Protected url, form base

Similar Messages

• Retrieving data from a password protected URL

  Hi guys,
  I was hoping that someone might be able to advise me on how to read data into java from a password protected URL. The first page has a "login" area, where the username and password must be supplied before access to the next pages are allowed. It is from these following pages that I wish to get the data.
  I have a user name and password, and when I log in the usual way no cookie is created, nor is the username or password displayed as a part of the URL. Therefore, when I run my HTML parsing program to parse those pages, I get a message saying that I have to login first.
  You can have a look at the site should you wish (I strongly advise this to get an understanding of the problem): http://news.ft.com/home/uk/
  If anybody has some source code that could resolve this issue, I would be terribly grateful.
  Thanks!

  Hi.
  Usually you should be able to access
  password-protected sites using a URL of the
  form:http://username:[email protected]
  -page.com/If you're trying to access those sites without using a
  browser, you still have to encode the username and
  password with base64-encryption, which is usually done
  by the browser.
  cheers,
  kelysarMy program accesses this site without using a browser.....
  In this case would you or anybody else be able tell me how to go through the process from start to finish? I just haven't got a clue!

• Tomact examples and form base authentication

  I am looking at the tomcat examples web.xml security constrains and login info settings:
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
  <url-pattern>/jsp/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
       <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <!-- Anyone with one of the listed roles may access this area -->
  <role-name>tomcat</role-name>
       <role-name>role1</role-name>
  </auth-constraint>
  </security-constraint>
  <!-- Default login configuration uses form-based authentication -->
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
  <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  As we can see form-login page and form-error page uri match url-pattern settings.
  url-pattern: /jsp/security/protected/*
  form-login page: /jsp/security/protected/login.jsp
  form-error page: /jsp/security/protected/error.jsp
  There is no binding of unauthenticated user to ether one of specified roles
  Question: What place in the servlet spec allows serving secured resource for a user without appropriate role association?

  Kinda then beat the the whole idea of authentication then, if you allow a user in that is not assigned to a security role? Anyway, I think you are looking to send the user to another page if they are not in a role but have an id, correct? Well, first it has to be a page outside the secure directory/ies. The error it generates is a 403. So add to your web.xml:
      <error-page>
         <error-code>403</error-code>
         <location>/403.jsp</location>
      </error-page>Anytime a user who is not a member of the allowed roles attempts a login, they will be redirected to this page.
  Ross

• Protect a form submit cfm page

  How else to I protect a form submit cfm page to make sure the request only comes from pages in my own site?
  So far I have this
  <cfif Not cgi.REQUEST_METHOD eq "POST">
    <cflocation url="../index.cfm" addtoken="no">
  </cfif>

  We do the following in our application.cfm:
  <cfif isDefined("FORM.fieldNames") and len(FORM.fieldNames) and NOT reFindNoCase("^(http|https)://#CGI.HTTP_HOST#/",CGI.HTTP_REFERER)>
    <cfabort showerror="Forbidden Request - POST request denied.">
  </cfif>

• Security - Password Expiration with Form Base Authentication

  Hi everbody,
  I have configured the security of my application and this works
  fine.
  I configured the roles and match roles with groups defined in my
  LDAP
  I used the form base authentication. Perfect, but now I configure in
  LDAP
  that the user password can be expired, and the user can change password.
  My problem is when the user try to log at my application and the
  password was expired, I need to allow that user change the password
  ( showing another pag, and ask about the new password).
  Nowadays when the user try to log and the password was expired the
  page that I have set for my login error page (form base authentication)
  is call, this page is call if the user is invalid or the password is
  invalid too.
  I have try to get the exception at this page using :
  String codeObj =
  req.getAttribute("javax.servlet.error.status_code");
  String messageObj =
  req.getAttribute("javax.servlet.error.message");
  String typeObj =
  req.getAttribute("javax.servlet.error.exception_type");
  But all of this String are null. It's independent if the user is
  invalid or the password or either if the password was expired.
  I always get this null Strings. But if the person isn't authorized I
  call another pag and at this time I can get the code, message
  and the exception type
  So my question is how can I treat this ? how can I get this kind of
  exception ?
  I also make a java application that only try to connect with Ldap,
  and if the password is expired
  I can get the com.netscape.LDAPExpection with code 45 and message
  Invalid Credential.
  Is it impossible to get this exception in my actual solution ? I
  need to make one component for that ?
  Someone can help me ?
  Any tip will be good !!
  Thanks
  Daniela Pistelli Gomes
  Technical Consultant
  Summa Technologies
  http://www.summa-tech.com

  Hi Robert,
  thanks very much for ur pointers on the AuthFilter class.. will try that out.
  Robert Greig <[email protected]> wrote:
  Stephen wrote:
  I am using WLS 6.1 and tried using a custom filter to intercept theauthentication
  request submitted from a FORM BASE jsp (using the j_security_checkform).
  However, no matter what i've tried, it is always the authenticationpart that
  gets executed before the filter.
  Any idea how could I intercept the request before the j_security_checkservlet
  calls the security provider for authentication?There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
  I haven't used it because it is deprecated but I think it does what
  you're after.
  In my apps, I make the FORM auth submit to my own servlet which can then
  do what j_security_check does (most although not all is accessible
  through public APIs).
  Robert

• Form Base Login

  Dear programmers
  I tries to use form base login and unfortuanetly nothing happen.
  I have written this little form:
  <form method="post" action="j_security_check">
       <table width="80%">
            <tr>
                 <td width="20%" align="right">
                      UserId:
                 </td>
                 <td>
                      <input size="20" type="text" name="j_username" maxlength="25">                    
                 </td>
            </tr>
            <tr>
                 <td align="right">
                      Password:
                 </td>
                 <td>
                      <input size="20" type="password" name="j_password" maxlength="25">
                 </td>
            </tr>
            <tr>
                 <td></td>
                 <td>
                      <input type="submit" name="action" value="Login"> �
                      <input type="reset" name="reset" value="Clear">                    
                 </td>
       </table>
  </form>and configured the web.xml this way:
  <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
            <form-login-page>/jsp/login.jsp</form-login-page>
            <form-error-page>/jsp/error.jsp</form-error-page>
       </form-login-config>
  </login-config>I did everything like in the example of http://www.redbooks.ibm.com/abstracts/tips0220.html?Open
  I expected that when I'll try to navigate a page in my application, I'll be automatically redireced to the login page. Unfortuanetly it didn't happen.
  Did I do something wrong?
  Should I do something on the server? (I use websphere 5.1.2).

  Hi adslyl, thanks for the reply.
  I have defined the following security-constrain:
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>(New Web Resource Collection)</web-resource-name>
            <description></description>
            <url-pattern>/faces/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
  </security-constraint>But it seems that it doesn't help. If I understand it correctly every reference to doGet() or doPost() should perform this security mechanism. Am I right?

• Single Sign on and Protect URL step

  Hi,
  I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
  My questions are:
  - How do I protect URL so the user will need to login to access certain URL?
  - How do I enable single sign on and test it?
  - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
  Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
  Thanks.
  Regards,
  Alfonso

  Hi,
  You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
  Regards,

• How do I authorize my 100+ previously purchased itunes music that is in protected aac form?  It prompts that my computer is not authorized even though it is.

  How do I authorize my 100+ previously purchased itunes music that is in protected aac form?  It prompts that my computer is not authorized even though it is.

  are you saying that your computer is autharized from guessing, or do you know it is becuase it says it. in itunes, go to the advanced tab and the last option in that tab should be either aurhorize, or de-authorize.  What does it say?

• Policy agent protected URL auth problem

  Hi all,
  Anyone knows why the policy agent failed to identify a user with valid cert and ldap pwd and thus allow the user to goto the protected URL resources? (IIS with policy agent 2.0 for W2K)
  The IDS server instance was created with security on and "Client Auth" also on. All the accesses worked OK while the "client auth" in not ON. In fact, the user could goto the user profile page with the cert or the LDAP pwd, OAC were all set to enable cert and LDAP=SUCIFICENT even with "client auth" is on, just could not get to the URL it protected. (IDS is running on a Soalris box, V6.0 mtr from the download center)
  The policy agent logs shown that the IDS authentication service failure with code 3.
  Any hints on that?

  When a user clicks the logout button in your Portal application that link needs to send the user to the /amserver/UI/Logout page to terminate the session. You can specify the goto parameter in the link so the user does not see the logout page. You can also specify a particular logout URL pattern in the AMAgent.properties file that when the agent sees a request for that URL it will terminate the session on the AM server and clear out it's cache.

• Need work around for image gallery with password protected URLs

  Is there a way to display an image gallery that has password protected URLs?
  I can build the image gallery in Siena using an excel table with a list of the images and when I preview the app inside Siena I get the expected credentials prompt from IE, and I enter the credentials and the images load and display with their captions perfectly.
  There are 4-6 images in the gallery.
  When I publish and produce a store app, the app errors out with can’t connect and obviously fails on
      var GenericInitError = "The app could not connect to the server. Please try again later.",
          GenericInitTitle = "Network error";
  Most likely because Siena wants to preload everything and there is no way with preload to enter credentials.
  I am looking for any alternatives that would let me get around this.
  TIA
  -- Barb Bowman

  On Mon, 24 Mar 2014 05:10:01 +0000, Radu Gruian (MSFT) wrote:
  >One possible thing to do would be download and embed the images into your app, eliminating the need for password-based authentication.
  Nope. The app accesses a group of IP Security cameras. Static images would not
  make any sense. And authentication is required. Not negotiable.
  -- Barb Bowman

• How to call System Form base on User Form

  I want to reuse System Form that "list of items" on service call,
  Show the "list of items" Form base on my own Form,
  How to do?
  thanks
  Tony

  Hi Tony,
  Have you looked at the ChooseFromList object? This is available in the UI API and allows you to easily create the 'lists' windows for all the main objects, including items. There is an example of using the ChooseFromList in the samples in the SDK.
  Kind Regards,
  Owen

• FRM-92052 error... unable to connect to server URL /forms/servlet;

  Hi all.
  I'm on forms 11g 11.1.2.1.0
  I'm configuring my form and when I try to run it I have this error:
  FRM-92052: unable to connect to server at URL /forms/servlet;
  I have start up weblogic server and everything is ok.
  When I try to run my form I have the error.
  How can I solve it?
  Thanks all for collaboration,
  Fabrizio

  I open my log file and I copy here error section:
  java.lang.NoSuchMethodError: oracle/forms/net/ConnectionException.<init>(ILjava/lang/String;Ljava/lang/Throwable;)V
       at oracle.forms.servlet.BaseServlet.getConnectionException(Unknown Source)
       at oracle.forms.servlet.BaseServlet.logException(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.getRunformSession(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.getInfo(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.doGet(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.access$100(Unknown Source)
       at oracle.forms.servlet.ListenerServlet.doGet(Unknown Source)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  >
  ####<5-feb-2013 14.42.40 CET> <Notice> <Diagnostics> <missuri377> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <2e61ea05cba29510:6243aa29:13caa961585:-8000-0000000000000024> <1360071760720> <BEA-320068> <Watch 'UncheckedException' with severity 'Notice' on server 'AdminServer' has triggered at 5-feb-2013 14.42.40 CET. Notification details:
  WatchRuleType: Log
  WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
  WatchData: DATE = 5-feb-2013 14.42.40 CET SERVER = AdminServer MESSAGE = [ServletContext@6140131[app:formsapp module:forms path:/forms spec-version:2.5 version:11.1.2]] Root cause of ServletException.
  java.lang.NoSuchMethodError: oracle/forms/net/ConnectionException.<init>(ILjava/lang/String;Ljava/lang/Throwable;)V
       at oracle.forms.servlet.BaseServlet.getConnectionException(Unknown Source)
       at oracle.forms.servlet.BaseServlet.logException(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.getRunformSession(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.getInfo(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.doGet(Unknown Source)
       at oracle.forms.servlet.ListenerServlet$Request.access$100(Unknown Source)
       at oracle.forms.servlet.ListenerServlet.doGet(Unknown Source)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  SUBSYSTEM = HTTP USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-101017 MACHINE = missuri377 TXID = CONTEXTID = 2e61ea05cba29510:6243aa29:13caa961585:-8000-0000000000000022 TIMESTAMP = 1360071760564
  WatchAlarmType: AutomaticReset
  WatchAlarmResetPeriod: 30000
  >
  How can I solve my problem?
  Thanks all for collaboration,
  Fabrizio

• Protecting fillable forms

  Can I password protect fillable forms before sending via e-mail?
  I use custom created forms on site and fill them using Adobe reader. This saves a lot of time and effort. These are then emailed directly to customers. Unfortunately they are still able to be edited by the recipient. Can they be protected to prevent the fields being changed, in effect making it a read only document?

  Hi,
  Go to File>Form Properties>Security
  Select the password option and when you save the form you'll be given opportunity to set 2 fifferent types of access passwords (open, edit)
  Good luck,
  Stephen

• Protected URL vs role mapping in OAM

  Hi,
  Can we do map Protected URL vs role mapping ?
  for example I have some ULR need to be protected thru OAM. Now based on url, user should get the screen. I have user and role in OID.
  My Doubt is : Once user it authenticated, how IDM is conforming that user has access to particular URL or not ?
  or is there any way to do so ? Can I map my 50 URL to 50 role and assign this role to user in oracle IDM?
  Any Help Apprecaited.

  I am too looking for something similar i.e. if users requested url is '/xyz' check if they are in role 'admin' or 'abcde' if not then authentication fails.
  If you find anything please share.
  Thanks

• Does Form Base Project budgeting support Budget Forecasting?

  Hello Expert,
  Can you please help me in understanding that does form base budgets in project costing support budget forecasting? if no then is that it can be achive only through Project Management?
  Your help will be appreciated.
  Thanks
  Uday

  Hi
  If you use the Forms for budgeting you can setup various budget types, like approved cost budget, proposal cost plan, funded revenue budget, forecast cost, etc...
  For each one of those types you have the same functionality, and budget entry is just keying in the quantities and amounts on the budget form. You could automate the calculation of burdened cost based on the entry of raw cost amount, or that based on quantity. Such automation is done using the budget client extension, and that extension is called immediately as you key in the line value.
  With Oracle Project Management (PJT) a new entity was introduced called Financial Plans. A financial plan type is an enhancement of a budget type. The entry of financial plan is done on HTML pages. You could set up financial plans for Firm annual budget, for forecast, for funded revenue etc. With PJT Oracle also delivered a concurrent program called Forecast. That program can generate the plan amounts and insert them on the financial plan defined as parameter. Such calculation functionality is not supported on the Form based budgets.
  Dina