pcssecure
asked on
Running a .js in a .java filter
Hi,
I have a filter that intercepts a j_security_check call from a login.jsp page. It is running on Websphere 7.0 and contacts an Active Directory database. The working information is found here. In this instance, I have a processing.js which runs on the client side to perform encryption of the j_password variable. This is run using Encrypt(String text, String key) which returns a cipher String.
My filter uses the same processing.js file to decrypt on the server side using Decrypt(String ciper, String key) which returns a text String. The .java file that is compiled into a .class successfully is as shown below:
\WEB-INF\classes\com\mylog infilter\M yLoginFilt er$MyReque stWrapper. class
\WEB-INF\classes\com\mylog infilter\M yLoginFilt er.class
\WEB-INF\classes\com\mylog infilter\P rocessing. js
Error on the Websphere:
Thank you.
I have a filter that intercepts a j_security_check call from a login.jsp page. It is running on Websphere 7.0 and contacts an Active Directory database. The working information is found here. In this instance, I have a processing.js which runs on the client side to perform encryption of the j_password variable. This is run using Encrypt(String text, String key) which returns a cipher String.
My filter uses the same processing.js file to decrypt on the server side using Decrypt(String ciper, String key) which returns a text String. The .java file that is compiled into a .class successfully is as shown below:
package com.myloginfilter;
import java.util.*;
import java.io.*;
import javax.script.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class MyLoginFilter implements Filter {
protected FilterConfig filterConfig;
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void destroy() {
this.filterConfig = null;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException {
chain.doFilter(new MyRequestWrapper((HttpServletRequest) request), response);
}
public static class MyRequestWrapper extends HttpServletRequestWrapper {
public MyRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
String password = getRequest().getParameter("j_password");
String username= getRequest().getParameter("j_username");
if ("j_password".equals(name)) {
ScriptEngineManager manager = new ScriptEngineManager();
ScriptEngine engine = manager.getEngineByName("js");
try {
FileReader reader = new FileReader("Processing.js");
engine.eval(reader);
engine.put("password", password);
engine.put("username", username);
engine.eval("var key = Process(username);" +
"var decrypted = Decrypt(password, key);");
password = (String) engine.get("decrypted");
reader.close();
} catch (Exception e) {
e.printStackTrace();
}
return password ;
}
return super.getParameter(name);
}
}
}
This code works in Eclipse and successfully compiles into a .class file. However, upon placing it on the Websphere and running it, it seems unable to work. I suspect I may have placed the .js file in the wrong location but it is as follows:\WEB-INF\classes\com\mylog
\WEB-INF\classes\com\mylog
\WEB-INF\classes\com\mylog
Error on the Websphere:
SRVE0068E: Uncaught exception created in one of the service methods of the servlet action in application isclite. Exception created : java.lang.IllegalStateExceandption at com.ibm.ws.session.http.Ht tpSessionI mpl.setAtt ribute(Htt pSessionIm pl.java:24 8) at com.ibm.ws.session.Session Data.putSe ssionValue (SessionDa ta.java:29 2) at com.ibm.ws.session.Session Data.setAt tribute(Se ssionData. java:216) at ... ... ...
Runtime Error: Uncaught exception created in one of the service methods of the servlet. This is an application error.Does anyone know if I missed a step?
Thank you.
ASKER
I compiled the .jsp, .js, .class, .xml files into a .war file that has been uploaded to the Websphere. I am able to run up to the login page but I keep getting an error of "Login Failed" which means my encrypted password on the client side was not decrypted on the server side.
if ("j_password".equals(name) ) {
please change the condition
if ("j_password".equals(passw ord)) {
please change the condition
if ("j_password".equals(passw
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@stmani2005,
No, 'name' as used here is the parameter name, not the username. He is checking that parameter name being retrieved is the 'j_password' parameter and only processing that parameter, on the fly. That line is correct!
No, 'name' as used here is the parameter name, not the username. He is checking that parameter name being retrieved is the 'j_password' parameter and only processing that parameter, on the fly. That line is correct!
ASKER
Hi.
Thank you for the inputs. I realised that line of FileReader is incorrect.
Utilizing the Thread.currentThread() feature works as I could dream of.
Should anyone be interested, I found more information on this here.
Thank you.
Thank you for the inputs. I realised that line of FileReader is incorrect.
Utilizing the Thread.currentThread() feature works as I could dream of.
Should anyone be interested, I found more information on this here.
Thank you.
Use Thread locale also
Some Jar is needed for in Websphere application server side