We have some clients that uses IE's Content Advisor and when they switch pages the login pop up appears this because we don't have a call for labels.rdf file on each one of our pages (we have more than 500 pages).
The problem is that Content Advisor tries to search the ICRA's RDF file on the current page but since we don't have this on each page, it tries to search on the same level as index.html file, and we did a change that if this kind of access in this path is made, we clear all user's info, which raises the login page again.
We've already tried to call from index.html file a newly created labels.rdf file just like this:
<link rel="meta" href="http://www.example.org/corporate/labels.rdf" type="application/rdf+xml" />
First we saw that we didn't had access to this RDF file.
But it was fixed.
Then, when testing this, we saw that it never reaches this labels.rdf file, showing the login page again.
Some one knows how Content Advisor works for a workaround here?
In case someone is looking for the solution, use secure cookies for session management. This worked for me.
Related
Please consider this scenario: User should send some files to server and every user has a id. Every user must send the files once, not twice. If a user sends the files and he want to send them again, the file uploading page won't be shown to him. But there is a problem: the uploading process takes time and when the files are being uploaded, user can refresh the page and the page is shown to him (because the files has been not uploaded yet) and then he can upload files again and again!
The client side code using jsp and I cant change it. Now I want to prevent refreshing page in server side. For this purpose, I used a middle page: when a user want to see the file uploading page he goes to this middle page (servlet), this middle servlet puts a flag into user's session and redirect him to file uploading servlet. The file uploading servlet checks the flag and if it exist, the page is shown to him and then flag will be removed. Whenever a user try to refresh the file uploading page, the flag doesn't exist and he will be redirected to an error page.
This was my solution, but it has a serious problem: when user is redirected from middle servlet to file uploading servlet, its request and response will be destroyed and I cant access his request (The user send me some information with his request and I need those in file uploading servlet).
1 - Is there a way to clone request object? (so that I can put in session and after redirect, I can retrieve that)
2- If the answer is no, Is there a better solution for my problem?
Any suggestions would be gratefully appreciated.
Edit:
Please note that I don't want to save the request parameters/attributes into session.
Use window.stop(); in your code.
This is a newbie question in HtmlUnit. I have used the code I found on this question to log into LinkedIn, but when I open the page with Chrome the current user is logged out. Can I check if I have indeed logged in the site?
In general the content of the page somehow changes, when you are logged in.
So you could simply log the source of the page after you logged in.
(If ajax is used on the page, you need to wait some time so that the javascript can modify the page)
use the .toXml()-method to get the html source. You can also save this in a file e.g. t.html and open it in a browser (active content and css will most probably not work, but you can still see enough in most cases to determine, if login worked or what is on the page after the login).
I am learning Java servlets on Tomcat environment. I am learning how to use form based login authentication using j_security_check. So, in my servlet, I have a login page that has j_username and j_password. In web.xml file of that servlet, I have the welcome page list indicating my landing page, "landing.html". So, ideally, after successful login, I want the user to get redirected to "landing.html" page.
Without the authentication (no form based authentication), My servlet opens up and goes to "landing.html" page as expected ("localhost:8080/MyServlet" - shows the content of the landing.html).
However, now, after a successful login with j_security_check, for some reason, I get automatically redirected to the .css file for "landing.html" file. I can't understand why is this happening.
Is there a particular way how I can tell the server to just load the "landing.html" page after successful authentication and not forward it to any where else?
EDIT
*Okay, I solved it.
The css file which was loading after successful authentication was listed within the <head></head> tags of the login.html page where the j_username and j_password are. I added that css file to make the login page's design consist with the rest of the website. My guess is that when the server is re-loading the wanted resource, for some reason it was simply re-loading the top css file from the head tag.
Really weird.
So, is j_security_check is the best way to do any authentication for websites on Tomcat or is there a better and more reliable way?*
The behavior of form-based authentication is the following:
the browser sends a request to a protected URL
the server intercepts its request, sees that you're not authenticated, and redirects to the loginf form page
the user logs in
the server redirects to the URL that triggered the authentication: the protected URL asked in the first step.
This is good, because it allows a user to bookmark a protected page, come back the next day to this bookmarked page, log in, and go directly to the bookmarked page rather than the welcome page.
My guess is that the landing page is not protected, but its CSS file is. So the request that triggers the authenticationis the request that tries to load the CSS file, which causes the user to be redirected to the CSS file.
I have converted my static website into Jease, through localhost:8080/cms, and I can access my website using the URL localhost:8080/index.html and from there I can browse around my entire website. What I am not sure about, how can I configure Jease to directly go to index.html page as soon as I type localhost:8080? Because once I make it globally available I want to make sure the index.html page is accessed through mywebsite.com URL.
Any hints would be appreciated.
Thanks
I am using JeaseCMS 2.8 and the default page already is index.html according to web.xml file.
But this welcome file isn't necessary.
I have an application running under WebLogic that is using standard forms authentication. The login page is a JSP that presents the login form that will post to j_security_check. So as you would expect, when a user tries to access a page but is not yet authenticated, they will be redirected to the login.jsp.
My question is, how can I determine the page that the user was attempting to hit before WebLogic redirected them to the login page? I wish to use this to change the content of the login page depending on the user's destination. I'm not seeing anything in the request ojbect that would tell me this.
Thanks for any hints!
You can use:
weblogic.servlet.security.ServletAuthentication.getTargetURLForFormAuthentication(request.getSession())
This is a public static method and returns a String.
I've tested and it works for me.
We concluded there was no way to find out the target URL from the login page. I woudln't mind being proven wrong. :)
In the meantime, the solution was to deploy the content in second WAR with it's own login page providing the alternate content. Lots of overhead for what should be a simple problem to solve.