I am working on a homework assignment that is due shortly and I have searched and searched and searched for the answer to this and I just don't know where to go at this point.
I am using Eclipse Juno, with Tomcat 7.0 and a MySql database. I have to develop a web application for a pizza place. I have pretty much everything working so will only post the code here if requested since there is a ton.
My problem is I have a login form that calls the j_security_check, which works just fine. However, when the user is logged in they are taken to a customer form which is supposed to display their name, address, phone number and give them the option of editing any of it or just starting their order. My problem is I need to get the j_username and pull the customer information from my database to populate the form when the user is redirected from the login page to the customer.jsp page. We are not supposed to use <% ----- %> in our code if we can help it and to keep that in servlets. I just am lost on how to get that j_username and then call a servlet to populate the form (I can do the population if I can get the data).
HELP PLEASE!!! I know I am missing something really simple here and it is driving me nuts.
Ok I have tried the demo you sent and actually found another demo with the FORM like my project. I still cannot get it to work. I am a little lost. When I do the demo exactly as they have it the servlet generates text and outputs it. I was able to change it to a requestDispatcher and send it to the page I need it to go to on the login. The demo just has it going to the url host.../YourProject/test not an actual page. I am lost on how to get it to call the servlet so I can grab the header information with my project. I have the servlet LoginUser I want the user to login on login.jsp and there is a login_error.jsp in case of an error. When the user successfully log's in they should be taken to customer.jsp and the fields on the page populated with their data. I need to change this to use SSL too but haven't got there yet I am still trying to get the data for the customer.
I suspect what you're using is basic authentication in Tomcat. Check out this post for instructions. In summary, you'll need to grab the authentication header from the servlet request and parse it to grab the username (first you'll likely need to base64 decode it). Then you can use that username to look up the necessary information in the database.
Related
I'm working on a Java application that need's to be able to connect to my University's websites containing my student information. I'm not exactly sure how to go about doing this as the websites framework is Seam which I don't have any experience with.
This is the main link
https://elion.psu.edu/
and after clicking on student this is the link that I actually need to login to.
https://webaccess.psu.edu/?cosign-elionnx.ais.psu.edu&https://elionnx.ais.psu.edu/eLionStudent/secure/elionHome.seam
Does anyone know how to open the second link (student login page) and programmatically enter the username/password, thne 'click' log in?
There's a lot more stuff that needs to be done after the log in but I'm sure I can figure it out if someone could shed a little light on how I should go about doing this.
Thanks,
-Justin
Basically it looks like an application/x-www-form-urlencoded 'POST' to the URL:
https://webaccess.psu.edu/?cosign-elionnx.ais.psu.edu&https://elionnx.ais.psu.edu/eLionStudent/secure/elionHome.seam
It could be reproduced programatically by making an HTTP POST request (ensure to set the Content-Type Header to application/x-www-form-urlencoded) to that address, and posting the encoded form data. Which would look like this if you tried to submit the login 'asd' and password 'sdf':
ref=https%3A%2F%2Felionnx.ais.psu.edu%2FeLionStudent%2Fsecure%2FelionHome.seam&service=cosign-elionnx.ais.psu.edu&required=&login=asd&password=sdf
A good way to figure out this information (If you are using Chrome) is open the developer-tools and go to the network tab. Check the 'preserve-log' box and then try to submit something on the web page. The very first thing in the list for me was the POST request it attempted to login. By clicking on that you can see lots of detailed information about the actual request itself.
Hope this helps!
I'm trying to make a e-commerce page and I have a login form in all pages (included in the header). What I whant is to do a secure connection between the client and the server when the user logins for the password don't be sent in plain text string. The problem here is I don't want to use https for all pages, but just for the form submission.
Because I'm using spring security I did a little bit resarch and I found the requires-channel="https" for the intercept-url, but I notice that the form sent first the login information in plain text and just then the connections is "converted" to https.
One other way I found was to change the action of my form to use the https link
<form id="login" action="https://localhost:8443/j_spring_security_check" method="POST" >
Everything was sent in a secure way (like I expected), the loadUserByUsername is called, everything worked as expected, but when the job was done, the user appears to be not authenticated. Looks like nothing happens...
Maybe I'm missing something or I'm not following the right pad... someone knows what I need to do or point me in the right direction?
Edit: I dig a little bit more about this subject and I start wondering if the best will be to secure the full website rather than the login or registration form. This will be an e-commerce website, so a few extra security is always welcome. My worries are about the bennefits/performance (pros and cons) that the https will have compared to http use (anyone knows??) !!
After many days of researching and testing (almost a month) I arrived to conclusion that the best approach for this problem is not use a secure connection for the form but for the entire application (in my case need to be the entire because the login form is present in all app as a popup element).
For others, the reason to change was to give the customer the assurance that the data is secure and the website is trusted (the symbol in the address link)... Also, I read somewhere is good for SEO!!
I hope with this answer I could clarify someone with the same issue as mine!!
I am trying to update an app that I wrote for Android that will automatically log a user into a captive portal at my university. The app worked fine last year with the portal URL hard coded in, however this year that won't work because they changed the server URL, I know what the URL is, so I simply changed it in my program ... which sort of works
There are two main problems, for me, with this approach.
hard coding is a pain in the ass to do every year, I also want to be able to make it future proof, so that hard coding the URL won't be necessary
for some unexplainable reason there are actually buildings on campus that will direct to the OLD authentication server, it truly boggles my mind why it would do that
I would like to be able to make an HTTP request and get the URL of the captive portal that is redirected to, how is that done?
Captive portals generally will intercept users' HTTP requests and issue a "fake" redirect to the portal's authentication page. Or they can simply replace the actual response with the login page.
If yours is a redirect-to-login, then simply do something like trying to load http://google.com, which can reasonably be expected to be truly available for at least the next few years. If the response comes in as a redirect to some totally different site, the redirect url is highly likely to be the portal's login page.
If it's a replace-the-response-with-login, then you should try to contact a known page with some known content, and see what you get back. if the response you got doesn't match you should have gotten, then you've gotten the login page and can try tearing apart the response and finding the login form via DOM operations.
Captivate portals uses 2 methods.
as described above. http redirect so the gateway takes you to another address.
ICMP - sending "better route" message
Still from my exprience on cases where non simple redirect happens the approach of expecting the redirect won't work.
I'm trying to get data from a website, but first I need to log in to the site using java. The script worked until now, but now the site installed an anti bot system. Until now the procedure was simple, I've created a HttpStreamWriter and submitted my details to the login.php page, then get the cookies and later, when I want to get data from the site, I resubmit the cookie from the login.php page, but now there is a problem: an anti bot system:
I'm not sure, but I think this is the system:
https://github.com/yuri-gushin/Roboo/blob/master/Roboo.pm
The anti bot system creates a cookie, called anti-bot and I can't access the page without that cookie, the problem is that the cookie is generated by a flash application only after the page loads so I can't get the cookie from the page?
Any ideas how to "hack" this ? Thanks!
Your need is about cookie extraction, here is how to do or on the oracle site
That is you need to connect to the site, browse the headers until Set-Cookie. Having the correct http header, you'll be able to parse it very easily.
After what, you'll have to set it back to your further request.
Edit
Flash cookie or Local Shared Object are stored in AMF. AMF wil be used store anything, the problem with your use case is that you don't know which value (or maybe class instances) have been serialized...
However you could (it will take time, at least for include all necessary libs) try with the AMFConnection to retrieve information. But I won't bet on that.
Could you contact the webmaster to have some information about that ? Or doens't this website any login api ?
I would be grateful if someone could please show me an example of how to login to a phpBB forum remotely and perform a search.
The language i am using is java however, i just need to know the steps involved.
even some pointers on what to google to get the answers i need would be great i have googled everything i can think of.
I'm unable to give you code samples for this, but the general process would be
Use a POST request to send the login details to {forumLocation}/ucp?mode=login, this requires the inputs "username" and "password"
Once your are logged in using this method you should just be able to perform searches by sending requests to this url
/search.php?keywords={value1}+{value2}+{value3}&terms=all&submit=Search
Where value1, value2, value3 are your search items.
There is a Java libary which should be able to help you with this called HTTPCLient, which should make maintaining the session once your logged in easy.
This page will give you some more details of sending post inputs HTML forms.
Hope this at least puts you on the right track.