Web application security. Getting username and password from database

Similar Messages

• Loading the username and password from database when login to xMII

  Hi
    can you explain briefly about how to configure the netweaver for loading username and password from database when the user login to xMII via netweaver platform?
  In xMII 11.5 we are configuring xMII itself? but in xMII 12.0 configuring by netweaver platform. if anyone know please explain step by step

  I am sending you some java code, which you can use in JSP.
  import java.sql.*;
  public class connectOracle{
  public static void main(String[] args) {
  System.out.println("Getting Column Names Example!");
  Connection con = null;
  String url = "jdbc:oracle:thin:@172.16.0.21:1521:orcl";
  String driver = "oracle.jdbc.driver.OracleDriver";
  String user = "scott";
  String pass = "tiger";
  try{
  Class.forName(driver);
  con = DriverManager.getConnection(url, user, pass);
  catch (SQLException s){
  System.out.println("SQL statement is not executed!");
  catch (Exception e){
  e.printStackTrace();
  }

• Webdynpro application taking MDM username and password from LDAP

  Hi All,
  I am working on EP-MDM integration.
  EP-LDAP , MDM-LDAP and EP-MDM have been integrated.
  The requirement is :
  When we run a webdynpro application from EP , it should take the user id and password of EP user who is currently logged in.(which is actually LDAP user and also exists for MDM) without hard coding it.
  The application will work according to the roles guaranteed to the user in MDM for eg: the user will be able to write into MDM only if he has read/write permissions in MDM.
  Please tell how the application will fetch the username and password from the EP details.
  Regards
  Shilpa

  Hi,
  You need to set a trusted connection between the EP and MDM System.
  And use the trusted connection JAVA API in the Web Dynpro to make a connection to MDM Repository. Trusted connection JAVA API will ask you only the username and not the password.
  Regards,
  Amol

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill

• How can I get the username and password from Oracle Forms to PJC !

  Dear Sir,
  I have username,password and push button fields in oracle forms. When user clicks the push button, I need to get username and password field contents to my Pluggable Java Program to authenticate the user trying to login. How can I get those text field contents to my java program..? Looking forward from you soon sir.
  Thanks in Advance,
  S Ramkumar

  I tried that trigger but nothing reflects. I write that method in WHEN_BUTTON_PRESSED trigger.
  In the form module I written,
  Set_Custom_Property('BL.USERNAME',1,'NAME','');
  Set_Custom_Property('BL.PASSWORD',1,'PASS','');
  Implementation class of the push button I gave my java class file name.
  In Java Code I tried register the form fields like,
  public static final ID userName = ID.registerProperty("NAME");
  public static final ID passWord = ID.registerProperty("PASS");
  In Java Code I tried get the contents from registered properties,
  public boolean setProperty(ID property, Object value) {
  if(property == userName) {
  System.out.println("Just I wish to see the name entered" + value.toString());
  if(property == passWord) {
  System.out.println("Just I wish to see the pass entered" + value.toString());
  But even System.out.println() is working.
  What's wrong with this code sir ???
  Can you tell me How to register and get those field values in Java ?

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• The server at Mac OS X Server Web Services requires a username and password

  I am running SL Server 10.6.2, wiki works but when a person clicks an attached file in a wiki and then selects "open" they get a login popup with the notification The server at Mac OS X Server Web Services requires a username and password. It doesn't matter what they put into the login/pass it comes back. If they hit cancel then the document opens. If they click save then it saves with no issue. I can type in the admin login/pass of the server and it works. Does this mean the security settings to the location of the files is wrong? Any help is greatly appreciated!

  By the way they are using Internet Explorer 7 when opening these documents.

• Reg : How can I get  Username and Password in FTP Server in HANA

  Hi All,
    Any one can you please guide me....How can i get username and Password of FTP Server in SAP HANA?
  Regards,
  Arjun

  Hi Arjun,
  Are you looking for external authentication(External ID option) in HANA Studio instead of logging by entering HANA User and Pwd(which is internal)?
  You can look for the following Security guide which will give you some insight on this.
  http://help.sap.com/hana/hana1_sec_en.pdf
  Rgds,
  Murali

• Securing LDAP username and password in Websphere

  Hi all,
  I am new to LDAP and WAS. I want to secure the username and password for my LDAP server. Right now i have two choices for using the username and password for the LDAP
  1. i can put the username and password in a properties file.( but then it makes my application insecure....anybody can read it )
  2. I can put them in a .java file and after compilation it would be converted to the class file.( but in this approach anyone who knows in which file it is residing can use a decompiler to read it)
  I have seen one implementation for DB2 in which they make a datastore in the application server that holds the username and password for the DB2 server. I want to use same kind of facility for my application.
  Can anyone help me with this...?

  The error description is:
  =================================
  TNS-12560 TNS:protocol adapter error
  Cause: A generic protocol adapter error occurred.
  Action: Check addresses used for proper protocol specification. Before
  reporting this error, look at the error stack and check for lower level transport
  errors.For further details, turn on tracing and re-execute the operation. Turn off
  tracing when the operation is complete.
  ===================================
  Did you start your Oracle service before trying to connect?
  Are you able to run your listener successfully?
  did you setup a TNSNAMES entry for your database?
  did you try connecting to the database by using scott/tiger@<tnsnames entry>

• How to know username and password from existing PPPOE broadband connection?

  Hi All,
  I am using windows server 2008 R2, and now I've used PPPOE broadband connection to connect the internet. what I am asking is how to know the username and password from my PPPOE setting, I have the requirement to create same setting in the difference machine.
  thanks.

  You can get this info from your ISP. This one may help.
  Create a Broadband connection using PPPoE in Windows Vista and Windows Server 2008
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• HT204085 removing icloud username and password from old iphone

  I sold a previously owned iPhone and the person who purchased it cannot create an iCloud account on it.  He said my iCloud account is still attached to the iPhone.  Is there a way to remove any iCloud username and password from the device?

  Read here: http://support.apple.com/kb/TS4515.

• Forgot username and password from the email iCloud chozhe not know forgot. purchase the product, all documents have. What to do?

  forgot username and password from the email iCloud chozhe not know forgot. purchase the product, all documents have. What to do?

  If you don't know your ID, you can try to find it as explained here: http://support.apple.com/kb/HT5625.  If you don’t know your password you can reset the password as explained here: http://support.apple.com/kb/PH2617.

• Get DB Username and password from current connection

  Hi folks,
  I'm presuming this is something absurdly simple, i therefore offer my apologies in advance. my requirement is quite different from the very famous dynamic JDBC credentials example.
  I'm using Struts on a 10.1.2 implementation. We have numerous Oracle reports that we wish to call from Jdev (through a report server call). To provide the credentials to the Report server I need to provide the DB connection's username, password and SID. This I intend to do in a helper class in my web module.
  Is there a plain vanilla simple way of getting this done. I know "context.getApplicationModule().getTransaction().getConnectionMetadata().getUserName()" gives me the Database Username- just like that. Is there a similar way to obtain the password and SID as well. While getTransaction().getConnectionMetadata().getJdbcURL is also quite useful, how "for the life of me" do i get the password of the current DB connection (assuming I have an application module that is already connected). I basically wish to directly use connections from the application module directly without the need to manually specify/hard-code these credentials in my code.
  I've searched the forums and haven't been able to get the answer I was looking for (that or I;m searching in the wrong areas). Any help would be GREATLY appreciated.
  Cheers

  Hey Timo,
  thanks for that. I still have a couple of doubts.
  One the nature of the application is slightly different. we use independent usernames and passwords which are stored in the DB (different from DB username and password). The request(for the report-server call) comes only after the user is authenticated. Like you rightly said it's not a good idea to store the password and I'm pretty sure that option is completely ruled out.
  My questions is, given that the user already has an application module at hand which would mean he has a valid connection to "a" DB- (once again we have multiple DB scenario), I merely wish to use the information from the Connection that the application module is using to issue the request to the report server call. I take it the call to oracle reports server wouldn't accept a connect string, you necessarily have to provide the DB username/password and SID.
  My question now, is there anyway to obtain the password(or merely point my report server to this without requiring to store it) from the application module connection.
  I hope my query is clear, please let me know if what i'm saying needs to be clarified or doesn't make sense.

• WS-security Need to Get Username and Password and time Stamp in SOAP Header

  HI ALL,
  i need to get USERNAME and PWD in my Soap header for consuming Webservice using SAP PI ,
  and my SOAP Header should look like this
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1"
  xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-
  1.0.xsd"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-
  secext-1.0.xsd">
  <wsu:Timestamp wsu:Id="Timestamp-296915943">
  <wsu:Created>2008-06-05T18:30:59.904Z</wsu:Created>
  <wsu:Expires>2009-06-05T18:35:59.904Z</wsu:Expires>
  </wsu:Timestamp>
  <wsse:UsernameToken wsu:Id="UsernameToken-192809888">
  <wsse:Username>midtier-service</wsse:Username>
  xxxxxxxx: Confidential Green 10
  <wsse:Password Type="http://docs.oasisopen.
  org/wss/2004/01/oasis-200401-wss-username-token-profile-
  1.0#PasswordText">password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  should i need to get some certificates from client and deploy it or should we do anything in SAP PI and send to soap header or can hard code it and send to webservice, please help me in this t
  hanking you
  Sridhar

  i need to get USERNAME and PWD in my Soap header for consuming Webservice using SAP PI ,
  Can be achieved by XSL Mapping or SOAP Axis Adapter. Search on SDN for further details as this has been discussed many a times on the forum.
  should i need to get some certificates from client and deploy it or should we do anything in SAP PI and send to soap header or can hard code it and send to webservice, please help me in this t
  First you need to confirm whether certificates are required or not. Might be the web service is using user id / password security (basic authorization).
  How to use certificates in PI - Search on SAP Help, this has been explained in great details over there.

• Can't get username and password into client proxy

  Hello all,
  I am creating a client proxy using class xem_measurementImport (the doMeasurementImport method). I call this from an ABAP program, and it pushes measurement data into the EC (Environmental Compliance) system, which runs in Java.  Everything has been running well, except for one thing.  When I run the program in the foreground, it prompts me for a username and password, and when I run it in the background (it will be run that way in production), it gets a SOAP/authentication fails error message from the method, since username & password could not be supplied.  I tried to recreate my client proxy, but when it is created, the wizard does not prompt me for my name & password, which it should do, so that it can supply it to the calling program via the logical port.  Is this a configuration issue that Basis needs to address?   Thanks for any help you can give.

  gauravjlj wrote:
  because client will install the mysql not me. and I need username and password for the further programming.
  there is any file in mysql installation which can give me the username and password.
  please tell me.
  thanks
  gaurav agrawalNo. If the "client" is installing the DB (and, I assume, administrating it, I.E. removing the large security holes that exist in the default installation), then why don't you simply ask the "client" for this info a dialog?
  Otherwise, you should be providing a script in your installation package that modifies the DB to your needs, and instruct the "client" to install a "default" root password until after the script has run, and then to change the "root" password again. A Java application should definately not be worried about this stuff.