Typical login.jsp, middle_page.jsp and logout.jsp
Hi all,
I have been tring to build a login system in JSP.
The problem is every time the session expires I am
not able to login again immediately and on few
ocassions lots of sessions are opened automatically
which prevents re-loging.
I dont even want to discuss what I did in fear of
confusing you.
So somebody please send me excerpts from a typical
1.)login.jsp
2.) someMiddlePage.jsp
3.) logout.jsp
That really works
I think I am sure about the login and middlepages i.e
-->creating a login.java bean that creates a session and
-->adding userdata into session.
--> and declaring <jsp:usebean id=login class=login scope =session/>
in the middle page and check if the session has valid userid
before serving...
--> I am not sure about the rest..
I think answering this question with a "working code"
can prevent hundreds of other questions that can follow..
Thanks a lot in advance..
See: http://www.open-group.biz/xmlportal/Portal?xpc=1$@5$@1$@3
The example is embedded in a portal but the source code is visible on-line.
Good luck!
Similar Messages
-
HT203998 If I login from one account and logout from them
If I login from one account and logout from them, I can not see the user which I made hidden using the above commands, but when I restart my mac I can see that hidden user on login screen, please help, I don't want to see the hidden user even after restart.
Hi uddipatel,
Welcome to the Support Communities! Here is how you hide a user account in the login window on your Mac:
How to hide a user account in OS X - Apple Support
http://support.apple.com/en-us/HT203998
Hide a user account in OS X Yosemite
You can prevent a user account from appearing in the login window in OS X Yosemite by using these steps:.
1. Log in as an admin user.
2. Use this Terminal command, substituting the short account name name of the user you wish to hide for “hiddenuser”:
sudo dscl . create /Users/hiddenuser IsHidden 1
If you later want to show the hidden user, set the user’s IsHidden attribute to 0 like this:
sudo dscl . create /Users/hiddenuser IsHidden 0
You can optionally delete the IsHidden attribute instead of setting it to 0.
Additional Options
You can also move the hidden user's home directory to a place not visible from the Finder, and remove the hidden user's Public Folder share point.
The following command moves the home directory of "hiddenuser" to /var, a hidden directory:
sudo mv /Users/hiddenuser /var/hiddenuser
The following command updates the user record of "hiddenuser" with the new home directory path in /var:
sudo dscl . -create /Users/hiddenuser NFSHomeDirectory /var/hiddenuser
The following command removes the Public Folder share point for the user with the long name "Hidden User”:
sudo dscl . -delete "/SharePoints/Hidden User's Public Folder"
Hide a user account in earlier versions of OS X
There are three ways you can hide a user in versions of OS X earlier than Yosemite.
Set the Login window to display name and password fields
In the Users & Groups preferences pane (Accounts pane in Mac OS X v10.6 and earlier), click Login Options, then select "Display login window as: Name and password".
With this enabled, no user accounts are listed in the Login window.
If changing the Login Window to only display the name and password fields does not meet your needs, then you can use the following steps in this article to hide a user account.
Add users to the HiddenUsersList (advanced)
With Mac OS X v10.4 and later you can hide users from the Login window by adding them to the HiddenUsersList array in the /Library/Preferences/com.apple.loginwindow.plist file. The following command will hide the users "mei" and "anne" from the Login window:
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add mei anne
Note: These users will still appear in the Accounts (Mac OS X v10.6 and earlier) or Users & Groups (OS X Lion) pane in System Preferences.
Lower the user's UID and enable the Hide500Users option (advanced)
You can use the advanced steps below to change a user's UID, adjust their home directory permissions and enable the Hide500Users option. An example user account "tom" is used below.
The following sample Terminal command changes the user tom's UID to 401. Note: Check to make sure the new UID is not in use before making this change.
sudo dscl . -create /Users/tom UniqueID 401
This command adjusts the permissions of the user's home directory:
sudo chown -R tom /Users/tom/
Enable the Hide500Users option with this command:
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
Last Modified: Dec 8, 2014
All the best,
- Judy -
Session Login and Logout in jsp page
hi
i am developing jsp page
i completed except logout.jsp page
my login page is in Jsp format and then business Logic in servlet and then get method & set method in bean.java
i have login and then it sucess page there i have singout button
if i sign out it should go to login page
how to do
how to make session invalidate
how to get session id
i have one more doubt i should check session invalidate each jsp page
regarding session login and logout in jsp
if anybody knows please give me a piece of code regarding login and logout
Regards
AkshathaThis is part of your filter class now you need login.jsp page
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="Stylesheet" type="text/css" href="/PAS/css/site.css"/>
<title>Automation System | Login Page</title>
</head>
<body>
<div align="center">
<h1>Photint Automation System</h1>
</div>
<br/><br/><br/>
<center>
<table border="1" cellpadding="0" cellspacing="0" width="40%" bgcolor="FFFFFFFF">
<thead>
<tr>
<th align="left" height="30"> <h3> Login</h3></th>
</tr>
</thead>
<tbody>
<tr>
<td>
<div align="center">
<form name="LOGIN" action="/PAS/LoginServlet" method="POST">
<table border="0">
<tbody>
<tr>
<td height="15"></td>
<td height="15"></td>
<td height="15"></td>
<td height="15"></td>
</tr>
<tr>
<td height="30"></td>
<td align="right" height="30">User Name : </td>
<td align="left" height="30"><input type="text" name="USERNAME" value="" size="35" /></td>
<td height="30"></td>
</tr>
<tr>
<td height="30"></td>
<td align="right" height="30">Password : </td>
<td align="left" height="30"><input type="password" name="PASSWORD" value="" size="35" /></td>
<td height="30"></td>
</tr>
<tr>
<td height="50"></td>
<td height="50"></td>
<td align="center" height="50"><input type="submit" value="Login" name="Login" /> <input type="reset" value="Reset" name="Reset" /></td>
<td height="50"></td>
</tr>
</tbody>
</table>
</form>
</div>
</td>
</tr>
</tbody>
</table>
</center>
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<br/><br/><br/>
<center>Copyright © 2009 Photint FZ LLC</center>
<center>Powered by Ali Jamali</center>
<center>Version : 1.0</center>
</body>
</html>And you need loginServlet.java
package com.ali.util.filter;
import com.ali.entity.user.UserEntity;
import com.ali.util.HibernateUtil;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("USERNAME");
String password = request.getParameter("PASSWORD");
if (username == null || username.length() == 0) {
System.err.println(" Username textfeild is empty ..... !");
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
if (UserRegistry.isUserLoggedIn(username)) {
System.out.printf("User [%s] is already logged in. \n", username);
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
UserEntity user = null;
try {
user = (UserEntity) HibernateUtil.load(UserEntity.class, username);
if (user == null || !user.getPassword().equals(password)) {
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
System.err.println(" Password or username is not valid ..... !");
return;
} catch (Exception e) {
e.printStackTrace();
RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
dispatcher.forward(request, response);
return;
HttpSession session = request.getSession();
System.err.println(request.getRemoteAddr());
session.setAttribute("username", user.getFirstName());
session.setAttribute("userType", user.isAdmin());
UserRegistry.logInUser(username);
response.sendRedirect("/PAS/index.jsp");
}finally is you need to just one user can be online at time or need to know how many user & who is online you should at this class also
package com.ali.util.filter;
import java.util.ArrayList;
import java.util.List;
public class UserRegistry {
private static final List loggedInUsers = new ArrayList();
public static void logInUser(String username) {
loggedInUsers.add(username);
public static void logoutUser(String username) {
if (isUserLoggedIn(username)) {
loggedInUsers.remove(username);
public static boolean isUserLoggedIn(String username) {
return loggedInUsers.contains(username);
}If you have any more Q. or any comment , Most welcome
Thanks
Ali Jamali -
Writing Login.jsp and authenticating a user who have stored in MySql DB
Hi Friends,
My project requirement is: Need to write a login page must send the request to servlet is the user and password avail in mysql db, if yes servlet should forward the home page else error message. Tools i need to use is IDE=eclipse, Server = tomcat, database = MySql
Here is source:
pls tell me where i m wrong.
Login.jsp
<%@ page language="java" %>
<html>
<head>
<title>Login Page</title>
<script language = "Javascript">
function Validate(){
var user=document.frm.user
var pass=document.frm.pass
if ((user.value==null)||(user.value=="")){
alert("Please Enter user name")
user.focus()
return false
if ((pass.value==null)||(pass.value=="")){
alert("Please Enter password")
pass.focus()
return false
return true
</script>
</head>
<body>
<h1>Login
<br>
</h1>
<form name="frm" action="/LoginAuthentication" method="Post" onSubmit="return Validate()" >
Name:
<input type="text" name="user" value=""/><br>
Password:<input type="password" name="pass" value=""/><br>
<br>
<input type="submit" value="Login" />
<input type="reset" value="forgot Password" />
</form>
</body>
</html>
Servlet Code:
LoginAuthentication.java
import java.io.*;
import java.util.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletContext;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.ArrayList;
public class LoginAuthentication extends HttpServlet{
private ServletConfig config;
public void init(ServletConfig config)
throws ServletException{
this.config=config;
//public void init() {
// Normally you would load the prices from a database.
//ServletContext ctx = getServletContext();
// RequestDispatcher dispatcher = ctx.getRequestDispatcher("/HomePage.jsp");
//dispatcher.forward(req, res);
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
PrintWriter out = response.getWriter();
String connectionURL = "jdbc:mysql://127.0.0.1/SRAT";
//String connectionURL = "jdbc:mysql://192.168.10.59/SRAT";
//127.0.0.1
//http://localhost:3306/mysql
Connection connection=null;
ResultSet rs;
String userName=new String("");
String passwrd=new String("");
response.setContentType("text/html");
try {
// Load the database driver
Class.forName("com.mysql.jdbc.Driver");
// Get a Connection to the database
connection = DriverManager.getConnection(connectionURL, "admin", "admin");
//Add the data into the database
String sql = "select user,password from login";
Statement s = connection.createStatement();
s.executeQuery (sql);
rs = s.getResultSet();
while (rs.next ()){
userName=rs.getString("user");
passwrd=rs.getString("password");
rs.close ();
s.close ();
}catch(Exception e){
System.out.println("Exception is ;"+e);
if(userName.equals(request.getParameter("user"))
&& passwrd.equals(request.getParameter("pass"))){
out.println("WELCOME "+userName);
else{
out.println("Please enter correct username and password");
out.println("<a href='Login.jsp'><br>Login again</a>");
Deployment Descriptor for TOMCAT
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
SRAT</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>LoginAuthentication</servlet-name>
<servlet-class>LoginAuthentication</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginAuthentication</servlet-name>
<url-pattern>/LoginAuthentication</url-pattern>
</servlet-mapping>
</web-app>
PLS HELP ME.
S. Udaya ChandrikaI too have used the same code but its giving the following error:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Wrapper cannot find servlet class Validation or a class it depends on
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Unknown Source)
root cause
java.lang.ClassNotFoundException: Validation
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1387)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1233)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.
Apache Tomcat/6.0.18
Please some one help?? -
Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints
Hello,
I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
<security-role>
<role-name>Admins</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/badlogin.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>empower</web-resource-name>
<description>These pages are only accessible by authorized users.</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>Administrators</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
My weblogic.xml has:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<wls:security-role-assignment>
<wls:role-name>Admins</wls:role-name>
<wls:principal-name>Administrators</wls:principal-name>
<wls:principal-name>dashap</wls:principal-name>
</wls:security-role-assignment>
</wls:weblogic-web-app>
With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?Hi John,
I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
Ideally, the flow is something like:
- user accesses an unprotected resource - resource is shown, no interaction with authentication provider
- user presses a link or button that takes him/her to a protected resource
- the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
- the application can access the subject and principals
- ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
If you more ideas to share - I would love to hear them.
best regards,
Lucas -
I would like to change the default login.html to be a login.jsp page so I can format the page better and still use the authen/author used by login.html
Does some have a sample login.jspx that does the same a login.html.
ThanksHi Rac Man,
The following URLs can be useful:
http://www.radio21g.com/faces/2007/07/24/adf-faces-for-dummies-22-create-your-hello-world-app-continued/
http://download.oracle.com/docs/cd/E12529_01/webcenter.1013/b31072/tt_security.htm#CHDCIIHE
http://blogs.oracle.com/shay/entry/for_some_reason_one_common
http://www.nyoug.org/Presentations/2010/June/Koletzke_Hello_WWW.pdf
Regards,
Cris -
How can i find the requested portal page in custom login.jsp
We are using a customized login, logout and change password page built in JSP.
The wwsso_ls_configuration_info$ has been updated to point to the customized
JSP pages. Everything works fine so far but we would like to show different
content inside the customized login page depending on which portal page that
was requested.
eg suppose the user requested a page that belong to page group X we want to
show login page with html content relevant to page group X. If page group Y is
requested, then it show relevant information for Y.
The ssousername, password field and other parameter needed for login page will
be left to the standard names defined by oracle login requirements.
For this purpose, we need to find which portal page was requested by user in
the customized login.jsp( as users tend to bookmark the portal page eg.
http://domain/portal/page?_pageid=33,30983,33_30985&_dad=portal&_schema=PORTAL)
Once i know the requested portal page, i can parse the _pageid to get the page group.Were you ever able to get this issue resolved? I would be interested in the solution if one was ever found. Thanks.
-
Issue in applying SSL selectively to Login JSP Page--Session getting lost.
Hi,
I am facing some issues with SSL configuration on my web site running on tomcat 5.5. I am using jdk 1.5 and form based authentication with JAAS framework.
The SSL configuration is working perfectly when applied to complete web site, but starts giving problem when applied selectively to some JSP pages. At present I am trying to apply SSL just on the login page.
When the login screen loads up, the URL in the browser has a protocol "*https*", as expected, but it doesn't gets changed to "*http*" once the user has successfully logged in. Why is the automatic change from https to http not ocurring?
Also I want to know which is the default page, tomcat will direct the logged in user to, once successfully authenticated using form based login; Is there any way to change this default page to some other page. It looks like that tomcat automatically directs to index.html , once the user has been successfully authenticated, but I am not so sure. My index.html page is having 4 frames; the source of these frames are different JSP pages, which are not under SSL.
My aim is to apply SSL just on login.jsp so that password doesn't travel in clear text. Once the user is authenticated he should see index.html and the address bar's URL should change it's protocol from https to http.
Please, find below the code in my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>CWA Application</web-resource-name>
<url-pattern>/about.jsp</url-pattern>
<url-pattern>/admin_listds.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/*login.jsp*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>CWA Application</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
My login. jsp has below code:
<form name="login" method="POST" action='<%= response.encodeURL(*"j_security_check*") %>' >
<tr>
<td width="100%">
<table width="260" border="0" cellspacing="0" cellpadding="1">
<tr>
<td align="left" valign="top" rowspan="4"><img src="images/space.gif" width="15" height="5"></td>
<td align="right" class="login-user" nowrap ><p>User name: </p></td>
<td align="left" valign="top"><input maxLength="64" name="j_username" size="20"></td>
</tr>
<tr>
<td align="right" nowrap class="login-user"><p>Password: </p>
</td>
<td align="left" valign="top">
<input maxLength=\"64\" tabindex="2" type="password" name="j_password" size="20">
</td>
</tr>
</form>
The entries in my server.xml are following:
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="${java.home}\lib\security\cacerts" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" />
I have gone through the http://forums.sun.com/thread.jspa?threadID=197150 and tried implementing it; The filter as explained in the thread does gets called but the session values are still lost.
Please note I am using javascript to go from secure "https" to "http" once the user has successfully logged in The javascript code is as below:
top.location.href="http://localhost:8080/qtv/index.html." ;
If I use response.sendRedirect("http://localhost:8080/qtv/index.html") for going to non-secure mode, the index.html page does not gets loaded properly. (Please note that my index.html is made of *4 frames*, as explained earlier. This is a legacy code and frames can't be removed).
The reason for index.html not getting loaded properly is that the Address bar URL does NOT change its URL and protocol from https (https://localhost:8443/qtv/index.html ) to "*http*" (http://localhost:8080/qtv/index.html) when esponse.sendRedirect() is used ;this is the default behaviour of response.sendRedirect(). And because the protocol in address bar is https, index.html is not able to load the other JSP's in it's frames because of cross-frame-scripting security issues (The other JSP's to be loaded in frames are are NOT secure as discussed earlier).
Please let know if any way out.
Thanks,
MasaaiHi
try to set the maximum interval between requests
eg:
session.setMaxInactiveInterval(6000);
vis -
I made a login.jsp with the help of a bean. the bean holds a string[] as a property where it stores user and pass, then those values are checked in my database, and a boolean bean property is set to true. The problem is I want to do an if statement in my JSP using that boolean, but I can't seem to get the jsp working, can anyone help me?
I'm doing
<%if (<jsp:getProperty name="auth" property="truth"/>) do something else something else%>
I've also tried
<%! boolean it = <jsp:getProperty name="auth" property="truth"/> %>
<%if (it) do something else something else%>
both give me compile errors.<jsp:getProperty name="auth" property="truth"/> is roughly equivalent to
<% out.print(your_bean.getTruth()); %> or <%=your_bean.getTruth()%>
Once you understand this, you'll see why your code cannot possibly work...
Below is a simple solution to your problem.
<jsp:useBean class="YourBean" id="auth" etc.. >
<% if auth.getTruth() {
something; // don-t forget the semi-colon
else {
some other thing; // ditto
%>If you don't want any java code inside your jsp, consult the JSTL tag lib to construct an xml-like if-else statement. -
Help with customised login JSP on SSO server
Our customised version of the SSO login page JSP is required to access a database table in order to retrieve a dynamic message to display. This means we will need to create utility java classes in order to connect to the database and retrieve the information. We will also ideally need a data source on the SSO APP Server that we can reference in order to avoid hard-coding environment specific connection data.
Can anyone help out on where we will need to install the utility classes and where the data source can be created in order for the login JSP to see them. Is there any other configuration we need to consider e.g. classpaths etc?
The coding we are fine with, it is the actual "what goes where and don't forget to include this" that we are unsure of.Hello St***,
Did you accomplished the cusomized SSO logon page with database access. If yes can you please provide met with some examples and instructions how to accomplish this.
Regards,
Dennis -
I have a Login JSP which talks to a Servlet which then passes the login request to a Bean. In the Bean I save the login information in the Session, if the login fails I am trying to 'forward' to the Login JSP page again. On the Login JSP there is an 'errorText' field that gets the errorText Property from my Bean. However, when the 'getErrorText' method is called by the JSP I seem to have a new Session and have lost all of my login information.
What have I done wrong ? I have tried setting the 'scope' of the Login JSP to session and the application but with no result.
How can I ensure that when I re-display the Login JSP with an error message on it that I am using the Session (and copy of my bean) that I had when I set the properties ?
Sarah.have the code for setting the session values in the servlet that comes after the JSP login page.
in the jsp login page try to retreive the session values for the user name and the password.
store these values in the name and password variables.
for the first time it'll be null and an exception will be thrown. so in the catch block, set the value of the name variable and the password to null string ie "" and set these values as the values of the textfields (for user name and password). also in the catch block, set the error message string also . this one u can use to display when u r redirected to the JSP login page by the servlet. if first time, then set it to null string "".
but assuming that the JSP page has been called from the servlet when an error occured i.e when the server cannot recognize the user name and password combination, the session variables for the user name and the password won't be null and u can use these values to be displayed in the respective textfields.
so when the user name and password cannot be recognized by the server, just call the same JSP login page.
hope that clears a bit of ur doubt!!
rgds
JP -
Adding a custom button to Login.jsp
In AM 7.1 I have a need to add a "Forgot your password?" button to the AM login page. I would like this button to be located just to the right of the existing 'Log In" button and have the same look and feel as the "Log In" button.
When a user clicks on the button it is going to take them over to our Identity Manager questionLogin.jsp page. Linking the button to the IdM page is easy. What I don't know how to do is modify the Login.jsp page to add another button that has the same look and feel of and is positioned right next to the current "Log In" button. The AM Developer's Guide was of no help. Can anyone help and/or provide a code example that would do what I am looking for?Thanks for the reply, Michael. I understand that the Login.jsp needs to be modified and redeployed, but the question is how to create a new button with the same look and feel as the Login button. Currently we have modified the Login.jsp with a "Forgot Password" html link, but it would be prefered to create a button to match what already exists. I understand that this might be outside the scope of this forum, but I was hoping that someone that has done this (specifically the original poster if he found a solution) could share the relevent code.
-
How to bring Login.jsp under a html frame ?
hi all.
I have customized the Login.jsp and actually have lot of static content to be displayed in our proposed entry page.
I decided to use Html frames - something like the one below.
When i point on the frame to the Login.jsp ( i referred it as 'amserver/UI/Login') --> it loads all frames then redirects the page to the /amserevr/UI/Login -> the Login.jsp now occupies the entire screen and i c none of the html frames..
any idea how to bring in the portal Login.jsp under a html frame ?
Thanks
Vee
<html>
<frameset noresize="noresize" frameborder=0 rows="25%,70%,5%">
<frame frameborder=0 noresize="noresize" src="/amserver/UI/Login" name="banner_frame" scrolling=no>
<frameset frameborder=0 noresize="noresize" cols="30%,70%">
<frame frameborder=0 src="./images/menus.gif" name="menu_frame" scrolling=no>
<frame frameborder=0 src="./images/content.gif" name="content_frame" scrolling=no>
</frameset>
<frame frameborder=0 src="./images/copyright.gif" name="copyright" scrolling=no>
</frameset>
</html>is it possible to write jsp code or javascript code inside this Login.jsp ?
I got a bunch of content - menu driven to displayed additional to the identity server login module.
veera -
How to authorize my Login.jsp file to create LoginContext, deployed in war
I am currently doing a login process and I need to know how to give my Login.jsp file the permission to create a LoginContext. I packaged everything in a war file and deployed it to the server.
Specifically this is the error that I am getting:
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: access denied (javax.security.auth.AuthPermission createLoginContext.studentportal)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:384)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:297)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:247)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
root cause
java.security.AccessControlException: access denied (javax.security.auth.AuthPermission createLoginContext.studentportal)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
java.security.AccessController.checkPermission(AccessController.java:427)
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
javax.security.auth.login.LoginContext.init(LoginContext.java:224)
javax.security.auth.login.LoginContext.(LoginContext.java:403)
org.apache.jsp.Login_jsp._jspService(Login_jsp.java:55)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:297)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:247)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server logs.
In my code in Login.jsp this is what I have at the top of the page:
<%@ page language="Java" import="portal.*,javax.security.auth.login.*" %>
<%
String s = request.getParameter("loginButton");
if (s != null) {
out.println("The user attempted to login");
String user = request.getParameter("username");
String psw = request.getParameter("psw");
AscCallbackHandler cbh = new AscCallbackHandler(user,psw);
LoginContext ctx;
try {
ctx = new LoginContext("studentportal",cbh);
} catch (LoginException le) {
out.println("Sorry, could NOT create context");
}The admin page tells me that portal is deployed at location:
${com.sun.aas.instanceRoot}/applications/j2ee-modules/portal
My entry in the server.policy file looks like so:
grant codeBase "file:/home/jay/sun/Creator2_1/SunAppServer8/domains/creator/applications/j2ee-modules/portal/WEB-INF/-" {
permission javax.security.auth.AuthPermission "createLoginContext.studentportal";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
Which gives the error shown above
Please help
Message was edited by:
jay_dawg
Placing code tagsjava.lang.NoClassDefFoundError: org/jdom/JDOMException
java.lang.Class.getDeclaredConstructors0(Native Method)
java.lang.Class.privateGetDeclaredConstructors(Class.java:2357)
java.lang.Class.getConstructor0(Class.java:2671)
java.lang.Class.getConstructor(Class.java:1629)
org.apache.jasper.compiler.Generator$GenerateVisitor.visit(Generator.java:1164)
org.apache.jasper.compiler.Node$UseBean.accept(Node.java:1116)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2163)
org.apache.jasper.compiler.Node$Visitor.visitBody(Node.java:2213)
org.apache.jasper.compiler.Node$Visitor.visit(Node.java:2219)
org.apache.jasper.compiler.Node$Root.accept(Node.java:456)
org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2163)
org.apache.jasper.compiler.Generator.generate(Generator.java:3305)
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:198)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:295)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:303)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:368)and following by this -
Functionality of LoginSubmit function in Login.jsp file
Hi,
I have tried to change the javascript customization in the "Login.jsp" file on my test box but I am sort of stuck in terms of getting the logic behind the function "LoginSubmit(value)" .
What I have tried to do is to create a conditional expression based on the button ("submit" or "cancel" in the password reset form) that is clicked. Based on my testing I find that the function "LoginSubmit(value) " is called for each button click and it seems to treat each call in a different way.
The function "LoginSubmit(value)" is a function which is available in the default implementation of access manager itself. I basically needed to know how this function works when the "Login.jsp" file is called or how this function responds to each button click .
Can anyone direct me to specific documentation which is of help.
Appreciate your thoughts on the working of this function.
Thanks,Have a look here. This might be useful to you:
Re: How to call a PL/SQL procedure from a Java class?
Maybe you are looking for
-
Time Machine - The First Back-Up
I have a 300 GB Maxtor OneTouch II, and I am attempting to use Time Machine with this external drive. So, Time Machine begins to back up to the drive at a rather quick pace until the download window disappeared at 13.16 GB out of 60 GB. I believed th
-
Cs2 crashes as soon as it opens?
i have uninstalled and reinstalled 4 times. this has not helped out at all. any recommendations?
-
Output display problem in alignment
i am displaying vendor wise purchase register details in my output i have many line items per each vendor. i want to display vendor wise line items. suppose AFTON CHEMICALS is coming 10 times in the output i want to display this with all line items
-
System requirements - processors?
System requirements for Lightroom and PS indicate Intel Pentium processors needed. My computer has 16GB memory, 2x8 GB 1600 MHz DDR3 memory - Intel "Core i-5 4590 processors. Will it run Lightroom and PS, and do so as well as, machine with Pentium
-
SSO solution required for SAP,OBIEE,EBS,java,SQLserver,Apache applications
Hi, We have applications including ERP like SAP , Oracle Applications , Oracle OBIEE and applications also using Java/Apache/SQL Server. We are looking for a SSO solution between all these applications so that user will sign in one application and wi