Placed the AES encryption password in liberty server jvm.options file as below
-DencKey={aes}{aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg== ........
while retrieving in java application by using System.getProperty("encKey").
getting the exact value not the decrypted one.
Should we do decrypt manually or through configurations we can achieve the decrypted value ?
First, you need to enable the passwordUtilities-1.0 feature:
<featureManager>
<feature>passwordUtilities-1.0</feature>
</featureManager>
Then, you can use the com.ibm.websphere.crypto.PasswordUtil API to decode the password:
String encodedPassword = System.getProperty("encKey");
String decodedPassword = PasswordUtil.decode(encodedPassword);
Your encoded string is malformed
-DencKey={aes}{aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg==...
it should only have a single encryption preamble like
-DencKey={aes}ANRib/ITz7RTc2YB+VXWZqINrjZ15vSBeg==...
for ppl who find this on their search to decode the PW:
here an example to decode with passwordUtilities feature
https://github.com/TiloGit/liberty-pw-util/tree/master/dyn-pw
https://gitlab.com/pppoudel/public_shared/-/tree/master/WLibertyPwdUtil
blog post of it:
https://purnapoudel.blogspot.com/2017/10/how-to-use-wlp-passwordutilities.html
important to have the enc key set.
<variable name="wlp.password.encryption.key" value="myEncKey123">
code example:
<!DOCTYPE HTML>
<%#page language="java"
contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<html>
<head>
<title>index</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body>
<%! String password="t3mp_pwD"; %>
<h2> This page shows how to use com.ibm.websphere.crypto.PasswordUtil to encrypt/decrypt password using xor or aes.</h2>
<hr/>
<h3> Provided plain text password is:<%= password %></h3>
Note: encryption key "replaceM3" is being used for "aes" encryption/decryption. <br/>
<br/>
<%! String xorEncodedVal=com.ibm.websphere.crypto.PasswordUtil.passwordEncode(password, "xor");
String aesEncodedVal=com.ibm.websphere.crypto.PasswordUtil.passwordEncode(password, "aes"); %>
<h3> xor encoded value is: <%= xorEncodedVal %> </h3>
<h3> aes encrypted value is: <%= aesEncodedVal %> </h3>
<h3> xor decoded value is: <% out.println(com.ibm.websphere.crypto.PasswordUtil.passwordDecode(xorEncodedVal)); %> </h3>
<h3> aes decrypted value is: <% out.println(com.ibm.websphere.crypto.PasswordUtil.passwordDecode(aesEncodedVal)); %> </h3>
</body>
</html>
Related
I want to send a query string from one jsp page to jsp page but I want to hide the name-value pairs(attributes) at address bar when I send the query string.
First.jsp
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>First Page</title>
</head>
<body>
Click Here
</body>
</html>
Second.jsp
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Second Page</title>
</head>
<body>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
%>
Username : <%=username %><br/>
Password : <%=password %><br/>
</body>
</html>
Here, I pass a query string "Second.jsp?username=aditya123&password=abc12345" from First.jsp page to Second.jsp page but I want to send this without showing username and password attribute and their value at address bar.How can it possible?
Try this code
<form action="some.jsp" method="post">
<input type="text" name="uid" >
<input type="password" name="pass">
<input type="submit" name="login" >
</form>
Adding method ="post" hides the query stringThat is ,if i remove ' method="post" ' the processed url on pressing submit button would be having
Following as query string
uid="whatever i wrote in text field"&pass=""&login="Submit"
But after writing ' method="post" ' the new url will be free of query string...!
it is not possible with link.
alternate solution of not showing attribute is encode that name value pair and send it with url and decode at another page.
use either url encoder given by java or make use of your own encrypt-decrypt method.
The easiest thing to do is <form action="some.jsp" method="post">
Do this formatting in the html code.
And contents of url will be hidden...
You can store all the objects/information you want to pass to the second jsp file by storing the objects in the 'session' implicit object using session.setAttribute() method. In the second page you can retrieve those objects from the 'session' object using session.getAttribute(). My assumption here is that both the jsp pages are being executed in the same HttpSession, hence the same 'session' object will be available to both the jsp pages.
I got a problem when I try to get parameters from the request, I got nothing but NULL.
The JSP file is like this:
<%# page contentType="text/html; charset=UTF-8" %>
<%# taglib uri="http://struts.apache.org/tags-html" prefix="html" %>
<%# taglib uri="http://struts.apache.org/tags-bean" prefix="bean" %>
<%# taglib uri="http://struts.apache.org/tags-logic" prefix="logic" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html:html locale="true">
<head>
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="cache-control" CONTENT="no-cache">
<META HTTP-EQUIV="expires" CONTENT="0">
<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8">
<META HTTP-EQUIV="Content-Script-Type" content="text/javascript">
<META HTTP-EQUIV="Content-Style-Type" content="text/css">
<link rel="stylesheet" type="text/css" href="css/base.css">
<title>Menu</title>
<SCRIPT language="JavaScript">
<!--
function nextPage(url) {
location.replace(url);
}
function setUrl(url) {
document.forms[0].url.value = url;
}
//-->
</SCRIPT>
</head>
<body tabindex="-1">
<%-- ページ・ボディ --%>
<html:form action="/select.do?apl500_p=1" method="post" target="_self" >
<html:hidden property="url" value ="" />
<table style="width:100%;" border="0">
<tr>
<td style="width:100%;text-align:center">
<font size="5" color="#000000">
<B>Menu</B></font>
</td>
<td style="text-align:right">
<html:submit property="submit_logout" value="Logout" tabindex="-1"/>
</td>
</tr>
</table>
<hr><br>
<div align="center" style="width:90%;height:482px;overflow:auto;margin-left:40px;">
<table border="0">
<tr>
<td style="width:100%;text-align:center">
<html:submit property="btn1" value="アプリケーション1" onclick="setUrl('/aplXXX')" style="width:400px;height=150px;font-size:14pt;"/>
</td>
</tr>
<tr>
<td style="width:100%;text-align:center">
<html:submit property="btn2" value="新共通認証システム(ローカル環境用)テスト" onclick="setUrl('/authTest')" style="width:400px;height=150px;font-size:14pt;"/>
</td>
</tr>
</table>
</div>
<%-- ページ・フッダー --%>
<%# include file="/WEB-INF/jsp/footer.inc" %>
</html:form>
</body>
</html:html>
<% out.flush(); %>
When I used "request.getParameterNames()", I can only get the "apl500_p" parameter, I cannot get the "url" parameter. I used the tomcat7.0.41, but if I use the tomcat5.5.36,it's Ok.
I don't know why. Is there something wrong with tomcat7.0.41?
I used Fiddler2 and I'm sure that the "url" parameter was sent to the server.
Based on the discussion that you had, I suspect that the parameter url is NULL because the character encoding used by the browser is different from the character encoding used by the server.
Before the browser sends a parameter to the server, it URL-encodes the parameter. This encoding method encodes certain characters (e.g, Japanese characters) using percent encoding. Percent encoding method works by first converting the character into bytes, based on the specified character set. After that, it encodes these bytes into a sequence of hexadecimal digits, prefixed by "%" character. This character set is what I mean by character encoding used by the browser.
The server then decodes the retrieved parameter back into its original form. It does this by first decoding the sequence of hexadecimal digits into a sequence bytes. After that, it convert each bytes into a character, based on the specified character set. The problem here is that the server needs to use the same character set as the one used by the browser. It is often that the request does not carry information about the character set used by the browser, causing the server to make a best effort guess. If the guess is incorrect, the decoding process fails silently, and NULL is returned, which is what happened in your case.
Different web servers have different ways to make the guess. Web server may look at the Content-Type header, Content-Language header, Accept header, Accept Language header, configuration file, and so on.
As I am not familiar with both Tomcat versions, I am not able to pin point exactly how to fix the problem. But, you can start by studying how Tomcat figure out the character encoding. In WebSphere Application Server, there is a configuration file that can be modified to specify the default character encoding used by the server.
The parameter apl500_p is not NULL because the URL-encoded-form of 1 is also 1. The server does not have any problem decoding it back.
Try to remove the apl500_p=1 in the form action value
action="/select.do"
This way it will pass all your form elements to the servlet. Adding parameters to the form action prevents this. If you need your apl500_p value, I suggest you make another hidden field like:
<html:hidden property="apl500_p" value ="1" />
i try to get the information of a user on my database, store the object in a session then show the session's contents on a JSP page. Whenever I try to show it on my page, the content of the session does not appear. Please help.
THIS IS THE JSP PAGE I WAS TALKING ABOUT:
<%#page import="neospa.Client"%>
<%#page import="DAOs.ClientDAO"%>
<%#page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>CLIENT INFORMATION</title>
</head>
<body>
<h1>CLIENT INFORMATION</h1>
<br>
<%Client client = (Client)session.getAttribute("Client");%>
First Name <% client.getFname(); %> Last Name <% client.getLname();%>
<br>
Birthday <%client.getBirthday();%>
<br>
Home Number <%client.getHomeno();%>
<br>
Mobile Number <%client.getMobileno();%>
<br>
Office Number <%client.getOfficeno();%>
<br>
Email Address <%client.getEmail();%>
<br>
Address: <%client.getAddress();%>,<%client.getCity();%>,<%client.getRegion();%>,<%client.getCountry();%>
</body>
</html>
Is there something missing here that I need to put? :)
<%#page import="java.net.URLDecoder"%>
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%#page import="java.net.URLDecoder"%>
<%#page import="java.net.URLEncoder"%>
<html>
<form action="index.jsp">
<body>
First INPUT:
<input name="firstinput" type="text" name="fname">
<br>
<input type="submit" value="Submit">
<%
String first = request.getParameter("firstinput");
String Searchtext=URLDecoder.decode(first,"UTF-8");
out.println(Searchtext);
out.println(URLEncoder.encode(Searchtext,"UTF-8"));
%>
</body>
</form>
</html>
This is My code I want to Encode and Decode text in Jsp Actully I want that when Input Text " ",' ',/ /...any special charter it should print same as it is text like if Input "hello" or hello then it should Print hello or if input 'hello' then also it should Print hello... special charter should Not display please help me i am Unable to do this ...
I think you need this:
String lWithoutSpecials = first.replaceAll("[^\\p{Alpha}]+","");
For me it works great:
String s = "\\Hello\\ \"Hello\" 'Hello'";
String lWithoutSpecials = s.replaceAll("[^\\p{Alpha}]+", "");
System.out.println(lWithoutSpecials);
Output:
HelloHelloHello
You are not using full Unicode but Latin-1, ISO-8859-1. This Latin-1 will browsers
interprete as MS Windows Latin-1, or "Cp-1252"/"Windows-1252". This charset has some special characters like comma like quotes, € (euro), etcetera.
URL encoding/decoding is done automatically. The data entry of the input may
cause numeric HTML entities to arrive at the server, like Ӓ when having a restricted charset like Latin-1. With UTF-8 for the entire Unicode characters you need to add to the <form accept-charset="UTF8"> to prevent substitution by numeric entities.
A HTML 5 form:
<%#page language="java" contentType="text/html; charset=Windows-1252"
pageEncoding="Windows-1252"
import="java.net.URLDecoder"
import="java.net.URLEncoder"
%><!DOCTYPE html>
<html>
<head>
<title>First Input</title>
<meta charset="ISO-8859-1">
</head>
<body>
<form action="index.jsp">
First INPUT:
<input name="firstinput" type="text"
value="${param.firstinput}">
<br>
<input type="submit" value="Submit">
<%
String first = request.getParameter("firstinput");
String searchtext = first;
out.println(searchtext);
%>
</form>
</body>
</html>
It lies saying its charset is the limited ISO-8859-1, but java delivers the larger charset Windows-1252.
The tag <form> must be inside the <body>. If you did that for form margins and such, use CSS styles.
I have two jsp pages. I am trying to add "Russian" language. Russian characters are shown perfectly on jsp page, but when I try to send this value to another jsp page from parameter then in second jsp page this value is changed to different characters. This problem is only in Russian Language and not in others such as Italy and French.
For example
On demo.jsp page the russian character "приветствие" is shown correctly.
but when I try to send it to another page "test.jsp" then some unknown
characters are shown like "!C<Cä5 Cô>CôCC´OD=Cä5!"
Code:
demo.jsp
String welcometext=langP.get("welcome");
<jsp:include page="<%=test.jsp%>">
<jsp:param name="wlc" value="<%=Encode.hex8Code(welcometext)%>" />
</jsp:include>
In test.jsp
String title = Encode.utfToUnicode(Decode.hex8Decode(request.getParameter("wlc")));
System.out.println(" Russial welcome test "+welcome);
Is there any special code we need to add for Russia while sending them in query parameters??
Please note* the following code are already written else it would have given problem for French and Italy language too..
<%# page contentType="text/html; charset=UTF-8" %>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
Also tried with following but didn't help out!
request.setCharacterEncoding("UTF-8")
Try to add <% request.setCharacterEncoding("UTF-8"); %> to your main jsp page:
Here is my example:
demo.jsp
<%#page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<% request.setCharacterEncoding("UTF-8"); %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Привет</h1>
<jsp:include page="/test.jsp" flush="true">
<jsp:param name="wlc" value="Привет"/>
</jsp:include>
</body>
</html>
test.jsp
<h1>Param values is</h1>
<%
String hello = request.getParameter("wlc");
out.print(hello);
%>
I don't know the better solution but the following code solved this issue. I kept the variable in session attribute.
demo.jsp
session.setAttribute("welcometext", welcometext);
test.jsp
String welcometest=(String) session.getAttribute("welcometext");