Jsp authentication
Hi All,
At the moment I am calling stored procedure and passing it username and password from login form. Than if login credentials are valid I set session variable called "username" to value of username from the login form.
This works just fine. the only thing is that my HTML code is cluttered with Java code. I want to be able to create a custom tag to do authentication than all I had to do would be to include that tag into every page that needs authentication. Question is: How I access session object from my tagHandler class?
Form based (container) authentication is not an option because my password is hash of username + password that user supplies. (As far as I understand containter authentication can only work if you have plain text passwords).
Your help would be highly appreciated.
Cheers,
Midrago
Please don't crosspost and proceed here http://forum.java.sun.com/thread.jspa?threadID=5190934
Similar Messages
-
Pb with 2nd Authentication using form.jsp (authentication example)
Hi,
I am using the example form.jsp to log on to my application. The first
page (testsecurity.jsp) can be accessed by "everyone" and until this step everything
goes fine, I manage to log on. From the testsecurity.jsp page there is a link
to a jsp which can only
be accessed by some users (I defined that in the policy file).
Avan if I have identified myself through the form.jsp, before the 2nd page is
displayed, I must log on again. When I give
the same login and password as I gave for the first identification
I can see the proper page.
Do you have any idea about why I have to log on twice?
Thanks
Odile
PS: I checked that, in the session, the attribute "javax.naming.InitialContext"
is still present, if this has anything to do with the authentication..Hi,
I am using the example form.jsp to log on to my application. The first
page (testsecurity.jsp) can be accessed by "everyone" and until this step everything
goes fine, I manage to log on. From the testsecurity.jsp page there is a link
to a jsp which can only
be accessed by some users (I defined that in the policy file).
Avan if I have identified myself through the form.jsp, before the 2nd page is
displayed, I must log on again. When I give
the same login and password as I gave for the first identification
I can see the proper page.
Do you have any idea about why I have to log on twice?
Thanks
Odile
PS: I checked that, in the session, the attribute "javax.naming.InitialContext"
is still present, if this has anything to do with the authentication.. -
Unable to login using OAM Custom Authentication Plugin
Hi,
I have a problem with OAM Custom Authentication Plugin, My Plugin is Activate successfully. When try to login from Access Manager SSO login page, it is unable to login. I am getting followiing message in the log file.
I am return ExecutionStatus.SUCCESS from my Java code and I have only one step where I have attached Plugin and my Steps Orchestration is
On Success -> Success
On Failure -> Failure
On Error -> Failure
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:is_resource_protected.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Processing Event is_resource_protected
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Is Resource Protected status : success
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :is_resource_protected with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_valid_session.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_valid_session with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB User Authentication Scheme
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB User Authentication Scheme.
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB User Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=default, username=string, contextValue=OAM, password=sercure_string, challenge_url=/pages/login.jsp}
Authentication Module Name: = DB Authentication module
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication module.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector: ["PluginPhaseEvent.oracle.security.am.plugin.diagnostic.PluginPhaseEvent@6d6a08fb":" Collector : OAMS/OAM/Plugin/AUTHN/Plugin_SamplePlugin/PluginLocate
Type : PHASE_EVENT
Metrics : 511
LogLevel : OFF
EnableRate : false EnablePersistence : false"], registered at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: false.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Can anyone help me regarding this issue.
Thanks
Tamim KhanHi,
Little update about authentication plugin, please see the log file below, Result of Authentication Scheme Execution:true, now but, still the cookie is LOGGEDOUTCONTINUE and still I am unable to login.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB Authentication Scheme
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB Authentication Scheme.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=external, username=string, contextValue=/oam, password=sercure_string, challenge_url=http://192.168.1.220:14100/ssologin/ssologin.jsp}
Authentication Module Name: = DB Authentication Module
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication Module.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Set 1st Responce
Set 2nd Responce
Set 3rd Responce
Setting cookie
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: true.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Can anyone help me please.
Thanks
Tamim Khan -
User Authentication Failed error when trying to display a JSP portlet
The steps carried out are as follows :
1. Created a JSP file named "c.jsp" and deployed it under 902_MidTier_Home\j2ee\home\default-web-app\examples\jsp
2. Created a table named USER_TABLE under Scott schema to store the usernames and passwords to validate this JSP application.
3. Registered this JSP as an external application with the following values :
Application Name : RAGHU
Login URL : http://hostname:port/j2ee/examples/jsp/c.jsp
User Name/ID Field Name : username
Password Field Name : password
Type of Authentication Used : POST
3. Clicked on the External Application and entered the username as USER1 and password as USER1 ( These values are available
under USER_TABLE for comparison ). Then it shows the message "Hi User1 .. Welcome message"
4. Now created a directory named JSPSAMPLE under "WEB-INF\Providers" and put the provider.xml file under this.
Created a raghu.properties file and placed it under "WEB-INF\deployment".
5. Now tested the testpage using the URL " http://hostname:port/jpdk/providers/raghu " and it works fine.
6. Registered this as a provider in Portal and added this portlet onto a page. Assigned this page to a newly created user.
It gives the message " Authentication Failed - Update Login Information " which is expected. I click on the link and
it takes me to the external application username password. I enter the credentials but this time it comes back again
to the page with the same message " Authentication Failed - Update Login Information ".
7. Basically the values are not passed to the Username and Password in jsp page which is why the problem occurs.
The JSP Code used is as follows :
<%@ page import="java.sql.*" %>
<HTML>
<HEAD><TITLE>DB Connectivity test</TITLE></HEAD>
<BODY BGCOLOR="#FFFFFF">
<CENTER>
<B>user_table</B>
<BR><BR>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
Connection conn = null;
try
Class.forName("oracle.jdbc.driver.OracleDriver");
conn = DriverManager.getConnection("jdbc:oracle:thin:@hostname:1521:iasdb","scott","tiger");
Statement stmt = conn.createStatement();
String query = "SELECT * FROM user_table where userid= '"+ username +"' and passwd = '" + password + "' " ;
ResultSet rs = stmt.executeQuery(query);
while(rs.next())
out.println("<TR>");
out.println(" <TD> hi " + rs.getString("userid") + ", welcome</TD>");
out.println("</TR>");
out.println("</TABLE>");
catch(SQLException e)
out.println("SQLException: " + e.getMessage() + "<BR>");
while((e = e.getNextException()) != null)
out.println(e.getMessage() + "<BR>");
out.println("invalid userid,password");
catch(ClassNotFoundException e)
out.println("ClassNotFoundException: " + e.getMessage() + "<BR>");
finally
//Clean up resources, close the connection.
if(conn != null)
try
conn.close();
catch (Exception ignored) {}
%>
</CENTER>
</BODY>
</HTML>
The Provider.xml file used is as follows :
<?xml version="1.0" encoding="UTF-8"?>
<?providerDefinition version="3.1"?>
<provider class="oracle.portal.provider.v2.http.URLProviderDefinition">
<providerInstanceClass>oracle.portal.provider.v2.http.URLProviderInstance</providerInstanceClass>
<session>true</session>
<authentication class="oracle.portal.provider.v2.security.Authentication">
<authType>ExternalApp</authType>
<userFieldName>username</userFieldName>
<userPwdName>password</userPwdName>
<errorPageMessages>Raghu,Please sign in,Sign me up!</errorPageMessages>
</authentication>
<portlet class="oracle.portal.provider.v2.http.URLPortletDefinition">
<id>1</id>
<name>RaghuPortlet</name>
<title>Raghu Mail Portlet</title>
<description>This portlet is to test Integration services using mail.yahoo.com</description>
<timeout>100</timeout>
<timeoutMessage>Raghu timed out</timeoutMessage>
<showEdit>false</showEdit>
<showEditDefault>false</showEditDefault>
<showPreview>false</showPreview>
<showDetails>false</showDetails>
<hasHelp>false</hasHelp>
<hasAbout>false</hasAbout>
<acceptContentType>text/html</acceptContentType>
<registrationPortlet>false</registrationPortlet>
<accessControl>public</accessControl>
<renderer class="oracle.portal.provider.v2.render.RenderManager">
<showPage class="oracle.portal.provider.v2.render.http.URLRenderer">
<pageUrl>http://172.17.24.235:8888/c.jsp</pageUrl>
<contentType>text/html</contentType>
<filter class="oracle.portal.provider.v2.render.HtmlFilter">
<useAuthLinks>true</useAuthLinks>
<headerTrimTag><table width="100%" cellpadding=0 cellspacing=0 border=0><tr><td bgcolor=#9bbad6></headerTrimTag>
<footerTrimTag><table width="100%" cellpadding=2 cellspacing=1><tr><td bgcolor=#9bbad6></footerTrimTag>
<convertTarget>true</convertTarget>
<redirectUrlFieldName>.done</redirectUrlFieldName>
</filter>
</showPage>
</renderer>
<securityManager class="oracle.portal.provider.v2.security.URLSecurityManager">
<authorizType>registered</authorizType>
</securityManager>
</portlet>
</provider>
The Contents of raghu.properties file
serviceClass=oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter
loaderClass=oracle.portal.provider.v2.http.DefaultProviderLoader
showTestPage=true
definition=providers/raghu/provider.xml
autoReload=true
Any inputs regarding why the values are passed properly in case of External Application but not so when registered as
a portlet in Portal.
Regards
Satish GAs I can see from the information posted, you are trying to
use URL-based portlet's SSO feature, though not in a correct
way.
The SSO feature of URL-based portlets relie on the usage
of Cookies as authentication tokens. For example, in the
present context, http://hostname:port/j2ee/examples/jsp/c.jsp
will write a cookie to the client upon successfull authentication.
Subsequent access to the same JSP or some other JSP in the same
workspace should be checking for the existence of this particular
cookie at the client side and if found should not prompt for
user information again.
If you can fine tune your existing applications as per above
conditions, then everything should work fine. Else you might
want to use page parameters to pass user information.
For more information on page parameters, please visit
http://portalstudio.oracle.com/servlet/page?_pageid=350&_dad=ops&_schema=OPSTUDIO&12678_PDKHOME902_39847486.p_subid=249821&12678_PDKHOME902_39847486.p_sub_siteid=73&12678_PDKHOME902_39847486.p_edit=0#NEW1 -
Get current password in a basic authentication JSP
Hello.
I've written some JSP pages and I've protected them with BASIC authentication.
I'd like to get the password that the user used to log in, because I need to execute a EJB method running on other server and this EJB method is also protected.
Thanks in advance for your help
Kind regards.I've just resolved it!
Password comes in the request instance as "authorization" header coded in Base64.
Only had to retrieve the header and decode it. -
Authentication failed while using the function from JSP.
I am facing a issue with the mail functionality with JAVA Mailing.The problem is that when I am running the stand alone program it is working fine but when same function is called from a JSP it gives Authentication failed Exception.I am attaching the code with the case.testMail() Is the function called from the JSP.
Please Look in to the issue its urgent.
import javax.mail.*;
import javax.mail.internet.*;
import java.util.*;
import java.io.*;
import javax.activation.DataHandler;
import javax.mail.MessagingException;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import javax.mail.internet.MimePartDataSource;
To use this program, change values for the following three constants,
SMTP_HOST_NAME -- Has your SMTP Host Name
SMTP_AUTH_USER -- Has your SMTP Authentication UserName
SMTP_AUTH_PWD -- Has your SMTP Authentication Password
Next change values for fields
emailMsgTxt -- Message Text for the Email
emailSubjectTxt -- Subject for email
emailFromAddress -- Email Address whose name will appears as "from" address
Next change value for "emailList".
This String array has List of all Email Addresses to Email Email needs to be sent to.
Next to run the program, execute it as follows,
SendMailUsingAuthentication authProg = new SendMailUsingAuthentication();
public class SendMailUsingAuthentication
private static final String SMTP_HOST_NAME = "host";
private static final String SMTP_AUTH_USER = "username";
private static final String SMTP_AUTH_PWD = "password";
private static final String emailMsgTxt = "Test Msg";
private static final String emailSubjectTxt = "Notification: New User created";
private static final String emailFromAddress = "[email protected]";
// Add List of Email address to who email needs to be sent to
private static final String[] emailList = {"[email protected]"};
public static void main(String args[]) throws Exception
SendMailUsingAuthentication smtpMailSender = new SendMailUsingAuthentication();
smtpMailSender.postMail( emailList, emailSubjectTxt, emailMsgTxt, emailFromAddress);
System.out.println("Sucessfully Sent mail to All Users");
public void testMail(String msgBody,String senderEmail)throws MessagingException
try{
String mailBody = msgBody;
String senderEmailAdd = senderEmail;
SendMailUsingAuthentication smtpMailSender = new SendMailUsingAuthentication();
smtpMailSender.postMail( emailList, emailSubjectTxt, mailBody , senderEmail);
catch(MessagingException me) {
//System.out.println("Mail not sent");
throw me;
public void postMail( String recipients[ ], String subject,
String message , String from) throws MessagingException
try{
boolean debug = false;
//Set the host smtp address
Properties props = System.getProperties();
props.put("mail.smtp.host", SMTP_HOST_NAME);
props.put("mail.smtp.auth", "true");
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getInstance(props, auth);
session.setDebug(debug);
// create a message
Message msg = new MimeMessage(session);
// set the from and to address
InternetAddress addressFrom = new InternetAddress(from);
msg.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[recipients.length];
for (int i = 0; i < recipients.length; i++)
addressTo[i] = new InternetAddress(recipients);
msg.setRecipients(Message.RecipientType.TO, addressTo);
// Setting the Subject and Content Type
msg.setSubject(subject);
msg.setContent(message, "text/plain");
Transport.send(msg);
catch(MessagingException me) {
//System.out.println("Mail not sent");
throw me;
* SimpleAuthenticator is used to do simple authentication
* when the SMTP server requires it.
public static class SMTPAuthenticator extends javax.mail.Authenticator
public PasswordAuthentication getPasswordAuthentication()
String username = SMTP_AUTH_USER;
String password = SMTP_AUTH_PWD;
return new PasswordAuthentication(username, password);Your code doesn't work in stand alone program... just little mistake!
Miss port property :
props.put("mail.smtp.port", "25");
props.put("mail.smtp.starttls.enable", "true"); // tls for gmail
AddressTo method didn' t compile :
InternetAddress[] addressTo = new InternetAddress[recipients.length];
for (int i = 0; i < recipients.length; i++)
addressTo[i] = new InternetAddress((String) recipients);
msg.setRecipients(Message.RecipientType.TO, addressTo);
And see this post for jsp integration :
http://forum.java.sun.com/thread.jspa?threadID=5184860&tstart=0 -
Redirect to the jsp page after user authenticated successfully
Here is the requirement
Im using JAAS Custom Login Module for user authentication.
I have few questions in Portal Logon process
1. Exactly at what point I can conclude that the user has been authenticated successfully, because I have to redirect the user to some other page for the first time logon to enter some information, subsequent logins shouldnt be redirected. (I can update flag upon entering information).
2. Where should I add my redirection code? Is it in my JASS Custom Login Module?
If yes, how can I do that ? Im more consider on where should I add it?
3. Do I need to change my UmLogonPage.jsp to complete my requirement?
4. Once after entering the Logon information, who will call my JASS Custom Login Module for authentication? If authentication has failed who will return the control back to the umLogonPage.jsp?
5. In my JASS Custom Login Module, I have no redirections except having logic for authentication process, and some Login Exceptions are thrown for failure logins.
6. Who will catch these exceptions for failure logins to redirect back to the umLogonPage.jsp.
7. Finally I like to know where can I add my redirection logic once the user has been authenticated successfully?
8. last but not least can any of the experts explain the whole login process (using JASS module)? How the control goes from one component to another?
Any kind of help is appreciated.
Points can be awarded for useful answers.
Thanks
MMKThanks a lot for your valuable reply.
yes what you said was correct, storing information in R/3 System and getting the details from FM using Connector framework.
You said i have to modify "header.jsp", can you please tell which .par file should i get to modify?
one more question to you ... i have provide custom logon error messages to the user ... i did all the modification in logon.par and deployed in EP 6 .. working fine .. i can able to see "User ID Missing" , "Password Missing" etc ..
when i place same peace of code in EP 7 it always displaying "User Authentication failed". can u guess what whould be the problem?
Thanks
MMK -
Invoking 'active directory external authentication plug-in' from login.jsp
Hi
I am using the Oracle AS 10g on Unix. We have a web application in JAVA based on OC4J Framework.
Currently user use application url for accessing the login page, enters credentials and then the authentication is done through LDAP.
Now we have to remove the login page from application. i.e. once user is successfully logged in Windows on his pc, and tries to access our application through it's url, he must be automatically authenticated using the credentials entered in windows and display the welcome page of application. Same as any intranet application.
For this requirement, we have 'active directory external authentication plug-in' installed on server.
What we need to know is how this process will work and changes required in our jsp page to invoke this plug-in and authenticate user by accessing windows-credentials automatically.
kindly let me knowHi
I am currently using NTLM to fetch the windows username and then creating an anonymous connection with the LDAP Server.
Then i serach using the user name in ldap directory.
NTLM is no longer required , instead we have 'active directory external authentication plug-in' installed on LDAP.
as far as i know the plug-in will process the kerberos ticket generated by windows to automatically authenticate. -
Hi ,
am trying to authenticate against IS6.0 through JSP.JSP is running on tomcat and am using LDAP login bean(as given in sample) and am getting the following error
javax.security.auth.login.LoginException: Failed to create New AuthContextError while processing XML requestno protocol:
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:145)
at security.loginBean.login(loginBean.java:45)
Any ideas??
ThanksHi ,
am trying to authenticate against IS6.0 through JSP.JSP is running on tomcat and am using LDAP login bean(as given in sample) and am getting the following error
javax.security.auth.login.LoginException: Failed to create New AuthContextError while processing XML requestno protocol:
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:145)
at security.loginBean.login(loginBean.java:45)
Any ideas??
Thanks -
User Authentication using Servlet and JSp
Hi,
I am developing a web app where i need to implement user Authentication to allow members to view and upload files on a certain directory say /data
For this i am using a servlet as a controller which then forwads request to other jsps/servlets based on user response. I tried using servlet mapping in web.xml so that all browser requests would be directed to controller servlet and would branch from there on. However the problem all RequestDispatcher.forward() requests redirected to the servlet putting it in a loop.
Is there another way to achieve this. (Apart from using form-based Basic Authentication).
I am using Resin 1.2.8 servlet/jsp container.
Any response as soon as possible would be appreciated.
Thanks,
KushagraRequestDispatcher.forward() cause the HTTP request to be sent through the request processing flow as if the original request for the resource being forwarded to.
It seems the servlet mapping you are talking about in web.xml should be made more specific. i.e. the mapping should be such that only your so called controller servlet will match up.
You might want to specify the mapping for the controller servlet to be noticeably/effectively different from the mapping for other servlets and JSPs. -
User authentication on LDAP with JSP/Servlet
Please help! What I need is a small Java Servlet or JSP that I can run from a web server that will allow users type in their username and password. The JSP will then authenticate the user (by trying to log onto the LDAP server as that user) and if successful will offer them the chance to change their password. If they do it will then communicate with the LDAP server as that user and change their password.
The LDAP server I am using is the Sun(TM) ONE 5.1 directory server.You can use jsp's and servlets.
Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
<form method="post" action="/servlet/LoginServlet">
<input type="text" size="15" name="username" value="">
<input type="password" size="15" name="password" value="">
<input type="submit" name="Submit" value="Authenticate">
</form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
}You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password. -
After JDBCRealm Authentication some jsp/servlet to be executed
Software
JDK1.5
jakarta-tomcat-5.5.2
Requirement
After the user Logins in the Server through JDBCRealm Authentication I want to
store the user Details in the session
I know there is something called request.getUserPrincipal().getName()But i need to store the whole companydetails in the Session
I mean the other details
so for this I have to write the code in all the jsp files
Is there any better way out
Thanks in advance
CSJakhariaThanks for trying to help me
But actually may be you did not got my requirement Clearly
Anyway I found my answer
We can use ServletFilter and can get the thing out
Thanks for trying to help me
Bye for now
CSJakharia -
Form Based Authentication on Tomcat with custom index.jsp page...
Hi there ppl,
I've got Form Based Authentication working correctly on my Tomcat server but I want to override the default generated index.jsp after successfully logging on. I've tried placing my own index.jsp in the directory that's restricted, but its only overridden by the default one when successfully logged on which displays:
"Authentication Mechanism FORM"
This means having to navigate by typing the url in the address bar to another page which is gets really annoying afterawhile.
Any help on this would be much appreciated,
thanks alreadyYes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/test/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/test/secure/loginpage.jsp</form-login-page>
<form-error-page>/test/secure/errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
"Authentication Mechanism FORM".
Hope that makes more sense.
I've tried restarting tomcat but it makes no difference. -
Java authentication example jsp
1) season variable is builtin jsp context object, so jsp does
not compile; season variable name needs to be renamed at lines: 31
, 45, 52
for my jsp I named it coco_season :)
2) String select(String r) {// takes String
return r.equals(role) ? "selected" : "";
select(100) // passes int. need to pas select("100")Hi, when I try to run the php authentication example I get the error
"You don't have permission to access /cnx/Flexternal.html on this server." cnx is my folder name at http://cardcrackers.com/cnx/
I checked the unix permissions and set them to 777 and still this message. I remember reading something about adding some entries to htaccess but not sure if it was related to running this example app or not.
Thanks, Kevin -
Writing Login.jsp and authenticating a user who have stored in MySql DB
Hi Friends,
My project requirement is: Need to write a login page must send the request to servlet is the user and password avail in mysql db, if yes servlet should forward the home page else error message. Tools i need to use is IDE=eclipse, Server = tomcat, database = MySql
Here is source:
pls tell me where i m wrong.
Login.jsp
<%@ page language="java" %>
<html>
<head>
<title>Login Page</title>
<script language = "Javascript">
function Validate(){
var user=document.frm.user
var pass=document.frm.pass
if ((user.value==null)||(user.value=="")){
alert("Please Enter user name")
user.focus()
return false
if ((pass.value==null)||(pass.value=="")){
alert("Please Enter password")
pass.focus()
return false
return true
</script>
</head>
<body>
<h1>Login
<br>
</h1>
<form name="frm" action="/LoginAuthentication" method="Post" onSubmit="return Validate()" >
Name:
<input type="text" name="user" value=""/><br>
Password:<input type="password" name="pass" value=""/><br>
<br>
<input type="submit" value="Login" />
<input type="reset" value="forgot Password" />
</form>
</body>
</html>
Servlet Code:
LoginAuthentication.java
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletContext;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.ArrayList;
public class LoginAuthentication extends HttpServlet{
private ServletConfig config;
public void init(ServletConfig config)
throws ServletException{
this.config=config;
//public void init() {
// Normally you would load the prices from a database.
//ServletContext ctx = getServletContext();
// RequestDispatcher dispatcher = ctx.getRequestDispatcher("/HomePage.jsp");
//dispatcher.forward(req, res);
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
PrintWriter out = response.getWriter();
String connectionURL = "jdbc:mysql://127.0.0.1/SRAT";
//String connectionURL = "jdbc:mysql://192.168.10.59/SRAT";
//127.0.0.1
//http://localhost:3306/mysql
Connection connection=null;
ResultSet rs;
String userName=new String("");
String passwrd=new String("");
response.setContentType("text/html");
try {
// Load the database driver
Class.forName("com.mysql.jdbc.Driver");
// Get a Connection to the database
connection = DriverManager.getConnection(connectionURL, "admin", "admin");
//Add the data into the database
String sql = "select user,password from login";
Statement s = connection.createStatement();
s.executeQuery (sql);
rs = s.getResultSet();
while (rs.next ()){
userName=rs.getString("user");
passwrd=rs.getString("password");
rs.close ();
s.close ();
}catch(Exception e){
System.out.println("Exception is ;"+e);
if(userName.equals(request.getParameter("user"))
&& passwrd.equals(request.getParameter("pass"))){
out.println("WELCOME "+userName);
else{
out.println("Please enter correct username and password");
out.println("<a href='Login.jsp'><br>Login again</a>");
Deployment Descriptor for TOMCAT
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
SRAT</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>LoginAuthentication</servlet-name>
<servlet-class>LoginAuthentication</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginAuthentication</servlet-name>
<url-pattern>/LoginAuthentication</url-pattern>
</servlet-mapping>
</web-app>
PLS HELP ME.
S. Udaya ChandrikaI too have used the same code but its giving the following error:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Wrapper cannot find servlet class Validation or a class it depends on
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Unknown Source)
root cause
java.lang.ClassNotFoundException: Validation
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1387)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1233)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.
Apache Tomcat/6.0.18
Please some one help??
Maybe you are looking for
-
Well, as above! I didn't know I'd get the opportunity to write more. My internet connection is with Bt so 're-downloading' my music costs more than buying it in the first place! Thank you.
-
Hi I need to refresh the BPS buffer in my planning folder, and then read data from the cube and show in a layout. For do this I develop an exit function. This exit refresh the buffer (API_SEMBPS_REFRESH), read data from the cube (API_SEMBPS_GETDATA)
-
Importing Video help...
I was importing video and noticed that once imported i have no sound?? Why is there no sound? Please help...i thought this would be easy... thanks, damien
-
Customer Master Reserved Fields
Hi Experts I have a requirement where we need to use the additional data reserved fields in customer master, my question is can we change the field status of these reserved fields, if possible how. Thanks in advance.
-
Locking one program if another is running ....
Hi experts, I have came across a situation, before executing one program, i have to check weather other program is running or not. Lets say I have 2 programs, program 1 and program 2. 1. If I want to run the pg 1, in for