name, user_pass) VALUES (user2,tomcat);
  INSERT INTO users (user_name, user_pass) VALUES (user3,tomcat);
  INSERT INTO roles (role_name) VALUES (tomcatRole);
  INSERT INTO roles (role_name) VALUES (otherRole);
  INSERT INTO user_roles (role_name, user_name) VALUES (tomcatRole,user1);
  INSERT INTO user_roles (role_name, user_name) VALUES (otherRole,user2);
  INSERT INTO user_roles (role_name, user_name) VALUES (otherRole,tomcat);
  INSERT INTO user_roles (role_name, user_name) VALUES (tomcatRole,tomcat);

  I've tried jdbc realm, and it works fine for me. I'm not using the form_auth, rather it pops-up a network login dialog for me. If you need details, get in touch on [email protected]

• JNLP and jar files are being download from server again.

  I have a swing application deployed with Java Web Start on a server.
  On my client I install the application using JWS JRE 1.6.
  The issue is that without any change in the jars or JNLP the jars are being downloaded from the server again and again
  This is not consistant - it happens only sometimes.
  One important thing to mention: The server is inside a load-balancer cluster (AKAMAI), so the IP address of the actual server may change between different accesses.
  in the log, I can see the error:
  "Cache entry not found"
  and then the jar is being downloaded again.
  sometimes only one or two jars were downloaded again, sometimes the whole package with the JNLP file were dowloaded again.
  Can you suggest what can be the reason for this behavior?
  Thank you,
  Ran

  That does seem slow, but there are many factors that could be involved. More information would be helpful:
  - Are the source and destination filesystems ZFS or UFS? (or some other FS)
  - What does iostat show you?
  - What does vmstat show you?
  - What type of HBAs connect you to the SAN? ('fcinfo hba-port')
  - Anything in /var/adm/messages?

• FORM auth-method not working, it still gives a BASIC type pop-up box.

  Hi All,
  I'm trying to secure a web application running on Web As 7.  I created a login module stack and put it into web-j2ee-engine.xml along with the security role map...
  <login-module-configuration>
            <login-module-stack>
                 <login-module>
                      <login-module-name>EvaluateTicketLoginModule</login-module-name>
                      <flag>sufficient</flag>
                      <options>
                           <option>
                                <name>ume.configuration.active</name>
                                <value>true</value>
                           </option>
                      </options>
                 </login-module>
                 <login-module>
                      <login-module-name>BasicPasswordLoginModule</login-module-name>
                      <flag>requisite</flag>
                 </login-module>
                 <login-module>
                      <login-module-name>CreateTicketLoginModule</login-module-name>
                      <flag>optional</flag>
                      <options>
                           <option>
                           <name>ume.configuration.active</name>
                           <value>true</value>
                      </option>
                 </options>
            </login-module>
       </login-module-stack>
       <password-change-config/>
  </login-module-configuration>
  <security-role-map>
            <role-name>AppEveryone</role-name>
            <server-role-name>all</server-role-name>
  </security-role-map>
  Then I added the auth-method, security-role, and security-constraint to the web.xml file...
  <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>AppRealm</realm-name>
  </login-config>
  <security-role>
      <description>AppEveryone</description>
      <role-name>AppEveryone</role-name>
    </security-role>
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>General access restriction</web-resource-name>
        <description>
        </description>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <description>AppEveryone</description>
        <role-name>AppEveryone</role-name>
      </auth-constraint>
      <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
  </security-constraint>
  ... and everything works fine.  If the user allready has a logon ticket they get right into the application, and if they don't have a ticket, a standard web-browser dialogue box pops-up and asks for a username and password.  If they authenticate with the dialogue box, they are then given a logon ticket and sent to the application.
  So now I want to use an html page rather than the dialog-pop-up box for entering the username and password.  So from what I can tell, I still need to use the BasicPasswordLoginModule but I need to change the login-config section of web.xml.
  So I changed the <login-config> section of the web.xml to this...
  <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>AppRealm</realm-name>
      <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/error.html</form-error-page>
      </form-login-config>
  </login-config>
  I then created the login.html and error.html files and put them in the same directory as the .WAR file (I also put copies in the \root directory incase my path wasn't right).  They are as follows...
  <b>login.html</b> -
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <title>Login Test: Login Form</title>
  </head>
  Login Form
  Welcome to the login page.
  You will have to authenticate to get access to the secure area: <form method="POST" action="j_security_check"> Username: <input type="text" name="j_username">
  Password: <input type="password" name="j_password">
  <input type="submit" value="Login"> <input type="reset" value="Reset">
  </form>
  </html>
  <b>error.html</b> -
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <title>Login Test: Error logging in</title>
  </head>
  <body bgcolor="#FFFFFF">
  Error Logging In...
  I am sorry, you must have put in the wrong username/password.
  </body>
  </html>
  But for whatever reason I'm still getting the browser pop-up box instead of my form when I try to access the application.  What am I doing wrong?  I am making all these changes after the app has been deployed, do these changes to the xml files need to be done during the build phase?  If anybody has any ideas please let me know... you will be rewarded.

  The issue has been resolved.  There was no interesting work-a-round or fix involved.

• Basic auth in proxy server breaks managed server form auth

  Hi,
  I have a proxy server configured in front of 2 managed servers.
  The managed servers have secure pages and are using form auth and the
  proxy server is working properly. In other words, I point my browser
  at the proxy and I end up being services by one of the managed servers.
  If I attempt to access a secure page via the proxy I am sent to the form
  login page via the proxy.
  Now for the problem:
  If I configure the proxy server to use basic auth, and secure all
  pages in the proxy, I must provide my userid/password to the proxy
  server (this is working fine) before I can get to one of the managed
  servers. I can get to the welcome page of the managed server (which is
  not secure) There is a link to a secure page on the welcome page. When
  I click on the link to the secure page, I am sent to the form auth by
  the managed server. I authenticate, but I can never see the secure
  page. I end up being redirected to the form login page endlessly.
  Both the proxy server and the managed server are usign the default
  JSESSIONID.
  Here is a section of the web.xml for the proxy server:
  <servlet>
  <servlet-name>HttpClusterServlet</servlet-name>
  <servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
  <init-param>
  <param-name>WebLogicCluster</param-name>
  <param-value>${ProxyConfig}</param-value>
  </init-param>
  <init-param>
  <param-name>SecureProxy</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>Debug</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>DebugConfigInfo</param-name>
  <param-value>ON</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>JSESSIONID</param-value>
  </init-param>
  <init-param>
  <param-name>CookieName</param-name>
  <param-value>wlauthcookie_</param-value>
  </init-param>
  </servlet>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gcmgui/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>applauncher/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>ssoadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>default/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>domainadmin/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>gsc/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>psr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>broadcastclient/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>HttpClusterServlet</servlet-name>
  <url-pattern>nra/*</url-pattern>
  </servlet-mapping>
  Here is the proxy debug:
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/jsp/AppLaunche
  r.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
  ProxyConnection(isSec
  ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Create connection:
  ProxyConnection(isSecureProxy
  =true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:07 EDT 2003>: Cookie:
  JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
  pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
  wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
  <Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
  <Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
  <Fri Jul 11 14:40:07 EDT 2003>: Location:
  https://localhost:18002/applauncher/un
  restricted/jsp/FormLogin.jsp
  <Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
  <Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
  /applauncher/unrestricted/j
  sp/FormLogin.jsp HTTP/1.1
  <Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
  -213061352!10
  .68.10.87!1080!10443
  <Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
  <Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
  image/jpeg,
  image/pjpeg, application/vnd.ms-excel, application/msword,
  application/vnd.ms-po
  werpoint, */*
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
  <Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
  <Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
  MSIE 6.0; W
  indows NT 4.0; H010818)
  <Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
  <Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
  <Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
  cmFwcGVsYmE6b3V0Mmx1bmNo
  <Fri Jul 11 14:40:08 EDT 2003>: Cookie:
  JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
  74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
  <Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
  <Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
  <Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
  <Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
  Thu Mar 20
  23:06:05 PST 2003 246620
  <Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
  <Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
  JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
  kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
  ProxyConnection(isSecureProx
  y=true): 10.68.10.87:10443, keep-alive='30'secs
  <Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
  <Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
  ProxyConnecti
  on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
  Thanks,
  Rob

  I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.

• 6.0 form auth and auto logout

  Hi,
  I have recently started using 6.0 and have configured security to
  force form auth.
  I start the server and then I open a browser and login via the form.
  I have noticed that after around 1.5 hours of inactivity, I get logged
  out. The current user is set to
  "guest" and I am returned to the login form.
  Is this new with 6.0? How can the timeout be configured? Is the
  timeout only based on inactivity or is it just periodic?
  Thanks,
  Rob
  [email protected]

  Rob Appelbaum wrote:
  Hi,
  I start the server and then I open a browser and login via the form.
  I have noticed that after around 1.5 hours of inactivity, I get logged
  out. The current user is set to
  "guest" and I am returned to the login form.
  Is this new with 6.0? How can the timeout be configured? Is the
  timeout only based on inactivity or is it just periodic?
  Rob,
  This is not new behavior. It is straight from the servlet spec. It
  happens after a certain amount of inactivity and is set using the
  session-timeout element of the web.xml deployment descriptor.
  HTH.
  Tom Mitchell
  [email protected]
  Very Current Stoneham, MA Weather
  http://www.tom.org

• Found Error FRM-13008 Cannot find JaveBean with name oracle.forms.webutil.o

  Create new form attached libraies WEBUTIL and Open webutil.old
  drag WEBUTILCONFIG and WEBUTIL then create datablock,canvas WEBUTIL_CANVAS I double click canvas alert Found Error FRM-13008 Cannot find JaveBean with name oracle.forms.webutil.o
  How to solve problem
  Please Urgent
  Thank you

  formsweb.cfg
  ific, named configuration (see below)
  [default]
  # System parameter: default base HTML file
  baseHTML=webutilbase.htm
  baseHTML=base.htm
  baseHTMLjinitiator=webutiljini.htm
  baseHTMLjpi=webutiljpi.htm
  workingDirectory=
  envFile=default.env
  escapeparams=true
  # System parameter: base HTML file for use with JInitiator client
  baseHTMLjinitiator=basejini.htm
  # System parameter: base HTML file for use with Sun's Java Plug-In
  baseHTMLjpi=basejpi.htm
  # System parameter: delimiter for parameters in the base HTML files
  HTMLdelimiter=%
  # System parameter: working directory for Forms runtime processes
  # WorkingDirectory defaults to <oracle_home>/forms if unset.
  # System parameter: file setting environment variables for the Forms runtime processes
  envFile=default.env
  # Forms runtime argument: whether to escape certain special characters
  # in values extracted from the URL for other runtime arguments
  # Forms runtime argument: which form module to run
  form=test.fmx
  # Forms runtime argument: database connection details
  userid=
  # Forms runtime argument: whether to run in debug mode
  debug=no
  # Forms runtime argument: host for debugging
  host=
  # Forms runtime argument: port for debugging
  port=
  # Other Forms runtime arguments: grouped together as one parameter.
  # These settings support running and debugging a form from the Builder:
  otherparams=buffer_records=%buffer% debug_messages=%debug_messages% array=%array% obr=%obr% query_only=%query_only% quiet=%quiet% render=%render% record=%record% tracegroup=%tracegroup% log=%log% term=%term%
  # Sub argument for otherparams
  buffer=no
  # Sub argument for otherparams
  debug_messages=no
  # Sub argument for otherparams
  array=no
  # Sub argument for otherparams
  obr=no
  # Sub argument for otherparams
  query_only=no
  # Sub argument for otherparams
  quiet=yes
  # Sub argument for otherparams
  render=no
  # Sub argument for otherparams
  record=
  # Sub argument for otherparams
  tracegroup=
  # Sub argument for otherparams
  log=
  # Sub argument for otherparams
  term=
  # HTML page title
  pageTitle=Oracle Application Server Forms Services
  # HTML attributes for the BODY tag
  HTMLbodyAttrs=
  # HTML to add before the form
  HTMLbeforeForm=
  # HTML to add after the form
  HTMLafterForm=
  # Forms applet parameter: URL path to Forms ListenerServlet
  serverURL=/forms/lservlet
  # Forms applet parameter
  codebase=/forms/java
  # Forms applet parameter
  imageBase=DocumentBase
  # Forms applet parameter
  width=2000
  # Forms applet parameter
  height=800
  # Forms applet parameter
  separateFrame=false
  # Forms applet parameter
  splashScreen=
  # Forms applet parameter
  background=
  # Forms applet parameter
  lookAndFeel=Oracle
  # Forms applet parameter
  colorScheme=teal
  # Forms applet parameter
  logo=no
  # Forms applet parameter
  restrictedURLparams=HTMLbodyAttrs,HTMLbeforeForm,pageTitle,HTMLafterForm,log,allow_debug,allowNewConnections
  # Forms applet parameter
  formsMessageListener=
  # Forms applet parameter
  recordFileName=
  # Forms applet parameter
  serverApp=default
  # Forms applet archive setting for JInitiator
  archive_jini=frmall_jinit.jar
  # Forms applet archive setting for other clients (Sun Java Plugin, Appletviewer, etc)
  archive=frmall.jar
  # Number of times client should retry if a network failure occurs. You should
  # only change this after reading the documentation.
  networkRetries=0
  # Page displayed to Netscape users to allow them to download Oracle JInitiator.
  # Oracle JInitiator is used with Windows clients.
  # If you create your own page, you should set this parameter to point to it.
  jinit_download_page=/forms/jinit/us/jinit_download.htm
  # Parameter related to the version of JInitiator
  jinit_classid=clsid:CAFECAFE-0013-0001-0022-ABCDEFABCDEF
  jinit_exename=jinit.exe#Version=1,3,1,22
  # Parameter related to the version of JInitiator
  jinit_mimetype=application/x-jinit-applet;version=1.3.1.22
  # Page displayed to users to allow them to download Sun's Java Plugin.
  jpi_download_page=http://java.sun.com/products/archive/j2se/1.4.2_06/index.html
  # Parameter related to the version of the Java Plugin
  jpi_classid=clsid:CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA
  # Parameter related to the version of the Java Plugin
  jpi_codebase=http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab#Version=1,4,2,06
  # Parameter related to the version of the Java Plugin
  jpi_mimetype=application/x-java-applet;jpi-version=1.4.2_06
  # EM config parameter
  # Set this to "1" to enable Enterprise Manager to track Forms processes
  em_mode=0
  # Single Sign-On OID configuration parameter
  oid_formsid=%OID_FORMSID%
  # Single Sign-On OID configuration parameter
  oracle_home=C:\DevSuiteHome_1
  # Single Sign-On OID configuration parameter
  formsid_group_dn=%GROUP_DN%
  # Single Sign-On OID configuration parameter: indicates whether we allow
  # dynamic resource creation if the resource is not yet created in the OID.
  ssoDynamicResourceCreate=true
  # Single Sign-On parameter: URL to redirect to if ssoDynamicResourceCreate=false
  ssoErrorUrl=
  # Single Sign-On parameter: Cancel URL for the dynamic resource creation DAS page.
  ssoCancelUrl=
  # Single Sign-On parameter: indicates whether the url is protected in which
  # case mod_osso will be given control for authentication or continue in
  # the FormsServlet if not. It is false by default. Set it to true in an
  # application-specific section to enable Single Sign-On for that application.
  ssoMode=false
  # The parameter allow_debug determines whether debugging is permitted.
  # Administrators should set allow_debug to "true" if servlet
  # debugging is required, or to provide access to the Forms Trace Xlate utility.
  # Otherwise these activities will not be allowed (for security reasons).
  allow_debug=false
  # Parameter which determines whether new Forms sessions are allowed.
  # This is also read by the Forms EM Overview page to show the
  # current Forms status.
  allowNewConnections=true
  # EndUserMonitoring
  # EndUserMonitoringEnabled parameter
  # Indicates whether EUM/Chronos integration is enabled
  EndUserMonitoringEnabled=
  # EndUserMonitoringURL
  # indicates where to record EUM/Chronos data
  EndUserMonitoringURL=
  [sepwin]
  separateFrame=True
  lookandfeel=Generic
  # Example Named Configuration Section
  # Example 2: configuration forcing use of the Java Plugin in all cases (even if
  # the client browser is on Windows)
  [jpi]
  baseHTMLJInitiator=basejpi.htm
  # Example Named Configuration Section
  # Example 3: configuration running the Forms ListenerServlet in debug mode
  # (debug messages will be written to the servlet engine's log file).
  [debug]
  serverURL=/forms/lservlet/debug
  # Sample configuration for deploying WebUtil. Note that WebUtil is shipped with
  # DS but not AS and is also available for download from OTN.
  [webutil]
  #WEBUTIL_CONFIG=C:\DevSuiteHome_1\forms\webutil.cfg
  #WebUtilArchive=frmwebutil.jar,jacob.jar
  WebUtilArchive=/forms/java/frmwebutil.jar,/forms/java/jacob.jar
  WebUtilLogging=off
  WebUtilLoggingDetail=normal
  WebUtilErrorMode=Alert
  WebUtilDispatchMonitorInterval=5
  WebUtilTrustInternal=true
  WebUtilMaxTransferSize=16384
  archive_jini=frmall_jinit.jar
  archive=frmall.jar
  lookAndFeel=oracle
  [webutilie]
  IE=native
  webUtilArchive=/forms/java/frmwebutil.jar,/forms/java/jacob.jar
  WebUtilLogging=off
  WebUtilLoggingDetail=normal
  WebUtilErrorMode=Alert
  WebUtilDispatchMonitorInterval=5
  WebUtilTrustInternal=true
  WebUtilMaxTransferSize=16384
  baseHTML=webutilbase.htm
  baseHTMLie=webutilbase.htm
  archive=/forms/java/frmall.jar
  lookAndFeel=oracle
  [webutiljpi]
  WebUtilArchive=/forms/java/frmwebutil.jar,/forms/java/jacob.jar
  WebUtilLogging=off
  WebUtilLoggingDetail=normal
  WebUtilErrorMode=Alert
  WebUtilDispatchMonitorInterval=5
  WebUtilTrustInternal=true
  WebUtilMaxTransferSize=16384
  baseHTMLjinitiator=webutiljpi.htm
  baseHTMLjpi=webutiljpi.htm
  baseHTMLie=webutiljpi.htm
  baseHTML=webutiljpi.htm
  archive=/forms/java/frmall.jar
  [tutoforms10g]
  envFile=tutforms10g.env
  archive_jini=frmall_jinit.jar,myIcons.jar,FormsGraph.jar
  archive=frmall.jar,myIcons.jar,FormsGraph.jar
  pageTitle=Oracle Forms 10g tutorial
  WebUtilArchive=frmwebutil.jar,jacob.jar
  WebUtilLogging=off
  WebUtilLoggingDetail=normal
  WebUtilErrorMode=Alert
  WebUtilDispatchMonitorInterval=5
  WebUtilTrustInternal=true
  WebUtilMaxTransferSize=16384
  baseHTMLjinitiator=webutiljini.htm
  baseHTMLjpi=webutiljpi.htm
  form=tuto_forms.fmx
  separateFrame=True
  lookandfeel=Oracle
  imagebase=codebase
  width=2000
  height=800
  splashScreen=no
  background=no
  lookAndFeel=Oracle
  colorScheme=blaf
  logo=no
  2 class path,create db packages,generate plx? how to set where? classpath,create public synonym? Please ask me step to set

• Really need help with basic static forms?!?!

  I was thrown into creating forms for our Business Managers and I am not a developer in any way!  I am a Recruiter, but somewhat tech savvy (or at least I thought I was). 
  I am trying to create basic static forms.  I started by using Adobe Professional and them moved to LiveCycle Designer because of what I thought were better "editable" options when creating the form.  I want to be able to send my manager's forms via e-mail (PDF), they can enter the requesting information in the fields, save a copy for themselves, print, and e-mail to me.  We are not using any of the Adobe Server things, I don't want them to submit via an e-mail button on the form.  We are a non-profit organization and my managers are using all different versions of reader. 
  I am getting extremely frustrated because in testing the form everything seems to be working properly including tab order, print, save and everything I want it to do.  Then, I send them out for my managers to use, for some Manager's they work great, no problems at all!  But then, I keep getting these weird issues from different Managers with the same form.  For one of them, what they typed in the field, now looks like it's behind the text box, like when you select Highlight all, you can see what he typed, but then if you click into the text box, you can see what he typed. Another Manager said, two (crucial) fields would not show the text entered when she tries to save or print, but on screen you can see it????
  So after the rambling, I guess my questions are: should I be using Live Cycle to create such basic forms or should I be using Adobe?  Can anyone recommend a good "FOR DUMMIES" book that will help me figure out what I am doing wrong, and not explain in "IT" language?
  This is really getting embarrassing!! Any help would be greatly appreciated!!!!

  1. Make sure to set the PDF target version. Goto File -> Form Properties (see the first screenshot attached)
       Find out the minimum Reader version used in your organization and set this value accordingly. If you are not sure, select the least recent version.
  2. two (crucial) fields would not show the text entered when she tries to save or print, but on screen you can see it
       This may be due to the visibility settings of the fields. Just make sure that you have selected visible instead of visible (screen only)
       See the second screenshot attached
  Hope this may help you.
  Nith

• Form auth problem? action work but link not work??

  Hi all,
  I try to use form auth to securite my site, but I have problem at
  my login page is point to formlogin servlet , I use
  getServletContext().getRequestDispatcher
  ("/secure/search2.html");to sdirect all correct login action to my sequences.html file and have group of action, jump to other page,this step work fine. but the problem my search1 file also on my secure folder , when I click the search1 link it jump to login page. what is wrong ?? is because I have
  <url-pattern>/secure/*</url-pattern>in my web xml page? or other problems?
  how to deal with it ? by the way I have some duck dollars left , but i can't use it , why??
  and how to deal

  Julio,
  Good point. Exactly why I recommend not to use referenced code. libraries are the only way to go when sharing forms code. Just to many headaches when using referenced code.
  Just my 2c.
  --pat                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Form Auth and Russian Language

  I have a probleme with Form based Auth. When i try edit data , my encoding is broken
  why?
  when i off form auth - i edit data normal

  i have web application with Master - Detail relationship. I can add and edit data. Then i add BASIC auth , i can add and edit data too, but when i change BASIC auth to FORM auth (jsp/UIX - same) i have probleme
  with edit/add data- my data is broken - i see (????) instead of my russian language. Why?
  in web.xml i add cp1251 and UIX page with 1251 encoding
  but i have probleme with Form ayth
  it's mysticism for me :-))

• Help with complex Acrobat forms

  Hi Everyone,
  Background: I worked with another developer and completed a form for one of our clients but I need to know if the below change requests are even possible and if so if anyone would like to help with finishing the form. I am definitely willing to pay for an experts services as long as this can be done in a timely manner.
  What the form is - Our client wants a form that has text fields, drop down boxes and pages where images can be placed into the file and arrows drawn on it to point where the images are located on other images (some images are store layout maps). They would like to send this file out to their store managers, have them fill it in and then they would like the completed forms sent back so all of the information that was filled in (names, store names, addresses, square footage, etc) can be gathered into a database or excel file.
  What is completed so far
  - Cascading drop down boxes (user clicks on first drop down and whatever is selected changes the second drop down options, etc)
  - Most of the text fields for information gathering including city, state, store manager etc
  - Metric unit conversion boxes
  - Header text fields (read only) are used on several of the pages and are a combination of choices made in the drop down boxes and text fields.
  - Page footer info including page number
  - The over all layout of the pages is set
  Requested changes/additions
  Major must have:
  - Page Addition - There is a product page in the form (page 10) and the different stores will have a different number of these products to enter into the form so is there a way to add an ADD PAGE button on the page that when pressed will copy the product page to make a new product page? Now the product page has cascading drop down form fields on it so I would want to make sure the form fields are separate iterations of the form fields not just a duplicate of what was on the product page.
  - Footer adjustments - If we can do the above of adding pages then is it possible to at that point adjust the footer to reflect the page number changes? The footer shows the current page number then the form name and date.
  - Gather info - What is the best way to distribute these forms so that when returned completed the information can be gathered? I tried distributing via email which seems to work ok but the files might end up being too large for email so what is the best way to gather the completed info if say the files were ftp'd back?
  Minor:
  There are several minor change requests that I know are doable or that if not possible we can disregard. One that I am not sure about is if the color of the arrows in Acrobat can be changed from the default red?
  At first I was assuming that the Clients that get the forms needed Acrobat Standard or Pro 8 or 9 because I thought that the only way to add images was to use the Touch-Up Tool under advanced tools and right click to Place images. However I am pretty sure that if Reader Rights is enabled that images can be copy pasted into the file too if this is incorrect please let me know.
  If the above is not doable or if there is a better solution other than Acrobat forms to gather client information including allow the client to add images and place arrows then please let me know your thoughts.
  Any help or suggestions would be greatly appreciated and again id like to commission this out to anyone who is up for the challenge.
  Thanks in advance
  Jason

  Perhaps a better question is does anyone know a good developer?

• I have registered on my PC two devices iPhone 5 and iPod Touch 4 now I am using only the iPhone 5. I have two different apple ID`s and yesterday I have FB update and from app store wanted to sign in with the ID form iPod Touch 4 how to fix it?

  I have registered on my PC two devices iPhone 5 and iPod Touch 4 now I am using only the iPhone 5. I have two different apple ID`s and yesterday I have FB update and from app store wanted to sign in with the ID form iPod Touch 4 how to fix it? I want to use my current Apple ID not the old one. Regards!

  Try this
  http://support.apple.com/kb/ht1495
  Hope it helps.

• How to use SAP Business Workflow along with Interactive Adobe Form

  Hi Experts,
  I am working on SAP Business Workflow since last couple of years.
  Now i have got a new Project where client wants to use SAP Business Workflow along with Interactive Adobe Form.
  I am new to Interactive Adobe Form and Portal thing and i really dont know from where to start.
  We have one central system and 2 local systems. when we do create a Material document using adobe form workflow should trigger and notification should go to group of users who can approve or reject it, once they approve it document gets created in central system and replicated to 2 local system through ALE.
  In the Local system they do extend the document to different plants, again workflow triggers and notification will go to Managers inbox for the approval.
  Once the final approval done data should go and store in SAP.
  Now here i have couple of Questions.
  1. In SAP R3 Business workflow when i execute the workitem from the inbox i do get the application screen ( i.e. MM01 MRP View ) , what is going to happen if the same case i have with Adobe form?? is it possible or do we have to design a adobe form and we will have to map the fields with backend application??
  2. Do i have to maintained 3 separate Org Structure for 3 different system or using UWL  i can manage the show
  3. Untill final submit is not done, where the application data is going to be, is there any kind of buffer that we will have to keep it or its there with XML file??
  Please help me out.
  Thanks in Advance.
  Regards,
  Manoj

  Hi Manoj,
  Welcome to ADOBE Forms related Workflow Development. Well, here are my answers.
  1) You can go for either go for ISR based development or WD development with Adobe form. In both the cases you can achieve your requirement. Yes, you will have to design the Adobe form and bind the fields to backend.
  2) Am not clear or your System landscape to advice you in these regards.
  3) Until final Submit/Approval is done, the data can be stored in WORKFLOW CONTAINERS or XML FORM(If you go for ISR based Development).
  Hope this helps.
  Regards
  <i><b>Raja Sekhar</b></i>

• Is there a way to create a heading with shading behind the text and thin lines above and below?

  I'm working with InDesign CS6, Windows 7.
  Is there a way, using paragraph rules, to create a heading with shading behind the text and thin lines above and below the text?
  I'd like to create headings that look like these:
  Thank you!

  I have a document where I almost do such, but without the fill. I use a Head Style which Spans Columns for this instance; it allows the haeds to flow and fill the width.
  Paragraph Rules above and below are turned on with plenty of offset.
  I tweaked my setting to accomodate your need - It required only one instance, not above and below, and changing the stroke to a double stroke. 
  It may be necessary to create a custom stroke to modify the proportion of stroke vs fill. There is a difference of thin-thin and  thick-thick, neither of which seemed perfect but might be dependent on the Character height.
  Creating custom strokes is accomplished via the Strokes Panel.