Problem with JAAS logout

Similar Messages

• Problems with customized logout.html

  First question...
  Should the <FORM action>  in the customized logout.html be set to itself (logout.html) or the default logout page https://1.1.1.1/logout.html
  Assuming the second option... after I click submit on logout.html it takes me to https://1.1.1.1/logout.html which then displays a message:
  To complete the log off process and to prevent access to unauthorized users, you must
  close all browser windows and exit the browser application.
  Is it possible to change this mesage?
  Thanks,

  You can download the bundle from here and look at the this tar file:
  WLC Authentication with Customized Logout Page
  This is an example custom webauth bundle when authentication is in use. After successful login, the customized 'logout.html' page comes up. After unsuccessful login, the customized failed.html comes up. These pages will not be seen unless the user has popups enabled in the browser. This bundle goes on the WLC itself. It contains an Acceptable Use Policy (aup.html) and graphic (yourlogo.jpg) besides the base 'login.html'.
  logout/login.tar
  http://software.cisco.com/download/release.html?mdfid=282600534&softwareid=282791507&release=1.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Problem with JAAS authentication using jboss client

  I'm trying to make a little compiled application works. It has two parts: a little client(one class) and a server part which runs on a jboss server, and comunicates between them using JAAS + SSL. It works perfectly alone if I run it in a java project, without the messing sap JAAS implementation.
  I followed all the steps in:
  https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF
  and managed to apply the configuration into the security service of WAS, using <b>jboss-client.jar</b> as the library with the login module, and <b>org.jboss.security.ClientLoginModule</b> as the login module.
  I included the client class into a web service developed for my WAS, packing the class and its library plus jboss-client.jar into my EAR.
  But when it tries to do the authentication, sometimes it uses:
  <b>org.jboss.security.ClientLoginModule</b> (that's the correct class) but throws a "<b>User is locked</b>" exception.
  Have I need to create the user who I use to connect to jboss in my WAS UME ? This has no much sense. Anyway doesn't work either, and the user is not locked.
  Other times (withouth changing anything) it uses:
  <b>com.sap.engine.system.SystemLoginModule</b> and throws this exception:
  <b>com.sap.engine.services.security.exceptions.BaseLoginException</b>: Call logout before login
  I have nightmares trying to integrate things which works in every application server but WAS. Why couldn't they simply follow the standard!?
  I'm thinking in installing a tomcat with the client, and use axis to wrap it with a web service I can consume from my WAS. Not very elegant solution.
  I think it maybe has something to do with specific callback classes from sap implementation.
  Any idea? I can't go forward.

  Did you resolve this problem? Please let me know. I have the same issue now and don;t know what I should be doing next

• Problems with JAAS setup in WL 8.1 SP3

  Hi all,
  I have WL 8.1 SP3 installed on a XP Prof box with JDK 1.4.2
  I have an application that makes use of the JAAS. I keep getting the following error
  javax.security.auth.login.LoginException: No LoginModules configured for <XXXXXX>
  at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
  at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
  at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
  I know that this means that it couldnt find the login modules defined in the configuration file. But I have it defined there. The following is what I am doing
  1. I have the startWebLogic.cmd as below.
  %JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Dweblogic.ProductionModeEnabled=%PRODUCTION_MODE% -Djava.security.policy=%JAVA_HOME%\jre\lib\security\java.policy weblogic.Server
  2. In the Java policy file located in security folder of the JDK home, I changed the security file to point to config file as below
  login.config.url.1=file:${JAVA_HOME}/jre/lib/security/jaas.conf
  Can someone suggest me a solution ?
  Thanks
  meka toka

  Did you ever find a solution to this?
  I am having the same problem.

• Problem with Jaas

  Hi,
  I am sailaja, I am developing an application, to that application for authentication/authorization I am using JAAS.
  But my problem is, in my application I am using 3rd party tool for document processing, for that tool I need to access a servlet from that application, but the jaas settings are not allowing to access that class file.
  So, I need to remove the JAAS settings to that servlet, Can any body guide for this.
  Thanks and Regards
  N.Sailaja
  Edited by: SailajaN on Jun 12, 2009 6:52 AM

  thanks shashi_rajak
  i have resolved now this problem but i have a small question:
  i don't understand yet the use of the callback
  for example ,i notice in sun documentation that NameCallback Construct a NameCallback with a prompt but i don't like to get the username from prompt but from
  a inputTect for example in my web application.
  could you please explain me this

• Problem with JAAS Form Based Auth

  Hello
  I have JAAS form based auth almost working. I have an app and when I try to access it the login page comes up as planned. So far so good. Then problem is when I feed it a bad login password, it comes up with a 403 forbidden error (you are not authorized). What I want (and expected) to have happen was my custom jsp AuthFailed.jsp to come up.
  If i go directly to /AuthFailed.jsp it comes up just fine (without logging in). Is there something else i need to do to get this to come up? Any help greatly appreciated. I configured these two forms by right clicking web.xml and choosing properties then under the proper menu I picked form based.
  Thanks
  troy

  Hi,
  You'll want to add something similar to the following in your web.xml file:
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>Login.jsp</form-login-page>
        <form-error-page>LoginError.jsp</form-error-page>
      </form-login-config>
    </login-config>

• Problem with JAAS example in WLS6.0sp1

  Hi,
  I tried to run the SampleClient from the JAAS example in WLS6.0sp1 and got an
  exception
  when a valid username/password combination is entered. Has anyone experienced
  that in WLS6.0sp1?
  Thanx
  Ralf
  SampleLoginModule.initialize(), debug enabled
  SampleLoginModule.initialize(), URL t3://localhost:7001
  SampleLoginModule.login(), username guest
  SampleLoginModule.login(), password guest
  Authentication Failed: Unexpected Exception, java.lang.NoSuchMethodError
       at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:124)
       at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java:157)
       at java.lang.reflect.Method.invoke(Native Method)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
       at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
       at examples.security.jaas.SampleClient.main(SampleClient.java:92)

  Weblogic comes with its own implementation of JAAS, unfortunately
  conflicting with Sun's. Contact customer support, they will tell you the
  exact differences and incompatibilities. Or reverse engineer the two
  versions, you'll find quite a few differences (apart from the BEA version
  not implementing JAAS authorization, which is documented).
  "Narinder Gaheer" <[email protected]> wrote in message
  news:[email protected]..
  I am happy someone came up with this problem. I also bent backwardssolving
  this problem
  in my application.
  I figured out that as soon as I remove the standard jaas.jar from my
  classpath , I can run the example successfully. Weblogic.jar does contain
  necessary jaas library , so don't need to include jaas.jar.
  I am not sure, but I get the feeling that there is a jaas library conflict
  here. May be weblogic
  guys are the best to put some light on this issue.
  "Ralf Fritsche" <[email protected]> wrote in message
  news:3b15188e$[email protected]..
  I found out, that the example runs with the JDK delivered by BEA,
  but not with a JDK I downloaded from SUN.
  Wheras with the first the provided way to set the user defined
  configuration class with the system property'weblogic.security.jaas.Configuration'
  works, this is not possible with another JDK. According to the
  JAAS standard, this class could only be defined in the properties
  file 'java.security' of the Java runtime.
  How is BEA doing this?
  Thanx
  Ralf

• Problem with automatic logout between secure and non-secure urls

  On my business catalyst page the user login page is located on a non secure url (our site's domain and not worldsecuresystems). When a user is logged in and then views a page on a secure url (i.e. a page to purchase a subscription to a secure zone) it does not retain their login cookie and it appears they have been logged out. This also creates a problem where I cannot pre populate the secure zone purchase form with a user's information based on their account details. Is there a way to retain have both domains recognize the user is logged in to allow the user to freely pass between these domains without having to login twice? I was considering putting the login page on the secure domain and using relative urls for all my links but for some reason some of my pages appear corrupt when viewed on the worldsecuresystems domain so I'd like to avoid this method. Any help would be appreciated.

  Make sure the referrer paramter is correctly set on the form.
  This is the default BC action. But remember the {module_siteurl} will return the host they are currently on. So if this is used on a secure page you'll need to use {module_sitehost} instead
  action="{module_secureurl}/ZoneProcess.aspx?ZoneID=-1&amp;Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}">

• Problem with user logout in servlet

  Hi friends,
  I develop an web application using JSP and Servlet. When the user login it goes to userhome page and when he click the logout link it goes to logout.jsp page. but the problem is when i click my browsers back button it shows the transaction held. How could i stop this. Here is my code
  UserServlet.java
  int raj=modelBean.validateUser(username,password,role);
  if(raj==1)
  session.setAttribute("username",username);
  if(session!=null)
  getServletContext().getRequestDispatcher("/adminhome.jsp").forward(request,response);
  else
  { getServletContext().getRequestDispatcher("/login.jsp").forward(request,response);
  Here raj is the output of the validateUser() method that checks the DB for username and password. I set the value to 1 if data exists in DB.
  Here my adminhome.jsp page
  The userservlet redirects to the adminhome if values found in DB..
  <% String sid=(String)session.getAttribute("username");
  if(sid==null)
  response.sendRedirect("expired.html");
  %>
  Then it displays a table about user information
  Here is my logout page
  <%
  session.removeAttribute("username");
  if(session!=null)
  session.invalidate();
  %>
  What should i do to avoid the problem...
  Any help would be appreciated

  Here is my complete code BalusC,
  UserServlet.java (My Controller servlet)
  package com.rajk.javacode.servlets;
  import java.io.*;
  import java.io.PrintWriter;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.servlet.http.HttpSession;
  public class UserServlet extends HttpServlet
      public void doPost(HttpServletRequest request, HttpServletResponse response)
          throws ServletException, IOException
          UserModel modelBean = new UserModel();
            PrintWriter op=response.getWriter();
            HttpSession session=request.getSession(true);
          String username = request.getParameter("username");
            String password = request.getParameter("password");
            String role = request.getParameter("role");
           if (username.equals("") && password.equals("")) throw new ServletException
                ("User name or password not specified");
             else
                 modelBean.setUsername(username);
                   modelBean.setPassword(password);
                   modelBean.setRole(role);
            try
                int raj=modelBean.validateUser(username,password,role);
                  if(raj==1)
                       if(session!=null)
                        getServletContext().getRequestDispatcher("/administratorhome.jsp").forward(request,response);
                       else
                        getServletContext().getRequestDispatcher("/err_login_session.html").forward(request,response);
                  else if(raj==2)
                    getServletContext().getRequestDispatcher("/customerhome.jsp").forward(request,response);
                  else if(raj==3)
                        getServletContext().getRequestDispatcher("/vendorhome.jsp").forward(request,response);
                  else if(raj==4 || raj==5 || raj==6 || raj==9 || raj==7)
                        getServletContext().getRequestDispatcher("/err_login.jsp").forward(request,response);
                  else
                       getServletContext().getRequestDispatcher("/err_login.jsp").forward(request,response);
             catch (SQLException e)
                throw new ServletException(e.getMessage());
            request.setAttribute("modelBean", modelBean);
      public void doGet(HttpServletRequest request, HttpServletResponse response)
          throws ServletException, IOException
          getServletContext().getRequestDispatcher("/view.jsp").forward(request, response);
  }UserModel.java (Bean file)
  package com.rajk.javacode.servlets;
  import java.io.*;
  import java.sql.*;
  import java.util.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class UserModel  extends dbmodel implements Serializable
       private String username;
      private String password;
      private String role;
       private String userid;
       public UserModel()
     public static UserModel load(ResultSet rs) throws SQLException
        UserModel user = new UserModel();
        String value = null;
        value = rs.getString(1);
        if (value != null)
           user.setUserid(value);
        value = rs.getString(2);
        if (value != null)
           user.setUsername(value);
        value = rs.getString(3);
        if (value != null)
           user.setPassword(value);
        value = rs.getString(4);
        if (value != null)
           user.setRole(value);
        return user;
     //Getter and Setter methods
     public String getUserid()
      return userid;
     public String setUserid(String userid)
      this.userid=userid;
       return userid;
     public String getUsername()
      return username;
     public String setUsername(String username)
      this.username=username;
       return username;
     public String getPassword()
      return password;
     public String setPassword(String password)
      this.password=password;
       return password;
     public String getRole()
      return role;
     public String setRole(String role)
      this.role=role;
       return role;
     // Login Validation Method
     public int validateUser(String un,String pwd,String rle) throws SQLException
         String un1=null;
         String pwd1=null;
         String rle1=null;
         String uid=null;
         int result=0;
         System.out.println(un+" "+pwd+" "+rle);
        PreparedStatement pstmt = null;
        ResultSet rs = null;
         connect();
        try
           final String SQL = "SELECT * FROM tbl_user WHERE user_name = '"+un+"'";
              pstmt=con.prepareStatement(SQL);
           rs = pstmt.executeQuery();
           while (rs.next())
                 uid=rs.getString("user_id");
                   un1=rs.getString("user_name");
                 pwd1=rs.getString("user_password");
                 rle1=rs.getString("role");
             if(rle1.equals(rle) & (rle.equals("admin")))
             if(uid.equals(un) & (pwd1.equals(pwd)))
               result=1;
               return result;
               else
                result=4;
                 return result;
             else if(rle1.equals(rle) & (rle.equals("customer")))
                  if(un1.equals(un) & (pwd1.equals(pwd)))
                  result=2;
                  return result;
                 else
                  result=5;
                  return result;
             else if(rle1.equals(rle) & (rle.equals("vendor")))
             if(un1.equals(un) & (pwd1.equals(pwd)))
                  result=3;
                 return result;
              else
               result=6;
               return result;
             else
              result=9;
              return result;
         catch(Exception e)
          result=7;
          return result;
        finally
           if (rs != null)
              rs.close();
           if (pstmt != null)
              pstmt.close();
     //return result;
    Now tell me what code should i put in the admin home or some other page in order to maintain the user session properly. Please give me the code if u have one..
  Thanks in advance

• Problem with jaas config

  i new in jaas and stuck when develop jaas aplication using myeclipse
  i have follow the tutorial, create MyCallbackHandler class, MyLoginModule class dan some principal class and auth.conf
  my problem is where and how can i setting my jaas application so it can refrence to auth.conf
  thx

  where must i put this code (-Djava.security.auth.login.config=jaas.conf) in my application, because i using myeclipse ?
  or can i set this in web.xml? if i can how to do that?

• Problems using JAAS with EJB 3.0 on JBoss 4.0.4-GA

  Hello all,
  I am trying to build a very simple JavaEE application with JAAS, but I getting mad.
  I have an EAR packed with a WAR module an EJB JAR module and a JAR with other classes. Struts is the MVC framework and EJB 3.0 is been used.
  First of all, I configured the "login-config.xml" file within /conf directory in JBoss, like this:
  <application-policy name="exemplo1">
       <authentication>
            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                 <module-option name="dsJndiName">java:jdbc/Infra_Seguranca</module-option>
                 <module-option name="principalsQuery">SELECT COD_USUARIO AS Password FROM USUARIO WHERE COD_USUARIO=?</module-option>
                 <module-option name="rolesQuery">SELECT NOME_ROLE AS Roles, 'Roles' AS RoleGroups FROM ROLE_USUARIO WHERE COD_USUARIO=?</module-option>
            </login-module>
       </authentication>
  </application-policy>Next I configured the "web.xml" file like this:
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Restricted</web-resource-name>
            <description>Declarative security tests</description>
            <url-pattern>*.do</url-pattern>
       </web-resource-collection>
       <auth-constraint>
            <role-name>xxx</role-name>
       </auth-constraint>
       <user-data-constraint>
            <description>no description</description>
            <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>exemplo1</realm-name>
       <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginErro.jsp</form-error-page>
       </form-login-config>
  </login-config>
  <security-role>
       <description>Role xxx</description>
       <role-name>xxx</role-name>
  </security-role>Notice that I am using the "xxx" role to protect the "*.do" URL pattern.
  The "jboss-web.xml" is like this:
  <?xml version="1.0"?>
  <jboss-web>
       <security-domain>java:/jaas/exemplo1</security-domain>
  </jboss-web>As it is, it works perfectly, which means, every time I try to access a "*.do" URL it verifies whether I am authenticated and have authroization or not. If not, the login page shows up.
  Now I wanna to be able to also protect my EJBs.
  My Stateless Session Bean is implemented as follow:
  @RolesAllowed("yyy")
  @Stateless(name="UserManagement")
  public class UserManagementBean implements UserManagement {
       public void add(User user) {
  }When I run all this, the container simply igoners the @RolesAllowed("yyy") annotation and allow the EJB execution.
  If I add the "jboss.xml" file, like this:
  <?xml version="1.0"?>
  <jboss>
       <security-domain>java:/jaas/exemplo1</security-domain>
  </jboss>I start getting this stack trace:
  ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
  java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
  at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313)
  at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
  at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
  at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  ... Am I missing something? What do I have to do to get JAAS working fine with my EJBs? Do I have to also configure and/or provide "ejb-jar.xml" ???
  Thanks
  Daniel

  Using @SecurityDomain("exemplo1") in my EJB and NOT providing jboss.xml, it works.
  @SecurityDomain("exemplo1")
  @RolesAllowed("yyy")
  @Stateless(name="UserManagement")
  public class UserManagementBean implements UserManagement {
    public void add(User user) {
  }Damn! This is some serious shit... I don�t want to configure this in every single EJB.
  EJB 3.0 is nice, but some small trivial details like this and others, that was forgotten by Sun, piss me off!

• Problem with an update page.

  I have a problem with an update page on my website
  Here's how it work
  values are defualted in from the advert table  - this works fine
  I should then be able to change the fields and click on the update button
  This works fine but ONLY when the O_year field is populated. 
  There doesn't seem to be anything special about the O_year field
  I thought spry text validation would of been causing the issues, but I removed them and have the same problem.
  For some reason the POST_MMupdate value is not being set to 'form4', which it is doing if O_year is set.
  Please can someone have a look at this, code,
  Also, is there a way of 'stepping through' dreamweaver code to debug it?
  Thanks
  Adam
  $colname_Advert = "-1";
  if (isset($_GET['advert_id'])) {
    $colname_Advert = $_GET['advert_id'];
  mysql_select_db($database_guitarswap_db, $guitarswap_db);
  $query_Advert = sprintf("SELECT * FROM advert WHERE advert_id = %s", GetSQLValueString($colname_Advert, "int"));
  $Advert = mysql_query($query_Advert, $guitarswap_db) or die(mysql_error());
  $row_Advert = mysql_fetch_assoc($Advert);
  $totalRows_Advert = mysql_num_rows($Advert);
  if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form4"))
      //Сheck that we have a file
  if((!empty($_FILES["PictureLocation"])) && ($_FILES['PictureLocation']['error'] == 0))
        //Check if the file is JPEG image and it's size is less than 350Kb
        $filename = basename($_FILES["PictureLocation"]["name"]);
        $ext = substr($filename, strrpos($filename, '.') + 1);
        if (($ext == "jpg") && ($_FILES["PictureLocation"]["type"] == "image/jpeg") &&
      ($_FILES["PictureLocation"]["size"] < 350000))
          //Determine the path to which we want to save this file
            $newname = dirname(__FILE__).'/upload/'.$filename;
            //Check if the file with the same name is already exists on the server
            if (!file_exists($newname))
              //Attempt to move the uploaded file to it's new place
              if ((move_uploaded_file($_FILES['PictureLocation']['tmp_name'],$newname)))
                     // echo "It's done! The file has been saved as: ".$newname;
              else
                     // echo "Error: A problem occurred during file upload!";
          else
               // echo "Error: File ".$_FILES["PictureLocation"]["name"]." already exists";
        else
           // echo "Error: Only .jpg images under 350Kb are accepted for upload";
      else
       // echo "Error: No file uploaded";
      $filename=$row_Advert['PictureLocation'];
      // set default opentoalloffers
  if (!isset($_POST['checkopentoalloffers']))
      $_POST['checkopentoalloffers'] = 'n';
    $updateSQL = sprintf("UPDATE advert SET PictureLocation=%s, O_Make=%s, O_Model=%s, O_Country=%s, O_Year=%s, O_Colour=%s, O_Body=%s, O_Neck=%s, O_Fingerboard=%s, O_Pickups=%s, `value`=%s, `condition`=%s,  W_Make=%s, W_Model=%s, W_Country=%s, W_Year=%s, W_Colour=%s, W_Body=%s, W_Neck=%s, W_Fingerboard=%s, W_Pickups=%s, Comments=%s, opentoalloffers=%s, ChangeFlg = %s  WHERE advert_id=%s",
                         GetSQLValueString($filename, "text"),
                         GetSQLValueString($_POST['O_Make'], "text"),
                         GetSQLValueString($_POST['O_Model'], "text"),
                         GetSQLValueString($_POST['O_Country'], "text"),
                         GetSQLValueString($_POST['O_Year'], "date"),
                         GetSQLValueString($_POST['O_Colour'], "text"),
                         GetSQLValueString($_POST['O_Body'], "text"),
                         GetSQLValueString($_POST['O_Neck'], "text"),
                         GetSQLValueString($_POST['O_Fingerboard'], "text"),
                         GetSQLValueString($_POST['O_Pickups'], "text"),
                         GetSQLValueString($_POST['value'], "int"),
                         GetSQLValueString($_POST['condition'], "text"),
                         GetSQLValueString($_POST['W_Make'], "text"),
                         GetSQLValueString($_POST['W_Model'], "text"),
                         GetSQLValueString($_POST['W_Country'], "text"),
                         GetSQLValueString($_POST['W_Year'], "date"),
                         GetSQLValueString($_POST['W_Colour'], "text"),
                         GetSQLValueString($_POST['W_Body'], "text"),
                         GetSQLValueString($_POST['W_Neck'], "text"),
                         GetSQLValueString($_POST['W_Fingerboard'], "text"),
                         GetSQLValueString($_POST['W_Pickups'], "text"),
                         GetSQLValueString($_POST['Comments'], "text"),
                         GetSQLValueString($_POST['checkopentoalloffers'], "text"),
                         GetSQLValueString('y', "text"),
                         GetSQLValueString($_POST['advert_id'], "int"));
    mysql_select_db($database_guitarswap_db, $guitarswap_db);
    $Result1 = mysql_query($updateSQL, $guitarswap_db) or die(mysql_error());
      $updateGoTo = "Member2.php";
       if (isset($_SERVER['QUERY_STRING'])) {
         $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
         $updateGoTo .= $_SERVER['QUERY_STRING'];
       header(sprintf("Location: %s", $updateGoTo));
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Untitled Document</title>
  <link href="Layout3.css" rel="stylesheet" type="text/css" /><!--[if IE 5]>
  <style type="text/css">
  /* place css box model fixes for IE 5* in this conditional comment */
  .twoColFixLtHdr #sidebar1 { width: 230px; }
  </style>
  <![endif]--><!--[if IE]>
  <style type="text/css">
  /* place css fixes for all versions of IE in this conditional comment */
  .twoColFixLtHdr #sidebar1 { padding-top: 30px; }
  .twoColFixLtHdr #mainContent { zoom: 1; }
  /* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */
  </style>
  <![endif]-->
  <script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
  <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
  <link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
  <link href="SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
  <style type="text/css">
  <!--
  body {
      background-color: #FFF;
      margin-left: 20px;
  .twoColFixLtHdr #container #main3 #form1 div fieldset {
      border: thin ridge #CCC;
  -->
  </style>
  <script type="text/javascript">
  <!--
  function MM_goToURL() { //v3.0
    var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
    for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
  //-->
  </script>
  <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
  </head>
  <body class="twoColFixLtHdr">
  <div id="container">
    <div id="header">
      <div id="Righty">
        <ul id="MenuBar2" class="MenuBarHorizontal">
      <li><a href="index.php">Search</a>      </li>
      <li><a href="Member2.php">Members</a></li>
    </ul>
    <p> </p>
  </div>
  <span id="LoginDiv">
      <?php
        if (isset($_SESSION['MM_Username']))
          echo "hello ". $_SESSION['MM_Username']. "";
          echo " <a href='Logout.php'>Log out</a> ";
      else
          echo "
              <a href='Login.php'>Login</a> / <a href='Register.php'>Register</a>
      ?>
      </a></span>
  <div id="Middle">
    <h1 align="center">GuitarSwap</h1>
  </div>
    </div>
    <div id="sidebar1">
      <h4>Members Area</h4>
      <ul id="MenuBar1" class="MenuBarVertical">
        <li><a href="Member2.php">My Adverts</a></li>
        <li><a href="NewAdvert.php">Create new Advert</a></li>
        <li><a href="UpdateUserDets.php">My Account</a></li>
      </ul>
      <h3>  </h3>
    </div>
    <div id="mainContent">
      <h4>Update Advert</h4>
      <!-- end #mainContent -->
    </div>
    <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats -->
    <div id="main3">
      <div id="main">
        <fieldset>
          <legend>Please update advert details and confirm</legend>
          <form action="<?php echo $editFormAction; ?>" enctype="multipart/form-data" method="post" name="form4" id="form4">
            <input type="hidden" name="advert_id" value="<?php echo $row_Advert['advert_id']; ?>" />
            <p></p>
            <table width="650" align="center">
              <tr valign="baseline">
                <td width="17" rowspan="15" valign="middle" nowrap="nowrap"><?php echo "<img src='upload/" .$row_Advert['PictureLocation']."' width='64' height='180'/>" ?></td>
                <td width="133" align="right" nowrap="nowrap"> </td>
                <td width="240" align="center" bgcolor="#CCCCCC"><strong>Offered</strong></td>
                <td width="240" align="center" bgcolor="#CCCCCC"><strong>Wanted</strong></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Make:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Make" type="text" value="<?php echo $row_Advert['O_Make']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Make" type="text" value="<?php echo $row_Advert['W_Make']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Model:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Model" type="text" value="<?php echo $row_Advert['O_Model']; ?>" size="30" maxlength="30" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Model" type="text" value="<?php echo $row_Advert['W_Model']; ?>" size="30" maxlength="30" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Country:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Country" type="text" value="<?php echo $row_Advert['O_Country']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Country" type="text" value="<?php echo $row_Advert['W_Country']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Year:</strong></td>
                <td bgcolor="#CCFFCC"><span id="sprytextfield1">
                <input name="O_Year" type="text" value="<?php echo $row_Advert['O_Year']; ?>" size="4" maxlength="4" />
  <span class="textfieldInvalidFormatMsg">Invalid format.</span><span class="textfieldMinValueMsg">The entered value is less than the minimum required.</span><span class="textfieldMaxValueMsg">The entered value is greater than the maximum allowed.</span></span></td>
                <td bgcolor="#CCFFFF"><span id="sprytextfield2">
                <input name="W_Year" type="text" value="<?php echo $row_Advert['W_Year']; ?>" size="4" maxlength="4" />
  <span class="textfieldInvalidFormatMsg">Invalid format.</span><span class="textfieldMinValueMsg">The entered value is less than the minimum required.</span><span class="textfieldMaxValueMsg">The entered value is greater than the maximum allowed.</span></span></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Colour:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Colour" type="text" value="<?php echo $row_Advert['O_Colour']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Colour" type="text" value="<?php echo $row_Advert['W_Colour']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Body:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Body" type="text" value="<?php echo $row_Advert['O_Body']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Body" type="text" value="<?php echo $row_Advert['W_Body']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Neck:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Neck" type="text" value="<?php echo $row_Advert['O_Neck']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Neck" type="text" value="<?php echo $row_Advert['W_Neck']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Fingerboard:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Fingerboard" type="text" value="<?php echo $row_Advert['O_Fingerboard']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Fingerboard" type="text" value="<?php echo $row_Advert['W_Fingerboard']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Pickups:</strong></td>
                <td bgcolor="#CCFFCC"><input name="O_Pickups" type="text" value="<?php echo $row_Advert['O_Pickups']; ?>" size="30" maxlength="15" /></td>
                <td bgcolor="#CCFFFF"><input name="W_Pickups" type="text" value="<?php echo $row_Advert['W_Pickups']; ?>" size="30" maxlength="15" /></td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Condition:</strong></td>
                <td bgcolor="#CCFFCC"><label for="condition">
                  <select name="condition" size="1" id="condition">
                    <option selected="selected" value="" <?php if (!(strcmp("", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>---select---</option>
                    <option value="immaculate" <?php if (!(strcmp("immaculate", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>immaculate</option>
                    <option value="excellent" <?php if (!(strcmp("excellent", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>excellent</option>
                    <option value="good" <?php if (!(strcmp("good", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>good</option>
                    <option value="well used" <?php if (!(strcmp("well used", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>well used</option>
                    <option value="poor" <?php if (!(strcmp("poor", $row_Advert['condition']))) {echo "selected=\"selected\"";} ?>>poor</option>
                </select>
                </label></td>
                <td bgcolor="#FFFFFF"> </td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Value:</strong></td>
                <td bgcolor="#CCFFCC"><span id="sprytextfield3">
                <input name="value" type="text" value="<?php echo $row_Advert['value']; ?>" size="11" maxlength="11" />
  <span class="textfieldInvalidFormatMsg">Invalid format.</span></span></td>
                <td bgcolor="#FFFFFF"> </td>
              </tr>
              <tr valign="baseline">
                <td align="right" valign="top" nowrap="nowrap"><strong>Comments:</strong></td>
                <td bgcolor="#CCFFCC"><textarea name="Comments" cols="25" rows="3"><?php echo $row_Advert['Comments']; ?></textarea></td>
                <td bgcolor="#FFFFFF"> </td>
              </tr>
              <tr valign="baseline">
                <td nowrap="nowrap" align="right"><strong>Picture location</strong></td>
                <td bgcolor="#CCFFCC"><label for="checkopentoalloffers"></label>                <input type="file" name="PictureLocation" value="<?php echo $row_Advert['PictureLocation']; ?>" size="20" /></td>
                <td bgcolor="#FFFFFF"> </td>
              </tr>
              <tr valign="baseline">
                <td height="26" align="right" nowrap="nowrap"><strong>Open to all offers:</strong></td>
                <td bgcolor="#CCFFCC"><input name="checkopentoalloffers" type="checkbox" id="checkopentoalloffers" value="y" <?php if (!(strcmp($row_Advert['opentoalloffers'],"y"))) {echo "checked=\"checked\"";} ?> /></td>
                <td bgcolor="#FFFFFF"> </td>
              </tr>
            </table>
            <p> </p>
            <div id="submitdiv">
              <input type="hidden" name="MM_update" value="form4" />
              <input name="submit button" type="submit" id="submit button" value="Update Advert" />
            </div>
            <div id="exitdiv">
              <label for="button15"></label>
              <input name="button" type="button" id="button15" onclick="MM_goToURL('parent','Member2.php');return document.MM_returnValue" value="Exit" />
              <label for="button16"></label>
            </div>
            <p> </p>
          </form>
        </fieldset>
        <script type="text/javascript">
  var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1", "integer", {validateOn:["blur"], minValue:1900, maxValue:2010, isRequired:false});
  var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1", "integer", {validateOn:["blur"], minValue:1900, maxValue:2010});
  var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2", "integer", {minValue:1900, maxValue:2010, validateOn:["blur"], isRequired:false});
  var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3", "currency", {validateOn:["blur"], isRequired:false});
        </script>
        <br class="clearfloat" />
    <!-- end #container -->
  </div></div></div>
  <script type="text/javascript">
  <!--
  var  = new Spry.Widget.MenuBar("", {imgRight:"SpryAssets/SpryMenuBarRightHover.gif"});
  var MenuBar2 = new Spry.Widget.MenuBar("MenuBar2", {imgDown:"../SpryAssets/SpryMenuBarDownHover.gif", imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script>
  </body>
  </html>
  <?php
  mysql_free_result($Advert);
  if (is_resource($Result1)) mysql_free_result($Result1);
  ?>

  Please note,
  Removing I investigated spry a little more, in the end I settled for removing spry altogether,
  Maybe it was because the text field in a $GET (for the default) AND a $PUT (for the update)

• Problem with sessions in Kate Editor

  Hey guys!
  I'm using Kate Editor to code and i'm having problems with sessions. If kate is open and I logout KDE, when I come back to KDE all my customizations in Kate's session (activated plugins, font size, etc) are lost.
  If I manually close Kate before logout from KDE, all the customizations are kept when a manually start Kate. I tried a lot of workarounds, but none worked.
  Is this a bug? Someone else with this issue?
  Thanks in advance!

  The Warning errors are simply because you don't have the tablespaces, users, and roles defined in your application system under the DB Admin tab. Unless it is important to you to capture the physical implementation of your tables exactly as well as the table definitions, you can safely ignore these. If the physical implementation IS important to you, then you need to create these tablespaces, roles and users under the database that you created under the DB Admin tab before you start the capture.
  The Error is because in the set of objects you are capturing there is a foreign key that references the table named "PLEASANT". This table must be among the objects that you are capturing, or must already be in a Table Definition in your application system in the repository.

• Problem with Sessions in JSP

  Hi,
  I am working on a JSP based website, where I am facing problem with sessions. The user is asked to login by providing her id and password. If found correct, a bean is created and populated with all her details and placed in session scope. I plan to use the information stored in the bean on other related pages until she logs out.
  <jsp:useBean id="validUser" scope="session" class="UserBean" >
  <c:set target="${validUser}" property="userId" value="${fn:trim(dbValues.UserId)}" />
  <c:set target="${validUser}" property="userName" value="${fn:trim(dbValues.UserName)}" />
  </jsp:useBean>
  <c:redirect url="userHome.jsp" /> The user is presented her homepage - 'userHome.jsp', where she can find various links, like 'Update Profile', 'Pay Registration Fees', 'Book Room' etc. The information stored in the bean is available on 'userHome.jsp'page.
  <A HREF='userHome.jsp'>Home</A>
  <A HREF='editPersonal.jsp'>Update Profile</A>
  <A HREF='registrationFee.jsp'>Pay Registration Fees</A>
  <A HREF='bookRoom.jsp'>Book Room</A>
  <A HREF='logout.jsp'>Logout</A> The problems are:
  1. Whenever user clicks on any of the above mentioned links and moves to any page, the bean comes out as null.
  <%-- Verify that the user is logged in --%>
  <c:if test="${validUser == null}">
  <jsp:forward page="loginForm.jsp">
  <jsp:param name="origURL" value="${pageContext.request.requestURL}" />
  <jsp:param name="errorMsg" value="You must be logged in to access this site." />
  </jsp:forward>
  </c:if> 2. The URL shows an additional jsessionid, which my client doesn't want to see.
  3. On every click on any link, the value of this jsessionid changes.
  What I presume, when I am clicking on different links, my session changes, and so I am seeing a different jsessionid. And since session is changing, therefore the bean is not available in a different session.
  All this works fine with localhost, problem comes into picture, when I upload my pages to the server.
  Puzzled, can anyone help, where am I going wrong? Let me add here, I am new to JSP and hence don't have much resources with me.

  There are several ways sessions can be exchanged between the browser and the server in a j2ee web application.
  1. The default is through cookies. However when the client does not accept cookies, the server appends the session id to the url.
  2. Some servers also facilitate session information exchange using session id in the url even if the client does accept cookies. This is usually ahieved through a setting in some server configuration file.
  You will have to find out why the server in your application is appending the session id to the url.
  Whatever be the case, the server should be able to look up the session from the incoming request (be it from the session id in the url or a session cookie).
  When session information is exchanged through the JSESSIONID in the url, you should ensure that each and every url that goes to the server has this input parameter. To do that all links and form post urls in your servlet/jsp should be treated with a call to encodeURL().
  For example, in a jsp
     <a href = "<%=response.encodeURL("/nextJsp.jsp")%>">Click here </a>
  or
     <form action = "<%=response.encodeURL("/nextJsp.jsp")%>">
     </form>etc.
  ram.

• Problem with ESM on some computers

  We have been having a problem with ESM on some older computers. The
  computers all seem to be older computers running WinXP SP2 (Dell
  OptiPlex SX260). The computers have the Novell client, either 4.91 SP4
  or SP5, and either have the Microsoft client for Microsoft Networks
  turned off (unchecked) or uninstalled. The computer will be running
  fine, we'll install ESM on them and then when the computer comes up
  after that it won't login properly. It will accept the login, but then
  says access denied but keeps going. All drive mappings fail with a 470
  error code and the login script ends with an 8885 error. I look in the
  Novell client and it says that the user is authenticated to the tree and
  connected to the servers but can't access anything on them. I can try
  logging in as many times as I want and it won't map the drives. If I
  try to get to the NSS volumes using UNC paths, it won't work. I can try
  a UNC path with the IP address instead of the name and still the same story.
  We've found two ways around the problem and neither are acceptable:
  1. Remove ESM
  2. Go into the network control panel and uncheck the Senforce ESS
  Filter Engine. After that, I can try to login and it goes right
  through. I don't even have to logout, just right-click on the red N and
  choose login. Everything maps just fine.
  The firewall is set to all open so it isn't blocking the ports. Or at
  least it isn't set to block them.
  I say we've had the problems on the SX260's. We've only tried this on
  SX260's and a small number of newer Dell desktops and laptops (Optiplex
  740, 745, 755, Latitude D620, D630). Only the SX260's are having the
  problem. They also, however, are the ones with the Microsoft client for
  Microsoft Networks either turned off or uninstalled.
  We're about to open another SR with Novell support but it is difficult
  for us to leave a computer in a non-working state so we can work with
  support on it.
  Any ideas?

  Originally Posted by Sean Eckton
  We have been having a problem with ESM on some older computers. The
  computers all seem to be older computers running WinXP SP2 (Dell
  OptiPlex SX260). The computers have the Novell client, either 4.91 SP4
  or SP5, and either have the Microsoft client for Microsoft Networks
  turned off (unchecked) or uninstalled. The computer will be running
  fine, we'll install ESM on them and then when the computer comes up
  after that it won't login properly. It will accept the login, but then
  says access denied but keeps going. All drive mappings fail with a 470
  error code and the login script ends with an 8885 error. I look in the
  Novell client and it says that the user is authenticated to the tree and
  connected to the servers but can't access anything on them. I can try
  logging in as many times as I want and it won't map the drives. If I
  try to get to the NSS volumes using UNC paths, it won't work. I can try
  a UNC path with the IP address instead of the name and still the same story.
  We've found two ways around the problem and neither are acceptable:
  1. Remove ESM
  2. Go into the network control panel and uncheck the Senforce ESS
  Filter Engine. After that, I can try to login and it goes right
  through. I don't even have to logout, just right-click on the red N and
  choose login. Everything maps just fine.
  The firewall is set to all open so it isn't blocking the ports. Or at
  least it isn't set to block them.
  I say we've had the problems on the SX260's. We've only tried this on
  SX260's and a small number of newer Dell desktops and laptops (Optiplex
  740, 745, 755, Latitude D620, D630). Only the SX260's are having the
  problem. They also, however, are the ones with the Microsoft client for
  Microsoft Networks either turned off or uninstalled.
  We're about to open another SR with Novell support but it is difficult
  for us to leave a computer in a non-working state so we can work with
  support on it.
  Any ideas?
  Sean,
  I have seen login issue with the Novell client and zesm if a firewall is enabled.
  Is it possible to do the following:
  Right click the ZESM client and go to About
  Click Diagnostics, Logging and select all
  Once you have logging enabled on the client please duplicate the issue.
  Please post or attach the log so we can see it.
  You will find the log in c:\documents and settings\all users\application data\senforce\logs