Switch login form to logout form once logged in...

Similar Messages

• How to remove login form for iView in portal

  Hi,
  I have created a workset in portal which provides links for various BI reports. In the properties of each page for report I set the property to lunch it in headerless window.
  When I login with test user and click on link for report its asking for userID password again. Once I login, it opens the report and it doesnt ask for other reports. If I logoff and close the browser and open in new browser its again ask's for user ID password when I open the report for first time.
  Could any one let me know the solution how to avaoid the login form  on clicking the link for BI report configured in workset.
  It is working fine for me in Dev and QA system, recently we did transport to Trainign system and I am facing this issue only in training system.
  Regards,
  Ravi.

  Hi,
  I dont want that login page to appear again. evan for the first time.
  The login page should apper only once that too while loging into portal. once I enter into workset and click on link for report which is launched in new window should not ask for login again.
  Its happening in my training system, which is not used to be in my dev and QA system.
  I need solution to show the report directly with out asking for authentication(login form) once again on clickig the link for report in workset.
  Regards,
  Ravi.

• Secure Zone login form logs user in who isn't registered for it?!

  I have a client who runs an eCommerce site through BC.  We have a secure zone setup for his site and he wants to review and approve users before they are given access.  There is good reason for this so please don't bring up counter-points as it is non-negotiable.
  Anyway, the secure zone registration form basicly creates a user CRM record and allows them to select a username and password.  I've instructed to client to continue into the CRM and select the checkbox next to the appropriate secure zone in order to authorize the account to login.  As far as we know this has been working until yesterday.  Now, when somebody who has an account but it is not approved yet tries to login, they receive the form error as to be expected.  However they get logged into some phantom secure zone.
  I say "phantom" zone because the actual registration form doesn't subscribe them to a secure zone, it's manual (as previously stated).  This is a pretty big issue as a major reason for doing this is that my client doesn't want his prices visible to the public.  Only after the person is in the secure zone are prices visible.  Any help would be much appreciated.  I know BC launched a new update recently which my be a contributing factor....thanks in advance!

  Hi Mike,
  This has always been the case.
  IF you have a username and password and login to a site you are logged in. You may very well not be part of a securezone but you are logged in. This is why hiding and showing content soley based on the isloggedin module is a very thoughtful process as you can not show content based on this knowledge.
  This has nothing to do with the update, you probably only just noticed this behavior but this has been the case since BC born.

• Right way of login form...

  Hello
  I am a really newbie in web programming. I want to write a web application with JSF. I wonder what is the rgiht way of creating the login form. I tried to write a page segment file for it but page segments do not have prerender method so it cannot be fully controlled...I want something like that:
  login control will be two parts..
  if login info is not found in session, than it will show the login form.
  if the user is found in session, than it will show the menu for the user...
  but i couldnt do that because prerender methos is not available in page segments..
  what is the right way for doing that kind of thing?

  Indeed implement a Filter.
  Once an user logs in, put the User object in the HttpSession. Let the filter check on this User object. If this User object is null and you're not in the login page, then redirect to the login page.
  Do a Google search on "LoginFilter implements Filter" or "UserFilter implements Filter" and you'll find lot of examples.
  http://www.google.com/search?q=%22LoginFilter implements Filter%22
  http://www.google.com/search?q=%22UserFilter implements Filter%22
  Here is an advanced one which actually doesn't redirect if the User object doesn't exist, but this might give you some new insights: http://balusc.xs4all.nl/srv/dev-jep-usf.html

• Help with Login Form (JSP DB Java Beans Session Tracking)

  Hi, I need some help with my login form.
  The design of my authetication system is as follows.
  1. Login.jsp sends login details to validation.jsp.
  2. Validation.jsp queries a DB against the parameters received.
  3. If the query result is good, I retrieve some information (login id, name, etc.) from the DB and store it into a Java Bean.
  4. The bean itself is referenced with the current session.
  5. Once all that's done, validation.jsp forwards to main.jsp.
  6. As a means to maintain state, I prefer to use url encoding instead of cookies for obvious reasons.I need some help from step 3 onwards please! Some code snippets will do as well!
  If you think this approach is not a good practice, pls let me know and advice on better practices!
  Thanks a lot!

  Alright,here is an example for you.
  Assume a case where you don't want to give access to any JSP View/HTML Page/Servlet/Backing Bean unless user logging system and let assume you are creating a View Object with the name.
  checkout an example (Assuming the filter is being applied to a pattern * which means when a resource is been accessed by webapplication using APP_URL the filter would be called)
  public doFilter(ServletRequest req,ServletResponse res,FilterChain chain){
       if(req instanceof HttpServletRequest){
              HttpServletRequest request = (HttpServletRequest) req;
              HttpSession session = request.getSession();
              String username = request.getParameter("username");
              String password = request.getParameter("password");
              String method = request.getMethod();
              String auth_type  = request.getAuthType();
              if(session.getAttribute("useInfoBean") != null)
                  request.getRequestDispatcher("/dashBoard").forward(req,res);
              else{
                      if(username != null && password != null && method.equaIsgnoreCase("POST") && (auth_type.equalsIgnoreCase("FORM_AUTH") ||  auth_type.equalsIgnoreCase("CLIENT_CERT_AUTH")) )
                           chain.doFilter(req,res);
                      else 
                        request.getRequestDispatcher("/Login.jsp").forward(req,res);
  }If carefully look at the code the autherization is given only if either user is already logged in or making an attempt to login in secured way.
  to know more insights about where these can used and how these can be used and how ?? the below links might help you.
  http://javaboutique.internet.com/tutorials/Servlet_Filters/
  http://e-docs.bea.com/wls/docs92/dvspisec/servlet.html
  http://livedocs.adobe.com/jrun/4/Programmers_Guide/filters3.htm
  http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html
  http://www.servlets.com/soapbox/filters.html
  http://www.onjava.com/pub/a/onjava/2001/05/10/servlet_filters.html
  and coming back to DAO Pattern hope the below link might help you.
  http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html
  http://java.sun.com/blueprints/patterns/DAO.html
  http://www.javapractices.com/Topic66.cjp
  http://www.ibm.com/developerworks/java/library/j-dao/
  http://www.javaworld.com/javaworld/jw-03-2002/jw-0301-dao.html
  On the whole(:D) it is always a good practice to get back to Core Java/J2EE Patterns.and know answers to the question Why are they used & How do i implement them and where do i use it ??
  http://www.fluffycat.com/java-design-patterns/
  http://java.sun.com/blueprints/corej2eepatterns/Patterns/index.html
  http://www.cmcrossroads.com/bradapp/javapats.html
  Hope that might help :)
  REGARDS,
  RaHuL

• Require Login (Form based)

  Hi all,
  I want to control my website so that all pages require a logged in user, some pages are only visible for certain roles. In the web.xml description there is a remark for the <login-config> element:
  If this element is present, the user must be authenticated in order to access any resource that is constrained by a <security-constraint> defined in the Web application. Once authenticated, the user can be authorized to access other resources with access privileges.
  one for all pages:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>all pages</web-resource-name>
  <description>desc</description>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  </security-constraint>
  one with restriction for roles:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>role rescricted</web-resource-name>
  <description>...</description>
  <url-pattern>/control/requirements/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>aRoleName</role-name>
  </auth-constraint>
  </security-constraint>
  my <login-config> element:
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/control/Login</form-login-page>
  <form-error-page>/control/Login</form-error-page>
  </form-login-config>
  </login-config>
  The role restriction works fine. But also a user who is not logged in, can access the other pages and is not redirected to the login page.
  Any ideas??

  The Security-constraint for "all pages" doesn't specify an auth-constraint ie no role. I think that the default role is applied ie "Anonymous" which is everyone in the special group called "everyone" which course includes all not logged in users.
  create a role in your weblogic.xml called Users and make it contain the principal "users" which is a default group of all authenticated users.
  Then add the role "Users" to the "all pages" constraint, it will force an authentication.
  for info on default groups see:
  http://e-docs.bea.com/wls/docs81/secwlres/usrs_grps.html#1179347
  Note that if you create your own Authentication Provider you should probably make it add the WLSGroup principal "everyone" an "users" as well as other groups when a user sucessfully logs in. NB the groupname "everyone" is not guaranteed and you should get the principal name of the everyone group from API:
  weblogic.security.WLSPrincipals.getEveryoneGroupname() or
  weblogic.security.WLSPrincipals.getUsersGroupname()
  cheers
  Karl

• Multiple Secure Zones with a Single Login Form

  Hello, I've created a login form and 20 different secure zones. I am needing to redirect users to their own personal secure zone automatically once they login (without the need for them to choose the secure zone) Can you please let me know how this can be done? Thank you much

  Hi
  The main difference is :
  Using generic secure zone login option : When customer logs in , he stays on the same page. I mean , Generic secure zone in BC doesn't support redirect to other pages . However, he will have access to all the pages that were in other secure zones to which he actually subscribed to.
  Using Specific secure zone login form, you have option to redirect the user to specific landing page and user will have access to data that is placed in this specific secure zone.
  You may locate the Generic secure zone login form in toolbox > site modules > secure zones > sign in form >  as shown in below screenshot :

• Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

  Hi Guys,
  I am trying to Authenticate my adf application using custom Login Form.
  following this..
  http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
  But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
  Thanks,
  Raul

  Hi Frank,
  I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
  My login.jspx page is
  <?xml version='1.0' encoding='UTF-8'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
            xmlns:f="http://java.sun.com/jsf/core"
            xmlns:h="http://java.sun.com/jsf/html"
            xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
    <jsp:directive.page contentType="text/html;charset=UTF-8"/>
    <f:view>
      <af:document id="d1" >
        <af:form id="f1" >
          <af:panelFormLayout id="pfl1">       
            <af:inputText label="USERNAME" id="it1"
                          />       
            <af:inputText label="PASSWORD" id="it2"
                            />
            <af:commandButton text="LOG IN" id="cb1" />
            <f:facet name="footer">       
            </f:facet>                 
          </af:panelFormLayout>
        </af:form>
      </af:document>
    </f:view>
  </jsp:root>
  Don't know wht real problem is

• OAM 10g - access to resource is not authorized, but no login form displayed

  Hi,
  Here's another one. Let's say I access some (protected) page which redirected me to login form page. Login form page immediately creates a obssocooke (for user obanonymous). Instead of logging in, I just change URL to my protected application (I actually did it because I changed my mind and not while purposely testing).
  I am getting "not authorized" error, instead of being redirected to login page. This is very confusing and bad user experience. The obssocookie appears to point to a valid session (I checked status in my app for user session and it appears to be ObUserSession.LOGGEDIN) but obviously the user anonymous is not authorized.
  So the question is - Is there any way OAM would not create a valid session cookie for anonymous user when I just load login form page? How do you guys solve this issue? Should I somehow use auth level?
  Thanks,
  Alex

  Hi Sagar,
  What you've described is exactly my intention. I want only users with auth level > 0 to access the protected application. Plus for the resource I define my form based login as default authentication scheme (which has level=1). I think that the issue is that I protect the application with my own access gate (not a web gate). And there I have the following logic:
  if(sso cookie is present and status of the session = "logged in") then validate whether user has access to the requested resource. So in my case the sso cookie is found, and belongs to anonymous user, session state = logged in, and I fail at authorization check. I think I need to implement some kind of auth level check, or compare actual user's auth scheme with the one required for the resource, right?
  Thanks,
  Alex

• HTML form to log in

  I'm working with realms, and don't really like the pop ups to log in. Is it possible to have a login form on a web page? I'm running Mac Os Server 10.3.9.
  Thanks!

  So it isn't possible to pass the username and password from a web form to the server to use to authenticate for the realm?
  Not directly, no, if using realms.
  I'm thinking of using some javascript to forward them to http://username:[email protected] Any better ways?
  To be honest, I cannot think of a worse way to implement authentication.
  This approach would put the username and password in the address bar of the user's browser. It also becomes trivial to sniff, meaning anyone could easily steal the username and password, and there goes any semblance of site security.

• Capturing obformlogincookie in login form

  We are using OAM/webgate 10.1.14.3. We have the following requirement:
  Customer wants the query string from the originating URL to be displayed on the login form.
  Please let me know if you have any idea on how can this be done.
  Thanks.

  Hi Vinay,
  The key will be to read the ObFormLoginCookie - the query string should be in there as part of the "rq" parameter. Once you can get at that, use javascript or rewrite rules to achieve the rest.
  -Vinod

• Login form Blank

  Hello everyone,
  I have created a Basic Login form in DWCS3 and what i am
  getting is a blank page with no user name password box just blank
  page.

  r2ks2000 wrote:
  > David thank you for your Response,
  > yes it was created with DW Cs3 i just tried to recreate
  the samething DW 8 and
  > i get the same Thing a blank page and
  > @@UrlFormat@@('Connections/myserver.php'); i do not
  understand what you mean
  > by serious problems with my Dreamweaver installation.
  It should not use @@UrlFormat@@, but require_once. Also, all
  the
  variables begin with $FF_. They should begin with $MM_.
  Towards the end
  of the script, there are a couple of calls to
  session_register(). This
  is a deprecated function that hasn't been used by Dreamweaver
  since
  version MX 2004.
  There are other errors in the script. So many, indeed, that I
  don't see
  how that code can have been created by Dreamweaver CS3. Go to
  the Help
  menu on a PC (or the Dreamweaver menu on a Mac) and select
  About
  Dreamweaver. Click the scrolling display once to reveal the
  Build
  Number. What does it say?
  David Powers
  Adobe Community Expert, Dreamweaver
  http://foundationphp.com

• How to create a login form

  what is the best way to build a login form where a single user will be logged always (Not the user name that's enterd in the user name field).
  The main issue is not to expose the password of the user that will be logged in in any file on the server.
  So when the login screen opens, a user should be already logged in to query the database to validate the username & password entered agains USERS table.
  Thanks

  In 10g you can specify the userid/password in the iAS server configuration parameter under a named configuration, let's say [myapp] and specify the identifier in your URL
  http://localhost:8890/forms/frmservlet?config=myapp
  # Forms runtime argument: database connection details
  userid= <username>/password@<database>Try it.
  Regards,
  Tony

• Login Form - pass parameters to remote site

  Hi,
  I need to create a login form on site A which passes parameters (username;company; password) to site B. The user will then be logged into site B in a new window.
  I guess this can be done in php on site A but my php skills are sketchy to say the least.
  What I understand I need to do is send a GET request to http://site_b/login.asp?username=XXXX&company=XXXX&password=XXXX where the XXXX values come from the form on site A.
  This is what I have (which is probably way out)...
  <form method="get" action="http://site_b/login.asp?username=$username&company=$company&password=$password">
          Username: <input type="text" name="username"  <?php {echo "value=''username";}?>   /><br />
          Company: <input type="text" name="company" <?php {echo "value='$company'";}?>/><br />
          Password: <input type="password" name="password" <?php {echo "value='$password'";}?>/><br />
      <input type="submit" value="Login" /><br />
      </form>
  ....of course it doesn't work.
  I would be grateful if someone could point me in the right direction, thanks.
  Mick

  Mick3496 wrote:
  bregent - they were very clear about the form fields:
  username   (alpha/numeric)
  company   (numeric only)
  password  (alpha/numeric)
  Note that the fields are all lower case.
  Are you saying the form code I posted should work?
  Mick
  It looks fine to me. For testing purposes you might want to change the password field to a text field so that you can be sure it is being populated correctly. And again, make sure that they are not checking referrers in their ASP script.

• Query MySQL table from login form.

  Probably a simple question, but I can't seem to get it. Here my
  my table on MySQL
  ID        Username        UFN           ULN             Password
  1         joSmith            John           Smith           encrypted
  2         jaSmith            Jane           Smith           encrypted
  3         jDoe                 John           Doe             encrypted
  When I login using username and password, I want to display the first name and last name for the user and display it on the next page. I can usually echo a _POST, but when it comes to sessions, this doesn't seem to work properly, as the next page doesn't know the variable.

  Sorry here is the code, its generated from the login user wizard from dreamweaver. It doesn't matter what code is on the second page as the session and post variables are "gone", I can't call on it. This code of course will successfully login to the restricted pages without issues.
  <?php require_once('Connections/UserAcc_mySQL.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=md5($_POST['password']);
    $UN=$_POST['usern'];
    $MM_fldUserAuthorization = "";
    $MM_redirectLoginSuccess = "loginredirect.php";
    $MM_redirectLoginFailed = "adminlogin.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_UserAcc_mySQL, $UserAcc_mySQL);
    $LoginRS__query=sprintf("SELECT `User`, Password, UFN, ULN FROM username WHERE `User`=%s AND Password=%s",
      GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $UserAcc_mySQL) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
       $loginStrGroup = "";
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;     
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Untitled Document</title>
  <style>
  .Login
  position:absolute;
  vertical-align:middle;
  margin-left: 40%;
  margin-right: 40%;
  top: 153px;
  </style>
  </head>
  <body>
  <div class="Login">
  <form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="LogMeIn">
  <label>Username:</label> <input type="text" name="username" id="username" /><br />
  <label>Password: </label><input type="password" name="password" /><br />
  <input type="hidden" name="user" />
      <input type="submit" value="Login" />
  </form>
  </div>
  </body>
  </html>