Validate username and password.........
I am new to JSPs and have login code that i am using for my JDBC connection. How can i use this code to validate a web user's password and username?
public class Login
private String username;
private String password;
Constructor to create a new login object
@param u valid database username.
@param p valid database password.
public Login(String u, String p)
username = u;
password = p;
Gets the username.
@return the username as a string
protected String getUser()
return username;
Gets the password
@return the password as a string.
protected String getPassword()
return password;
Thanks
if i understand you right, you want to use what they log in with for your jdbc connection. i've never done it that way myself.. i use a single "web entry" user/pass. why must it be like that? i'm curious, maybe i should do it that way. but i grab a conn with that standard account.. and then of course all user lookups can be done.
if anything, do the first conn with the standardized 'anon/nobody' user/pass and then rs = stmt.executeQuerY("select id from users where name = ' + user + ' and pass = ' + pass + "'");
or whatever you want.
Similar Messages
-
Can I use a stored procedure to validate a username and password?
We are using Discoverer on a standalone server but we have a database link to our reporting database.
Our standalone Discoverer is on a 10g database with a database link. Our reporting database is an 9i database using oracle applications. I have a stored procedure that i can call to validate username and password in the apps.
Is there anyway to call that stored procedure from Discoverer so that my users don't have to have 2 different passwords?
thanks
AngieMichael.
Let's rewind this discussion for a sec as I have not the faintest idea what you're referring to with the dblinks, query prediction, etc.
I didn't think that was the main thrust of the thread and thought it was if the user could validate a username and password. If they happen to use a dblink, that's another issue.
1. What I"m referring to as good design is the concept of the eul$ triggers that Discoverer offers (the link offered by the user before my response).
I like triggers in Forms, I like trigger in Reports - and I like them in Discoverer. I think they potentially have a great use - the problem is finding that use.
One use I can forsee is setting up an environment or table everytime one enters Discoverer. Or maybe some cleanup after Discoverer is exited (ie: delete that setup table).
2. You mentioned dblinks.
What do I think about 'em? Don't know ... don't care. Haven't had to work with them too much and until that point comes - I'm not worried about them either way.
3. You mention query prediction.
What do I think about it? IMO, turn the darn thing off. I don't really care what it's SUPPOSED to do according to Oracle - in 9 out of 10 client sites I go to ... it's not doing it. It's waste time, processing power, coffee time, whatever ... to come up with a bogus estimate that makes Discoverer looking like a toy.
For example:
prediction time: it takes 6 minutes to come up with an estimate
prediction: Query will take 364 days, 11 hours, 9 minutes, 18 seconds. Do you wish to continue?
me: Duh ... okay.
query runs for: 1 minute, 2 seconds
It's like a Vulcan in that it's incredible detailed on it's assessment on how long it will take. Unlike a Vulcan though, it's completely bogus. Sure it supposed to be better over time but again - in 9 out of 10 client sites I go to, it's a joke and once turned off ... the client couldn't be happier.
So again, let's rewind here. Maybe I'm missing something, but I had no idea this thread was angling to dblink and query prediction, but my views on what I thought we were talking about are above.
Russ
PS. And no I'm not PO'd ... just want to fix what appears to be cross-purposes. -
Validate web service username and password against Oracle EBS
Hi,
We have a requirement to pass username/password to a SOA webservice that needs to be validated against Oracle E-Business Suite (EBS) login credentials. The EBS users are not integrated with SOA Weblogic server. In EBS, the standard PL/SQL procedure FND_WEB_SEC.VALIDATE_LOGIN(user_name, password) can be used for validation. Appreciate if someone can provide input on validating the username and password as part of web service security header using any OWSM policy.
Thanks!I'm guessing that you are trying to call an EBS API and are using FND_WEB_SEC to test that the user account is valid in FND_USER first before executing the API call. In that instance, you'll likely need to use the Oracle Applications Adapter for EBS if you want to authenticate the user through FND_USER.
If you've not purchased that adapter, you could use a simple BPEL process, with a regular database adapter to firstly call the FND_WEB_SEC package to authenticate. Pass the response from eBS into a bpel variable, add a bpel switch based on the outcome of that variable either execute the API call or throw an authentication error if the call failed.
You can wrap all this up into one web service that then calls this bpel process, taking the username and password as as input parameters.
Phil -
Username and password validation on SOAP Web Service
Hi,
I'm pretty new to web services and c# .net framework.
I'm developing an app that uses a third party's API/ Web services. My first task is getting this log in(authentication) to working.
Right now its nothing more than a simple Login form:
The code behind the "Log In" button is so far:
Here I've instantiated the SOAP web service that I'm using. And when I got to test/debug my form and type in my username and password and click the "Log In" button nothing happens..."of course"
So my question is, how could I validate whether the username and password were sent to the web service and whether the authentication is true or false?I'm trying to figure that part out...of how I can get it to return the bool. How can I check to see if it returns a bool?(because i'm not really sure if it does or doesn't just yet)
I'm not expecting it to say "Hey you're logged in" because the actual application doesnt work that way. The actual desktop client will log you in with a (Domain Name\ Username) and windows authenticate
that you're who you say you are, check the SQL Server and Database and Logs you in.
So im trying to figure out how I can manually set it up to where it let the user know that they have Logged in successfully.
And you're saying that the code i have right now SHOULD log the users in correctly? -
Connecting printer to a secure wireless network which requires both username and password
I have the hp photosmart 6510. I have it in my college dorm, which has a secure network with requires both a user name and password. I need help setting it up as I can't seem to get the printer to enter a username and password. I know the printer works and I know that my computer can print wirelessly with the printer. My college game me this setup configuration.
Configuration Item Preferred Value Optional Value (less preferred)
Network Name of SSID umd-secure
802.1x Operating Mode
(note: 802.11b is no longer supported) Infrastructure or Network (not ad hoc)
Security Mode Enterprise (not Personal)
Network Authentication WPA2 WPA-less prefered
Data Encryption CCMP or AES (TKIP-less prefered)
Roaming Identity or Outer Identity anonymous
Authentication Type or Outer Authentication TTLS (PEAP-Less prefered)
Authentication Protocol or Inner Authentication PAP (MS-CHAPv2-less prefered)
Validate Server Certificate or Verify Server Name Yes
Certificate Issuer or Trusted Root CA Thawte Premium Server CA (Any Trusted CA -less prefered)
Server Name or Certificate Name wireless.umd.edu
Server Name must match YesHi @hatyai ,
Thank you for visiting our English HP Support Forum. We are only able to reply to posts written in English. To insure a quick response it would be advisable to post your question in English. The following links are here to assist you if you prefer to post in the following Language Forum.
English: http://h30434.www3.hp.com
Spanish: http://h30467.www3.hp.com
French: http://h30478.www3.hp.com
Portuguese: http://h30487.www3.hp.com
German: http://h30492.www3.hp.com
Korean: http://h30491.www3.hp.com/t5/community/communitypage
Simplified Chinese: http://h30471.www3.hp.com/t5/community/communitypage
Thank you for your understanding
I work for HP. However I speak only for myself, not for HP nor anyone else -
Validation (check) Username and Password from the database
I have a Login page in my website, username and password as a textbox not as a form, I have already save the admin username and his password in the database, now I need to check or validate these textboxes if data entered to textbox match the
existing in the database then show a message box "Successful Login" if not "username or password invalid!!"
Note : The website developed using c# Visual Studio Professional 2013
Thank youHi,
Please check if the connection string is right and make sure the IIS application pool identity has enough permission to access database.
For more information, please refer to the document:
http://www.codeproject.com/Questions/328554/IIS-hosted-website-cannot-access-database
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
CallbackHandler - username and password token
Hi,
I use a CallbackHandler and server_security_config.xml on the server to authenticate and authorize the user.
I get the correct username and password token on the server and do my validation directly in:
public class AuthenticationValidator implements PasswordValidationCallback.PasswordValidator
public boolean validate(PasswordValidationCallback.Request request)
throws PasswordValidationCallback.PasswordValidationException
System.out.println("AuthenticationValidator public boolean validate");
PasswordValidationCallback.PlainTextPasswordRequest req = (PasswordValidationCallback.PlainTextPasswordRequest) request;
System.out.println("Username: " + req.getUsername());
System.out.println("Passowrd: " + req.getPassword());
// check with database!
// return false; // not OK
return true; // OK
I don't want to use a JAAS Login module.
The auth works fine.
Now I have a big and a little problem.
1.) I need the username (String username = req.getUsername();) from xwss in my service implementation class. But how can I transfer this value??
I have a javax.security.auth.callback.CallbackHandler class and no Logicalhandler with a MessageContext object.
2.) My second question:
If the authentication fails AuthenticationValidator returns return false; and the client gets a SoapFault Exception. It is possible to catch this exception and throw a user defined exception?
Please helped me, thanks!!
Please see also here:
https://xwss.dev.java.net/servlets/ReadMsg?list=users&msgNo=54
Regards,
RocciHi,
thanks for your fast answer and sorry for my late answer.
I tried it and now nothing is working any more.
I get with the new libraries the following exception:
22.06.2006 11:28:36 com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher receive
SCHWERWIEGEND: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
java.lang.RuntimeException: java.lang.IllegalArgumentException: Illegal use of setScope() on non-existant property :javax.security.auth.Subject
at com.sun.xml.xwss.SystemHandlerDelegateImpl.processRequest(SystemHandlerDelegateImpl.java:274)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:144)
at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.handle(WSServletDelegate.java:333)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:288)
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
I have in my validator class:
Subject subject = new Subject();
subject.getPrincipals().add(new X500Principal("CN=" + userName));
subject.getPrivateCredentials().add(password);
and in my service implementation class:
Object o = messageContext.get("javax.security.auth.Subject");
With the old libs o was null. Now with the new libsI get ealier the above mentioned exception.
Any further help would be very nice.
Regards,
Rocci -
Updating username and password via JDBC
Hello,
Curious has anyone developed sample code that would do the following.
1. Using getConnection one passes in a username and passsword.
2. Let's say the the DB password passed is wrong but I want to update the users old password with the new password I just passed?
Anyone have samples that might do this. ie. gets a return of bad password, reconnects as admin DB user, updates person's password, reconnects as orgianal username and password that previously failed?
Thanks,
BPHi,
you can also validate an FND login using the FND_WEB_SEC.validate_login package if it's easier.
Brenden -
i did not able to use mail. i go to add account and where i am given all the details correct like username and paasword but after i click on sign-in option it shows your username and password is incorrect...
You only think the username and password are correct; when you create an account the phone asks your mail provider to validate the username and password, and if it fails you get that message.
You know that you must enter a username and password twice, once for incoming and once for outgoing mail? -
Reporting Services username and password prompting
We have several branch office locations and one reporting services server. All of the branch office locations can access the reporting services server, but we have one location for the passed week, each time they make a connection to this server, it prompts
them for a username and password and will not allow them to connect even if the correct username and password is correct.
I have tried adding the server to the IE intranet/trusted site list. Set IE security on all zones to automatically logon with current username and password.
What is strange is that this is the only branch office site that is having this issue. It is almost like kerberos is broken for this site location only.
DOes anyone has any suggestions what could be causing this problem for all computers in this one location. Nothing has changed on their local servers nor have we pushed any updates to the machines.Hi bubba1984,
As per my understanding, I think this issue is caused by Kerberos authentication. Kerberos is an authentication protocol that allows clients that create authentication tokens to associate a specific destination to that token. In the failure case, there is
a mismatch between the destination specified in the token and the report server process configuration. Due to this mismatch, the underlying Kerberos authentication scheme supported by Windows prevents report server from authenticating the user.
To fix this issue, please try to remove RSWindowsNegotiate and ensure RSWindowsNTLM is specified in the rsreportserver.config file. For more details, please take the following article as reference:
http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Single sign-on and different usernames and passwords
Hello,
I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
information about the background of single sign-on.
I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
user for the first login to the portal (with username and password).
Now I would like to integrate my webmail-programm (to get emails from
Lotus Notes via Internet) as a portlet.
For my understanding the user has to authorizate to get access to webmail.
Therefore I create a ACL for webmail and this ACL is assigned to my
security Realm.
I would like the portlet to show after login the number of mails for the
specific user. But where are the username and password for webmail stored
and how are they received and forwarded?
I understand that my ACL included all users that have access to webmail
(i.e. all users). But I only want emails for the specific user.
Does WLS get all usernames and passwords while the first login? Do I have to
implement a algorithmen to get the specific username and password for the
requested resource in my portlet?
Has anyone solved a similar problem or can tell me where I can get more
information. I read the WebLogic Security document but I cant find a
answer to my questions.
Thanks
LydiaLydia,
I'm not an expert in this area, but I can give you a start.
As for single sign-on, there are different levels. For single sign-on across web-apps,
the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
does this.
What you are talking about is single sign-on across back-end applications through
a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
with their SiteMinder product. Neither is included in the Weblogic license. I'm
sure either vendor would be excited to explain how their product will solve your
problem if you give them a call.
As for where the username and passwords are stored, that is up to the realm. If
you are using the default WLPS RDBMSRealm, the username and encrypted password
are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
in your LDAP server.
Hope this was useful!
PJL
[email protected] wrote:
Hello,
I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
Now I try to unterstand the functionality of Single sign-on when a user
has different usernames and passwords for different applications.
Can someone explain where the usernames and passwords for a user are
stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
application how username and passwords are mapped? Or usernames and
passwords for all applications are the same and will be equalized?
Precisely I would like to get access to a mail-account for a specific
user
(webmail from Lotus Notes).
Thanks for any help
Lydia -
How do i send the username and password to yahoo web page through url
how do i send the username and password to yahoo web page through url i.e as Query string so that my account in yahoo will open...
If you don't mind using a library, then download and use the Apache HttpClient library. It takes care of all these details for you.
-
Please excuse the lousy table...Its late :-)
I have a multi-server SP2010 farm. Patched up to
Configuration database version: 14.0.6106.5002
My goal is to have a claims based web application that authenticated to ADAM for Extranet. I have configured the servers exactly to MSDN and technet specs (following this spec to the
letter (
http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
IT WORKS IN DEV!!! , which is a single server farm. However, it does not work in production. I get the following:
Claims Auth log entries:
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
f2ut
Verbose
Authenticated with login provider. Validating request security token.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Using membership provider 'ADAMProvider'.
1:06:25 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Doing password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Verbose
Failed password check on '[email protected]'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
0
Unexpected
Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
1:06:46 AM
w3wp.exe (0x0EDC)
0x1790
SharePoint Foundation
Claims Authentication
fo1t
Monitorable
SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
fsq7
High
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
8306
Critical
An exception occurred when trying to issue security token: The security token username and password could not be validated..
1:06:46 AM
w3wp.exe (0x1B34)
0x08A0
SharePoint Foundation
Claims Authentication
f2un
Verbose
Form authentication failed.
I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose).
I found plenty out there and nothing directly correlates with this issue.
I searched on all parts of the errors I got.
This contains an interesting blurb about setting up access for the apppool id correctly.
That’s not the case for me. It works in dev and the same id are used there.
http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
This was good but it doesn’t give specs on what the environment looks like:
http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
Any and all help would be greatly appreciated!Hi.
You say its a multiserver farm, do you have more than one web server then?
If thats the case, have you tried accessing the site on each server directly?
Found this for you, maybe that can help?
Troubleshooting Exceptions: System.ServiceModel.FaultException`1
http://msdn.microsoft.com/en-us/library/bb907220.aspx
and this:
SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
and
This seems to be a good guide:
http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
Good luck
Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com -
I do not know my apple administrator username and password. How do I find out what it is? I am trying to download IBM Notes and Domino onto my MacBook Pro and I cannot download the software without verifying my apple administrator username and password.
iOS is only for mobile devices, so:
Resetting or changing a password:
For Snow Leopard or earlier: http://support.apple.com/kb/HT1274
For Lion or later: http://support.apple.com/kb/HT6022
For Mavericks users:
http://www.macworld.co.uk/how-to/mac-software/how-change-admin-password-mac-3535 328/
This is also useful:
http://www.macworld.co.uk/ipad-iphone/news/?newsid=3463233&olo=email
If it's running Mac OS X 10.6.8 or earlier, insert a Mac OS X install DVD, restart with the Option key held down, click on it, and use the Reset Password utility.
If it's running Mac OS X 10.7 or newer, restart with the Command and R keys held down, open the Terminal, and use the resetpassword command:
https://discussions.apple.com/docs/DOC-4101 -
I have a iphone 5 and I can login with my apple id to purchase music. However, when I try to login into icloud using the very same username and password that I use in the apple store it does not work to enter icloud, so what what gives???
I could do that, however when I select the icloud button (or whatever the heck it is) I am asked to enter the apple id and password. So if you are suppose to create another one for icloud you'd think it would give you the option at this point which would be logical.
Maybe you are looking for
-
Error in running Adobe Document Services on Sneak Preview Java NW04s
Hi, I installed <b>Sneak Preview NW2004s</b> and installed the credentials for Adobe Document Services as per the configuration guide. When i test the Web Service, i get the version info and the response Required stream: "PDFDocument" not found In th
-
How to setup a time in jdbc adapter ?
hi experts i need to setup the timing in poll intravel. each and every day evening at 6:00 pm the communication channel want to pickup the data from the data base system.
-
I can not download iTunes as it should he warned me of a problem of "assembly" HRESULT
-
My iTunes will not install the latest 12.0 update
Okay, I'll start from the beginning. I wanted to put a load of my own songs onto my iPhone 4s, but it came up with the box "iPhone won't work unless latest update is performed" or something of the sort. So as you do I went to download the latest upda
-
Jumping from A to B wihout loosing the timeline
how can I jump in a logic Arranging window from A to B (audio files) without loosing the timeline in a live performance?