Solved

HTTP Basic Authentication

Posted on 2001-06-29
18
359 Views
Last Modified: 2007-11-27
Experts,

I am trying to authenticate users into the website by using the HTTP Basic Authentication. The users are then authenticated into the webserver. I am using Websphere for this purpose.

Then I am using the following code within the servlet to extract the entered user id and password.

    String authorization = request.getHeader("Authorization");
    String user_text=new String();
    String password_text=new String();

    if (authorization == null)
    {
           htmlOutputStream.print("Unable to find the Authorization Info !!");
    }
    else
    {
         String userInfo = authorization.substring(6).trim();
         BASE64Decoder decoder = new BASE64Decoder();
         String namePassword = new String(decoder.decodeBuffer(userInfo));
         int index = namePassword.indexOf(":");
         user_text = namePassword.substring(0, index);
         password_text = namePassword.substring(index+1);
    }

          userID = new String (user_text);
          password = new String (password_text);

     if (authorization != null)
     {
          htmlOutputStream.print("Now to display the user ID and password  ");
          htmlOutputStream.print(userID);
          htmlOutputStream.print (password);
     }

However, authorization always returns null. What is the problem...

1. Is my header wrong?
2. Is the information not coming into the servlet request?
3. Is there anything wrong with my code?

Please let me know
0
Comment
Question by:gvijay1
  • 9
  • 9
18 Comments
 
LVL 1

Expert Comment

by:viswa081400
ID: 6239505
Hey,
Your code looks good!!
The first time when you request for the 'Authorization' header, it would be null by default. So you have to prompt your brower for authentication.


if (authorization != null)
    {
         htmlOutputStream.print("Now to display the user ID and password  ");
         htmlOutputStream.print(userID);
         htmlOutputStream.print (password);
    }

else
{
     res.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
     res.setHeader( "WWW-authenticate", "basic realm=\"realm-name"\"" );
     String msg = "<HTML><HEAD></HEAD><BODY>Authorization Failure</BODY></html>";
     res.setContentType( "text/html" );
     res.setContentLength( msg.length( ) );
     htmlOutputStream.print( unauthorized_msg );
     htmlOutputStream.flush( );
 }

The else part prompts your browser to authenticate. And when authentication fails, the msg is displayed!!

hope this helps!

-viswa
0
 

Author Comment

by:gvijay1
ID: 6239739
Hi viswa,

I tried what u told me to, but I am still getting an error. The browser does request authentication the second time around, but this time, it issues an unhandled exception. here is the code...

    String authorization = request.getHeader("Authorization");
    String user_text=new String();
    String password_text=new String();

    if (authorization == null)
    {
           htmlOutputStream.print("Unable to find the Authorization Info !!");
    }
    else
    {
         String userInfo = authorization.substring(6).trim();
         BASE64Decoder decoder = new BASE64Decoder();
         String namePassword = new String(decoder.decodeBuffer(userInfo));
         int index = namePassword.indexOf(":");
         user_text = namePassword.substring(0, index);
         password_text = namePassword.substring(index+1);
    }
//*************************************************************************************

          userID = new String (user_text);
          password = new String (password_text);

if (authorization != null)
{
        htmlOutputStream.print("Now to display the user ID and password  ");
        htmlOutputStream.print(userID);
        htmlOutputStream.print (password);
}
else
{
    response.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
    response.setHeader( "WWW-authenticate", "basic realm=\"realm-name\"" );
    String msg = "<HTML><HEAD></HEAD><BODY>Authorization Failure</BODY></html>";
    response.setContentType( "text/html" );
    response.setContentLength( msg.length( ) );
    htmlOutputStream.print( msg );
    htmlOutputStream.flush( );
    return;
}

Pls let me know what the problem is..
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6239796
hey vijay,
Can you give details about the exception??
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6239800
I guess one more thing is that you need to open the outPut stream only after you set the headers, contnent length and status.

Make sure you open the streams at the correct places.
0
 

Author Comment

by:gvijay1
ID: 6245245
Hi viswa,

This is the error that is printed when this occurs. The browser does ask to enter in the user id and pswd for the second time, so I am sure the code is forcing it to authenticate again. however, once the authentication is done, it throws an exception.

Error 500

An error has occured while processing request: http://10.201.213.2:8022/ISCCONV/servlet/XMLTransaction

Message:Server caught unhandled exception from servlet [XMLTransaction]
Target Servlet: XMLTransaction

DO u have any idea what the error is??

-gvijay1
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6245583
Can you print the complete code. I wanna look where the streams are intialized and other stuff
0
 

Author Comment

by:gvijay1
ID: 6245803
Hi Viswa,

Thanks again. here is the complete code. I believe that only the first couple of lines, until I extract the user name and password are going to be relevant here. The rest is pretty redundant. Also, the function call to "re-authorize" is at the bottom.

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import com.ibm.connector.cics.*;
import com.ibm.connector.*;
import com.ibm.ctg.client.*;
import org.xml.sax.SAXException;
import org.apache.xalan.xslt.XSLTProcessorFactory;
import org.apache.xalan.xslt.XSLTInputSource;
import org.apache.xalan.xslt.XSLTResultTarget;
import org.apache.xalan.xslt.XSLTProcessor;
import sun.misc.BASE64Decoder;


public class XMLTransaction extends HttpServlet {

      //  Constants
      private final static String aclsTransactionStartTag = "<TRANSACTION>";
      private final static String aclsTransactionEndTag = "</TRANSACTION>";
      private final static String aclsTransCodeTag = "<TRAN-TRN-COD>";
      private final static String aclsResponseStartTag = "<ACLS-RESPONSE>";
      private final static String aclsResponseEndTag = "</ACLS-RESPONSE>";
      private final static String aclsRequestStartTag = "<ACLS-REQUEST>";
      private final static String aclsRequestEndTag = "</ACLS-REQUEST>";
      private final static String aclsTransactionResponseStartTag = "<TRANSACTION-RESPONSE>";
      private final static String aclsTransactionResponseEndTag = "</TRANSACTION-RESPONSE>";
      private final static String aclsDBIOResponseStartTag = "<DBIO-RESPONSE>";
      private final static String aclsDBIOResponseEndTag = "</DBIO-RESPONSE>";
      private final static String aclsTranRowCountStartTag = "<TRAN-ROW-COUNT>";
      private final static String aclsTranRowCountEndTag = "</TRAN-ROW-COUNT>";
      private final static String aclsTransactionCountStartTag = "<TRANSACTION-COUNT>";
      private final static String aclsTransactionCountEndTag = "</TRANSACTION-COUNT>";
      private final static String aclsDBIOStartTag = "<DBIO-SERVER>";
      private final static String aclsDBIOEndTag = "</DBIO-SERVER>";
      private final static String aclsRequestRejectedStartTag = "<REQUEST-REJECTED>";
      private final static String aclsRequestRejectedEndTag = "</REQUEST-REJECTED>";
      private final static String aclsRejectReasonStartTag = "<REJECT-REASON>";
      private final static String aclsRejectReasonEndTag = "</REJECT-REASON>";
      private final static String aclsRequestRejected00007Msg = "00007 ACCOUNT NOT ON FILE";
      private final static String aclsRequestRejected03890Msg ="03890 ACCT SCHEDULED FOR BACKDATING";
      private final static String aclsApplicationNotAvailMsg = "ACLS APPLICATION NOT AVAILABLE";
      private final static String aclsTranRowCount = "<TRAN-ROW-COUNT>";

      private final static int COMM_AREA_LENGTH = 10000;

      private static String CICS_REGION = "";
      private static String CICS_PROGRAM = "";
      private static String CICS_TRANSACTION = "";
      private static String ECI_SYNC_TYPE = "";
      private static String XSL_FILE_LOCATION = "";
      private static String XSL_FILE_EXTENSION = "";
      private static String SESSION_USERID_NAME = "";
      private static String SESSION_PASSWORD_NAME = "";
      private static String SESSION_TARGET_NAME = "";

      //user ID and password fields
      public String userID;
      public String password;

/**
 * XMLTransaction constructor comment.
 */
public XMLTransaction() {
      super();
}
/**
 * Insert the method's description here.
 * Creation date: (06/08/2000 9:51:12 AM)
 */
public void doPost(HttpServletRequest req, HttpServletResponse res)
            throws ServletException, IOException {

       doGet(req,res);


}
/**
 * This method takes as input the XML response from ACLS and converts it to HTML.
 * The HTML is then written out to the Servlet HTML Response.
 */
public void doGet (HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

            //  For debugging
            Date debugDate = new Date();
            //  Send debugging information to STDOUT
            boolean DEBUG = false;
            //  Send debugging information as HTML to the web page.
            boolean DEBUG2 = true;

//**************************************************************************************
//Added by:             Gunalan Vijayaratnam
//Date Modified:       6/19/2001
//Purpose:                   Security for the ACLS WebSite

      response.setContentType("text/html");
      ServletOutputStream htmlOutputStream = response.getOutputStream();

    String authorization = request.getHeader("Authorization");
    String user_text=new String();
    String password_text=new String();

    if (authorization == null)
    {
            askForPassword(response);
    }
    else
    {
         String userInfo = authorization.substring(6).trim();
         BASE64Decoder decoder = new BASE64Decoder();
         String namePassword = new String(decoder.decodeBuffer(userInfo));
         int index = namePassword.indexOf(":");
         user_text = namePassword.substring(0, index);
         password_text = namePassword.substring(index+1);
    }
//*************************************************************************************

      if (user_text != null)
      {
            userID = new String (user_text);
            password = new String (password_text);
      }
      else
      {
            askForPassword(response);
      }

/*
            //Get the Session first
            HttpSession session = request.getSession(true);

            //Check if the session indicates that the user has supplied a user id and password
            userID   = session.getValue(SESSION_USERID_NAME).toString();
            password = session.getValue(SESSION_PASSWORD_NAME).toString();

            if ( userID == null || password == null ) {

               //Save the request URL as the true target and redirect to the login page.
               session.putValue(SESSION_TARGET_NAME,request.getScheme() + "://" + request.getServerName() + "/aclsweb/Home.html");
               response.sendRedirect(request.getScheme() + "://" + request.getServerName() + "/aclsweb/Login.html");

               return;
            }
*/

            /*  Convert web browser using XSL to ACLS Markup Language  */
            //  First, generate the input XML
            StringBuffer buf = new StringBuffer();
            boolean skipAclsCall = false;
            String passToResponseString = "";
            String requestFile = "", formatFile = "", errorFile = "";
            buf.append("<FORM-INPUT>");
            Vector transactions = new Vector();
            //  Ignor index number zero(0).  Put in a empty hash for index 0
            Hashtable emptyTran = new Hashtable();
            transactions.addElement(emptyTran);
            for (Enumeration e = request.getParameterNames() ; e.hasMoreElements() ; ) {
                  String name = (String) e.nextElement();
                  String value = (String) request.getParameter(name);
                  if ( DEBUG )
                        System.out.println(debugDate + " " + "name =" + name + ", value =" + value + ".");
                  if ( name.equals("PASS_TO_RESPONSE") )
                        passToResponseString = value;
                  else if ( name.equals("BYPASS_ACLS") ) {
                        if ( value.toUpperCase().equals("TRUE") )
                              skipAclsCall = true;
                  }
                  else if ( name.equals("REQUEST_FILE") )
                        requestFile = value;
                  else if ( name.equals("ERROR_FILE") )
                        errorFile = value;
                  else if ( name.equals("FORMAT_FILE") )
                        formatFile = value;
                  else {
                        //  Check for multiline stuff.  If name has "__number" at the end (for example, __3),
                        //    strip and pack in a transaction
                        int rowNumber = 0;
                        String tranName = "";
                        try {
                              int underscoreIndex = name.lastIndexOf("__");
                              rowNumber = Integer.parseInt(name.substring(underscoreIndex + 2));
                              String elementName = name.substring(0, underscoreIndex);
                              if ( transactions.size() < rowNumber + 1 ) {
                                    transactions.setSize(rowNumber + 1);
                                    Hashtable newTran = new Hashtable();
                                    newTran.put(elementName, value);
                                    transactions.setElementAt(newTran, rowNumber);
                              }
                              else {
                                    if ( transactions.elementAt(rowNumber) == null ) {
                                          Hashtable newTran = new Hashtable();
                                          newTran.put(elementName, value);
                                          transactions.setElementAt(newTran, rowNumber);
                                    }
                                    else {
                                          ((Hashtable) transactions.elementAt(rowNumber)).put(elementName, value);
                                    }
                              }
                        }
                        catch (NumberFormatException ignored) {
                              buf.append("<").append(name).append(">").append(value).append("</").append(name).append(">");
                        }
                        catch (IndexOutOfBoundsException alsoIgnored) {
                              buf.append("<").append(name).append(">").append(value).append("</").append(name).append(">");
                        }
                  }
            }

            //  Get multiline info, pack into transactions.
            StringBuffer newTranBuf = new StringBuffer();
            if ( transactions.size() > 1 ) {

                  for ( int i = 1 ; i < transactions.size() ; i++ ) {
                        StringBuffer tranBuf = new StringBuffer();
                        boolean includeTran = false;
                        tranBuf.append(aclsTransactionStartTag);
                        Hashtable tran = (Hashtable) transactions.elementAt(i);
                        for (Enumeration e = tran.keys() ; e.hasMoreElements() ; ) {
                              String name = (String) e.nextElement();
                              String value = (String) tran.get(name);
                              //  TRAN_TRN_COD acts as a flag.  If a value is not specified, then do not execute a transaction.
                              if ( name.equals("TRAN_TRN_COD") && value.length() > 0 ) {
                                    includeTran = true;
                              }
                              tranBuf.append("<").append(name).append(">").append(value).append("</").append(name).append(">");
                        }
                        tranBuf.append(aclsTransactionEndTag);
                        if ( includeTran ) {
                              newTranBuf.append(tranBuf);
                        }
                  }
            }
            buf.append(newTranBuf);

            buf.append("</FORM-INPUT>");

            if ( DEBUG )
                  System.out.println(debugDate + " " + "buf:" + buf.toString() + ":buf");

            if ( DEBUG2 ) {

                  htmlOutputStream.println("The following XML was generated on the form:");
                  htmlOutputStream.println("<P>");
                  processXSLTError(htmlOutputStream, buf.toString());
                  htmlOutputStream.println("<P>");
                  htmlOutputStream.flush();
            }

            if ( DEBUG )
                  System.out.println(debugDate + " " + "requestFile:" + requestFile.toString() + ":requestFile");

        //  The transaction must specify a request file.
        if ( requestFile.equals("") ) {

                  htmlOutputStream.println("System error:  Please contact the System Administrator.");
                  htmlOutputStream.println("<P>");
                  htmlOutputStream.println("the application must specify a request file.");
                  htmlOutputStream.println("<P>");
                  return;
          }
          //  The transaction must specify a format file.
            if ( formatFile.equals("") ) {

                  htmlOutputStream.println("System error:  Please contact the System Administrator.");
                  htmlOutputStream.println("<P>");
                  htmlOutputStream.println("the application must specify a format file.");
                  htmlOutputStream.println("<P>");
                  return;
          }

            //  Second, process the XML using XSL
            StringWriter aclsRequestWriter = new StringWriter();
            try {
                  XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
                  processor.process(new XSLTInputSource(new StringReader(buf.toString())),
                                            new XSLTInputSource(XSL_FILE_LOCATION + "/" + requestFile + "." + XSL_FILE_EXTENSION),
                                            new XSLTResultTarget(aclsRequestWriter));
            }
            catch (Exception e)
            {

                  DefaultErrorProcess(htmlOutputStream, e.toString());
                  return;
            }

            String aclsXSLTRequest = aclsRequestWriter.toString().trim();

            if ( DEBUG2 ) {

                  htmlOutputStream.println("The following XML was generated by the XSLT for the application:");
                  htmlOutputStream.println("<P>");
                  processXSLTError(htmlOutputStream, aclsXSLTRequest);
                  htmlOutputStream.println("<P>");
                  htmlOutputStream.flush();
            }

            String aclsRequest = processNumericRequest(aclsXSLTRequest, requestFile);

            /*  Encode application user ID and password.  */
            if ( aclsRequest.indexOf("<TRAN-USERID") < 0 ) {
                  int open = aclsRequest.indexOf("</TRANSACTION>");
                  if ( open >= 0 ) {
                        String newRequest = aclsRequest.substring(0, open) +
                                                      "<TRAN-USERID>" + userID + "</TRAN-USERID>" +
                                                      aclsRequest.substring(open);
                        aclsRequest = newRequest;
                  }
            }

            if ( DEBUG )
                  System.out.println(debugDate + " " + "aclsRequest:" + aclsRequest + ":aclsRequest");

            String aclsResponse;
            StringBuffer multilineResponse;

            if ( skipAclsCall ) {
                  aclsResponse = aclsResponseStartTag + aclsTransactionResponseStartTag +
                                       aclsTransactionResponseEndTag + aclsResponseEndTag;
            }
            else {
                  JavaGateway jgaConnection = null;
                  try {
                        //  Create the gateway
                        jgaConnection = new JavaGateway();
                        //  Setup the connection
                        jgaConnection.setURL("local:");
                        //  Open the connection
                        jgaConnection.open();
                        //  Create the communication area byte array
                        byte [] commArea = initCommArea(aclsRequest, COMM_AREA_LENGTH);
                        //  Create the ECI request
                        ECIRequest eciRequest = new ECIRequest(
                                    getECISyncType(),    // Specify synchronous transaction (required to utilize the CICS Tran ID)
                                    CICS_REGION,         //  CICS Region
                                    userID,              //  User ID
                                    password,            //  Password
                                    CICS_PROGRAM,        //  Program Name
                                    CICS_TRANSACTION,    //  CICS transaction ID
                                    commArea             //  Communication area byte array created above
                                 );
                        //  Execute the acls cics transaction
                        jgaConnection.flow(eciRequest);
                        //  Get the response
                        aclsResponse = new String(eciRequest.Commarea).trim();
                        if ( aclsResponse.equals(aclsRequest) ) {

                              DefaultErrorProcess(htmlOutputStream, "You are unable to connect!");
                              return;
                        }
                  }
                  catch (CICSResourceException e)
                  {
                              DefaultErrorProcess(htmlOutputStream, e.toString());
                              return;
                  }
                  catch (IOException ioe)
                  {
                              DefaultErrorProcess(htmlOutputStream, ioe.toString());
                              return;
                  }
                  catch (CommunicationException ce)
                  {
                              DefaultErrorProcess(htmlOutputStream, ce.toString());
                              return;
                  }
                  catch (Exception e)
                  {

                              DefaultErrorProcess(htmlOutputStream, e.toString());
                              return;
                  }
                  finally {
                        //  Close the connection
                        if ( jgaConnection != null ) {
                              jgaConnection.close();
                        }
                  }

            }

            if ( DEBUG )
                  System.out.println(debugDate + " " + "aclsResponse:" + aclsResponse + ":aclsResponse");

            if ( DEBUG2 ) {

                  htmlOutputStream.println("The following XML was received from the application:");
                  htmlOutputStream.println("<P>");
                  processXSLTError(htmlOutputStream, aclsResponse);
                  htmlOutputStream.println("<P>");
                  htmlOutputStream.flush();
            }

            //  Include the request in the response.
            String aclsStart = aclsResponseStartTag + aclsTransactionResponseStartTag;
            String aclsEnd   = aclsTransactionResponseEndTag + aclsResponseEndTag;
            String fullResponse = "";

            //  Check to see if the request was rejected.
            StringBuffer rejectStringBuff = new StringBuffer(aclsRequestRejectedStartTag).append(aclsRejectReasonStartTag)
                                                            .append(aclsRequestRejected00007Msg)
                                                            .append(aclsRejectReasonEndTag).append(aclsRequestRejectedEndTag);



            String rejectString = rejectStringBuff.toString();


            if ( aclsResponse.indexOf(aclsRequestRejectedStartTag) >= 0 &&
                  //  If multi-line and 00007 message is only error, the request is not really rejected
                  ! ( aclsRequest.indexOf(aclsTranRowCount) >= 0 && aclsResponse.indexOf(rejectString) >= 0 &&
                        aclsResponse.indexOf(aclsRejectReasonStartTag, aclsResponse.indexOf(aclsRejectReasonStartTag) + 1) < 0 )) {
                  //  If rejected, include transaction request and all field elements.
                  //  Consider multi-line stuff

                  int requestCursor = aclsRequestStartTag.length();
                  int responseCursor = 0;
                  StringBuffer responseBuf = new StringBuffer();
                  //  1:  Insert ACLS-RESPONSE
                  String appendStr = aclsResponse.substring(0, aclsResponseStartTag.length());
                  responseBuf.append(appendStr);
                  responseCursor += appendStr.length();
                  boolean firstPass = true;
                  boolean ListTrans = false;
                  boolean NextTrans = false;

                  int TransCodeidx = aclsRequest.indexOf(aclsTransCodeTag);

                  if ((aclsRequest.substring(TransCodeidx + aclsTransCodeTag.length(),TransCodeidx + aclsTransCodeTag.length()+1)).equals("L")) {
                        ListTrans = true;
                        passToResponseString += aclsRequest.substring(aclsRequestStartTag.length(), aclsRequest.indexOf(aclsTransactionEndTag, aclsRequestStartTag.length()) + aclsTransactionEndTag.length());

                  }

                  if ((aclsRequest.substring(TransCodeidx + aclsTransCodeTag.length(),TransCodeidx + aclsTransCodeTag.length()+1)).equals("N")) {
                        NextTrans = true;
                        passToResponseString += aclsRequest.substring(aclsRequestStartTag.length(), aclsRequest.indexOf(aclsTransactionEndTag, aclsRequestStartTag.length()) + aclsTransactionEndTag.length());
                  }


                    String DBIOServerStr = "";

                    if (aclsRequest.indexOf(aclsDBIOStartTag) >= 0 ) {

                          DBIOServerStr = aclsRequest.substring( aclsRequest.indexOf(aclsDBIOStartTag),aclsRequest.indexOf(aclsDBIOEndTag) + aclsDBIOEndTag.length());
                          aclsRequest = aclsRequest.substring(0,aclsRequest.indexOf(DBIOServerStr)).concat(aclsRequestEndTag);
                    }

                    String DBIOResponseStr = "";

                    if (aclsResponse.indexOf(aclsDBIOResponseStartTag) >= 0 ) {

                          DBIOResponseStr = aclsResponse.substring( aclsResponse.indexOf(aclsDBIOResponseStartTag),aclsResponse.indexOf(aclsDBIOResponseEndTag) + aclsDBIOResponseEndTag.length());
                          aclsResponse = aclsResponse.substring(0,aclsResponse.indexOf(DBIOResponseStr)).concat(aclsResponseEndTag);
                    }


                  while ( responseCursor < ( aclsResponse.length() - aclsResponseEndTag.length() - 1 ) ) {
                        //  Check transaction by transaction.  If successful, just include the response.  Otherwise,
                        //    include the request and the response.
                        StringBuffer successTran = new StringBuffer();
                        StringBuffer failTran = new StringBuffer();
                        boolean success = true;

                        //  2:  Add TRANSACTION-RESPONSE
                        appendStr = aclsResponse.substring(responseCursor, responseCursor + aclsTransactionResponseStartTag.length());
                        responseCursor += appendStr.length();


                        failTran.append(appendStr);
                        successTran.append(appendStr);

                        if ( firstPass ) {

                              firstPass = false;
                              failTran.append(passToResponseString);
                              successTran.append(passToResponseString);



                        }

                        //  3:  Add the transaction request to the buffer



                        appendStr = aclsRequest.substring(requestCursor, aclsRequest.indexOf(aclsTransactionEndTag, requestCursor) + aclsTransactionEndTag.length());



                        if(! ListTrans && ! NextTrans )
                              requestCursor += appendStr.length();

                        failTran.append(appendStr);


                        //  4:  Add the transaction request data to the buffer

                        String  tran = appendStr;
                         appendStr = tran.substring(aclsTransactionStartTag.length(), tran.length() - aclsTransactionEndTag.length());
                        failTran.append(appendStr);

                        //  5:  Add the transaction response data to the buffer
                        appendStr = aclsResponse.substring(responseCursor, aclsResponse.indexOf(aclsTransactionResponseEndTag, responseCursor));
                        responseCursor += appendStr.length();
                        failTran.append(appendStr);
                        successTran.append(appendStr);


                        if ( appendStr.indexOf(aclsRequestRejectedStartTag) >= 0 )
                              success = false;
                        //  6:  Add /TRANSACTION-RESPONSE
                        appendStr = aclsResponse.substring(responseCursor, responseCursor + aclsTransactionResponseEndTag.length());
                        responseCursor += appendStr.length();
                        failTran.append(appendStr);
                        successTran.append(appendStr);


                        //  Check if successful transaction.
                        if ( success )
                              responseBuf.append(successTran);
                        else
                              responseBuf.append(failTran);
                  }



                  responseBuf.append(DBIOResponseStr);
                  //  7:  Insert /ACLS-RESPONSE


                  appendStr = aclsResponse.substring(responseCursor);
                  responseBuf.append(appendStr);
                  responseCursor += appendStr.length();
                  //fullResponse = aclsResponse.substring(0, aclsStart.length()) +
                  //               aclsRequest.substring(aclsRequestStartTag.length(), aclsRequest.length() - aclsRequestEndTag.length()) +
                  //               passToResponseString +
                  //               aclsRequest.substring(aclsRequestStartTag.length() + aclsTransactionStartTag.length(), aclsRequest.length() - aclsRequestEndTag.length() - aclsTransactionEndTag.length()) +
                  //               aclsResponse.substring(aclsStart.length());
                  fullResponse = responseBuf.toString().trim();
                  //  If an error file is specified, use the error file.
                  if ( ! errorFile.equals("") )
                        formatFile = errorFile;
            }
            else {

                  if ( aclsResponse.indexOf(aclsDBIOResponseStartTag) >= 0 && aclsResponse.indexOf(aclsTransactionResponseStartTag) < 0) {

                        //  DBIO response
                        aclsStart = aclsResponseStartTag + aclsDBIOResponseStartTag;
                        aclsEnd   = aclsResponseEndTag   + aclsDBIOResponseEndTag;
                        fullResponse = aclsResponse.substring(0, aclsStart.length()) +
                                             aclsRequest.substring(aclsRequestStartTag.length(), aclsRequest.length() - aclsRequestEndTag.length()) +
                                             passToResponseString +
                                             aclsResponse.substring(aclsStart.length());
                  }
                  else {
                        //  Transaction response
                        fullResponse = aclsResponse.substring(0, aclsStart.length()) +
                                             aclsRequest.substring(aclsRequestStartTag.length(), aclsRequest.length() - aclsRequestEndTag.length()) +
                                             passToResponseString +
                                             aclsResponse.substring(aclsStart.length());
                  }
            }

            //  Check for multiple transactions where the request is for more than one transaction
            //  based on TRAN-ROW-COUNT, and fewer were returned because there were no more available.
            //  If TRAN-ROW-COUNT is NOT specified, TRANSACTION-COUNT is specified.
            if ( aclsRequest.indexOf(aclsTranRowCountStartTag) >= 0 || fullResponse.indexOf(aclsTransactionCountStartTag) >= 0 ) {
                  int tranRequestCount = 0;
                  if ( aclsRequest.indexOf(aclsTranRowCountStartTag) >= 0 ) {

                        tranRequestCount = new Integer(aclsRequest.substring(
                                                         aclsRequest.indexOf(aclsTranRowCountStartTag) + aclsTranRowCountStartTag.length(),
                                                         aclsRequest.indexOf(aclsTranRowCountEndTag))).intValue();
                  }
                  else {
                        tranRequestCount = new Integer(fullResponse.substring(
                                                         fullResponse.indexOf(aclsTransactionCountStartTag) + aclsTransactionCountStartTag.length(),
                                                         fullResponse.indexOf(aclsTransactionCountEndTag))).intValue();
                  }
                  int tranRowCount = 0;
                  int tranStart = -1, lastTranStart = -1;
                  while ( (tranStart = aclsResponse.indexOf(aclsTransactionResponseStartTag, tranStart + 1)) >= 0 ) {
                        tranRowCount += 1;
                        lastTranStart = tranStart;
                  }
                  //  add the transactions
                  String newTran = aclsTransactionResponseStartTag + aclsTransactionResponseEndTag;
                  StringBuffer additionalTran = new StringBuffer();
                  while (tranRowCount < tranRequestCount) {
                        additionalTran.append(newTran);
                        tranRowCount++;
                  }
                  String newResponse = fullResponse.substring(0, fullResponse.length() - aclsResponseEndTag.length()) +
                                                 additionalTran.toString() +
                                                 fullResponse.substring(fullResponse.length() - aclsResponseEndTag.length());
                  fullResponse = newResponse;
            }


            if ( DEBUG )
                  System.out.println(debugDate + " " + "fullResponse:" + fullResponse + ":fullResponse");


            aclsResponse = processNumericResponse(fullResponse);

            try {
                StringWriter aclsResponseWriter = new StringWriter();
                XSLTProcessor processor = XSLTProcessorFactory.getProcessor();
                processor.process(new XSLTInputSource(new StringReader(aclsResponse)),
                                          new XSLTInputSource(XSL_FILE_LOCATION + "/" + formatFile + "." + XSL_FILE_EXTENSION),
                                          //new XSLTResultTarget(so));
                                          new XSLTResultTarget(aclsResponseWriter));
                htmlOutputStream.print(aclsResponseWriter.toString().trim());
            }
          catch (Exception e)
          {

                  DefaultErrorProcess(htmlOutputStream, e.toString());
          }

}
/**
 * Check the ECI request type.
 * Creation date: (1/25/01 2:07:50 PM)
 * @return int
 */
public int getECISyncType() {


      if ( ECI_SYNC_TYPE.equals("ECI_SYNC") ) {
            return ECIRequest.ECI_SYNC;
      }
      else if ( ECI_SYNC_TYPE.equals("ECI_SYNC_TPN") ) {
            return ECIRequest.ECI_SYNC_TPN;
      }
      else if ( ECI_SYNC_TYPE.equals("ECI_ASYNC") ) {
            return ECIRequest.ECI_ASYNC;
      }
      else if ( ECI_SYNC_TYPE.equals("ECI_ASYNC_TPN") ) {
            return ECIRequest.ECI_ASYNC_TPN;
      }

      return ECIRequest.ECI_SYNC_TPN;

}
/**
 * Insert the method's description here.
 * Creation date: (1/25/01 1:58:10 PM)
 */
public void init(ServletConfig config) throws javax.servlet.ServletException {

      super.init(config);


      try {

            // figure out the name of the props file
            String propsfilename = getClass().getName().replace('.', '/') + ".props";

            // this approach will read from the top of any CLASSPATH entry
            InputStream is = getClass().getResourceAsStream("/" + propsfilename);
            Properties p = new Properties();

            // load the file into the Properties object
            p.load(is);

            // set the properties
            this.CICS_REGION           = p.getProperty("CICS_REGION");
            this.CICS_PROGRAM          = p.getProperty("CICS_PROGRAM");
            this.CICS_TRANSACTION      = p.getProperty("CICS_TRANSACTION");
            this.ECI_SYNC_TYPE         = p.getProperty("ECI_SYNC_TYPE");
            this.XSL_FILE_LOCATION     = p.getProperty("XSL_FILE_LOCATION");
            this.XSL_FILE_EXTENSION    = p.getProperty("XSL_FILE_EXTENSION");
            this.SESSION_USERID_NAME   = p.getProperty("SESSION_USERID_NAME");
            this.SESSION_PASSWORD_NAME = p.getProperty("SESSION_PASSWORD_NAME");
            this.SESSION_TARGET_NAME   = p.getProperty("SESSION_TARGET_NAME");

      }
      catch (Exception e) {
            throw new RuntimeException("UNABLE TO INITIALIZE, EXITING...");
      }


}
/**
 * Insert the method's description here.
 * Creation date: (1/23/01 3:17:09 PM)
 */
private byte[] initCommArea(String data, int size) {

      //  Method logic obtained from Chapter 17.3.6, Java Programming Guide for OS/390

      //  Build a temporary byte array
      byte [] dataBytes = data.getBytes();

      //  Create the new communication area
      byte [] theCommArea = new byte[size];

      //  Copy the data to the communication area
      System.arraycopy(dataBytes, 0, theCommArea, 0, dataBytes.length);

      //  Fill the rest of the communication area with 0
      for ( int c = dataBytes.length ; c < size  ; c++ ) {
            theCommArea[c] = 0;
      }

      return theCommArea;

}
/**
 * Insert the method's description here.
 * Creation date: (1/25/01 9:39:59 AM)
 */
private String processNumericRequest(String aclsRequest, String requestFile) {

      String newRequest = "";

      if ( requestFile.equals("Request_CCOD") || requestFile.equals("Request_ICOD") ) {
            int open = aclsRequest.indexOf("<X10-98");
            int close = aclsRequest.indexOf("</X10-98");
            if ( open > 0 && close > 0 ) {
                  newRequest = aclsRequest.substring(0, open) +
                                     "<10-98" +
                                     aclsRequest.substring(open + 7, close) +
                                     "</10-98" +
                                     aclsRequest.substring(close + 8);
                  aclsRequest = newRequest;
            }
      }

      if ( requestFile.equals("Request_CDQY") || requestFile.equals("Request_IDQY") ) {
            int open = aclsRequest.indexOf("<X1ST-N");
            int close = aclsRequest.indexOf("</X1ST-N");
            if ( open > 0 && close > 0 ) {
                  newRequest = aclsRequest.substring(0, open) +
                                     "<1ST-N" +
                                     aclsRequest.substring(open + 7, close) +
                                     "</1ST-N" +
                                     aclsRequest.substring(close + 8);
                  aclsRequest = newRequest;
            }
            open = aclsRequest.indexOf("<X2ND-N");
            close = aclsRequest.indexOf("</X2ND-N");
            if ( open > 0 && close > 0 ) {
                  newRequest = aclsRequest.substring(0, open) +
                                     "<2ND-N" +
                                     aclsRequest.substring(open + 7, close) +
                                     "</2ND-N" +
                                     aclsRequest.substring(close + 8);
                  aclsRequest = newRequest;
            }
      }


      //Making changes to include the IIC1 and CIC1 screens
      //Made on 3/14  by Gunalan Vijayaratnam

      if ( requestFile.equals("Request_IIC1") || requestFile.equals("Request_CIC1") )
      {
            int open = aclsRequest.indexOf("<X1ST-D");
            int close = aclsRequest.indexOf("</X1ST-D");
            if ( open > 0 && close > 0 )
            {
                  newRequest = aclsRequest.substring(0, open) +
                                     "<1ST-D" +
                                     aclsRequest.substring(open + 7, close) +
                                     "</1ST-D" +
                                     aclsRequest.substring(close + 8);
                  aclsRequest = newRequest;
            }
            open = aclsRequest.indexOf("<X1ST-P");
            close = aclsRequest.indexOf("</X1ST-P");
            if ( open > 0 && close > 0 )
            {
                  newRequest = aclsRequest.substring(0, open) +
                                     "<1ST-P" +
                                     aclsRequest.substring(open + 7, close) +
                                     "</1ST-P" +
                                     aclsRequest.substring(close + 8);
                  aclsRequest = newRequest;
            }
      }
      //End of Changes to include IIIC1 and CIC1 screens

      //***********************************************************************
      //Change to accomodate CDEPA for change transaction
      //***********************************************************************
            if (requestFile.equals("CDEPA")  )
            {
                  int open = aclsRequest.indexOf("<1ST-N");
                  int close = aclsRequest.indexOf("</1ST-N");
                  if ( open > 0 && close > 0 )
                  {
                        newRequest = aclsRequest.substring(0, open) +
                                                       "<X1ST-N" +
                                                       aclsRequest.substring(open + 6, close) +
                                                       "</X1ST-N" +
                                                       aclsRequest.substring(close + 7);
                        aclsRequest = newRequest;
                  }

                  open = aclsRequest.indexOf("<1ST-N");
                  close = aclsRequest.indexOf("</1ST-N");
                  if ( open > 0 && close > 0 )
                  {
                        newRequest = aclsRequest.substring(0, open) +
                                                       "<X1ST-N" +
                                                       aclsRequest.substring(open + 6, close) +
                                                       "</X1ST-N" +
                                                       aclsRequest.substring(close + 7);
                        aclsRequest = newRequest;
                  }
            }
            //End of changek


      return aclsRequest;
}
/**
 * Modify the response to eliminate XML tags that start with a number.
 * Creation date: (1/26/01 12:32:22 PM)
 * @return java.lang.String
 * @param aclsResponse java.lang.String
 */
public String processNumericResponse(String aclsResponse) {

      String tranCodeStartTag = "<TRAN-TRN-COD>", tranCodeEndTag = "</TRAN-TRN-COD>";
      String tranCode = "";
      if ( aclsResponse.indexOf(tranCodeStartTag) >= 0 ) {
            tranCode = aclsResponse.substring(aclsResponse.indexOf(tranCodeStartTag) + tranCodeStartTag.length(),
                                                              aclsResponse.indexOf(tranCodeEndTag));
      }

      //  XML does not allow tags to start with a number
      if ( tranCode.equals("CCOD") || tranCode.equals("ICOD") || tranCode.equals("IICOD")) {
            //  Have COD transaction
            int open = aclsResponse.indexOf("<10-98");
            int close = aclsResponse.indexOf("</10-98");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X10-98" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X10-98" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<10-98");
            close = aclsResponse.indexOf("</10-98");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X10-98" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X10-98" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
      }

      if ( tranCode.equals("IIDQY") || tranCode.equals("IDQY") || tranCode.equals("CDQY")) {
            //  Have DQY transaction
            int open = aclsResponse.indexOf("<2ND-N");
            int close = aclsResponse.indexOf("</2ND-N");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X2ND-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X2ND-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<2ND-N");
            close = aclsResponse.indexOf("</2ND-N");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X2ND-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X2ND-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }

            open = aclsResponse.indexOf("<1ST-N");
            close = aclsResponse.indexOf("</1ST-N");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<1ST-N");
            close = aclsResponse.indexOf("</1ST-N");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
      }

//*********************************************************************************************
//Change made by Gunalan Vijayaratnam
//DEPA and IVR Inquiry screen on 4/3/2001
//Associated change made to the Format_IDEPA.xsl file to change 1ST-N to X1ST-N
//Associated change made to the Format_IVR.xsl file to change 8-10- to X8-10-
//*********************************************************************************************

      if ( tranCode.equals("IDEPA") || tranCode.equals("CDEPA")  )
      {
            int open = aclsResponse.indexOf("<1ST-N");
            int close = aclsResponse.indexOf("</1ST-N");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }

            open = aclsResponse.indexOf("<1ST-N");
            close = aclsResponse.indexOf("</1ST-N");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-N" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-N" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
      }

      //Change to the IVR screen

      if (tranCode.equals("IIVR"))
      {
            int open = aclsResponse.indexOf("<8-10-C");
            int close = aclsResponse.indexOf("</8-10-C");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X8-10-C" +
                                                 aclsResponse.substring(open + 7, close) +
                                                 "</X8-10-C" +
                                                 aclsResponse.substring(close + 8);
                  aclsResponse = newResponse;
            }

            open = aclsResponse.indexOf("<8-10-C");
            close = aclsResponse.indexOf("</8-10-C");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X8-10-C" +
                                                 aclsResponse.substring(open + 7, close) +
                                                 "</X8-10-C" +
                                                 aclsResponse.substring(close + 8);
                  aclsResponse = newResponse;
            }
      }
//*******************  end of SSN and IVR screen change  **********************************************


      if ( tranCode.equals("IDELQ")) {
            //  Have DELQ transaction
            int open = aclsResponse.indexOf("<24-CY");
            int close = aclsResponse.indexOf("</24-CY");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-CY" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X24-CY" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
      }

      if ( tranCode.equals("IIPHS")) {
            //  Have PHS transaction
            int open = aclsResponse.indexOf("<1ST-L");
            int close = aclsResponse.indexOf("</1ST-L");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-L" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-L" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<2ND-L");
            close = aclsResponse.indexOf("</2ND-L");
            if ( open > 0 && close > 0 ) {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X2ND-L" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X2ND-L" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }

      }

            if ( tranCode.equals("LIPAY") || tranCode.equals("NIPAY")  ){
                  //  Have PHS transaction
                  int open = aclsResponse.indexOf("<1ST-L");
                  int close = aclsResponse.indexOf("</1ST-L");
                  if ( open > 0 && close > 0 ) {
                        String newResponse = aclsResponse.substring(0, open) +
                                                       "<X1ST-L" +
                                                       aclsResponse.substring(open + 6, close) +
                                                       "</X1ST-L" +
                                                       aclsResponse.substring(close + 7);
                        aclsResponse = newResponse;
                  }
                  open = aclsResponse.indexOf("<2ND-L");
                  close = aclsResponse.indexOf("</2ND-L");
                  if ( open > 0 && close > 0 ) {
                        String newResponse = aclsResponse.substring(0, open) +
                                                       "<X2ND-L" +
                                                       aclsResponse.substring(open + 6, close) +
                                                       "</X2ND-L" +
                                                       aclsResponse.substring(close + 7);
                        aclsResponse = newResponse;
                  }

      }


      //Making changes to include the IIIC1, CIC1 and IIC1 screens
      //Made on 3/14  by Gunalan Vijayaratnam

      if ( tranCode.equals("IIIC1") || tranCode.equals("IIC1") || tranCode.equals("CIC1"))
      {

            int open = aclsResponse.indexOf("<1ST-D");
            int close = aclsResponse.indexOf("</1ST-D");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-D" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-D" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<1ST-P");
            close = aclsResponse.indexOf("</1ST-P");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X1ST-P" +
                                                 aclsResponse.substring(open + 6, close) +
                                                 "</X1ST-P" +
                                                 aclsResponse.substring(close + 7);
                  aclsResponse = newResponse;
            }
      }
      //End of changes

      //Making changes to include the ICBR Screens
      //Made on 3/14  by Gunalan Vijayaratnam

      if ( tranCode.equals("IICBR"))
      {

            int open = aclsResponse.indexOf("<24-");      //1st
            int close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //2nd
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //3rd
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //4th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //5th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //6th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //7th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //8th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //9th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //10th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //11th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //12th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //13th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //14th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //15th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //16th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //17th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //18th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //19th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //20th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //21st
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //22nd
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //23rd
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //24th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }
            open = aclsResponse.indexOf("<24-");      //25th
            close = aclsResponse.indexOf("</24-");
            if ( open > 0 && close > 0 )
            {
                  String newResponse = aclsResponse.substring(0, open) +
                                                 "<X24-" +
                                                 aclsResponse.substring(open + 4, close) +
                                                 "</X24-" +
                                                 aclsResponse.substring(close + 5);
                  aclsResponse = newResponse;
            }

      }//closes out the entire ICBR screen change to servlet

      return aclsResponse;
}
/**
 * Insert the method's description here.
 * Creation date: (1/24/01 2:15:44 PM)
 * @param so javax.servlet.ServletOutputStream
 * @param myXMLString java.lang.String
 */
private void processXSLTError(ServletOutputStream so, String myXMLString) throws IOException {


      StringTokenizer st = new StringTokenizer(myXMLString, "<>", true);

      int spaceCount = 0;
      String token1, token2, token3, token4, token5, token6, token7;
      String saveToken1 = "";

      so.print("<font face=\"courier\">");

      try {

            while (st.hasMoreTokens()) {
                  if ( saveToken1.equals("") ) {
                        token1 = st.nextToken();
                  }
                  else {
                        token1 = saveToken1;
                  }
                  token2 = st.nextToken();
                  token3 = st.nextToken();
                  if ( token2.substring(0, 1).equals("/") ) {
                        saveToken1 = "";
                        spaceCount -= 4;
                        for ( int i = 0 ; i < spaceCount ; i++ ) {
                              so.print("&nbsp;");
                        }
                        so.print("&lt;" + token2 + "&gt;<br>");
                  }
                  else {
                        token4 = st.nextToken();
                        if ( token4.equals("<") ) {
                              for ( int i = 0 ; i < spaceCount ; i++ ) {
                                    so.print("&nbsp;");
                              }
                              so.print("&lt;" + token2 + "&gt;<br>");
                              spaceCount += 4;
                              saveToken1 = token4;
                        }
                        else {
                              saveToken1 = "";
                              token5 = st.nextToken();
                              token6 = st.nextToken();
                              token7 = st.nextToken();
                              for ( int i = 0 ; i < spaceCount ; i++ ) {
                                    so.print("&nbsp;");
                              }
                              so.print("&lt;" + token2 + "&gt;" + token4 + "&lt;" + token6 + "&gt;<br>");
                        }
                  }
            }

      }
      catch (NoSuchElementException nsee) {
            so.print("Unable to tokenize XML.<br>");
      }
      catch (Exception e) {
            so.print("Unable to tokenize XML.<br>" + e.toString() + "<br>");
      }
      so.print("</font>");

}

//*****************************************************************************************
//Code changed on 4/9 to display new html page when error occurs during processing
//Change made by Guna Vijayaratnam
//*****************************************************************************************

public void DefaultErrorProcess(ServletOutputStream so, String errorMessage) throws IOException
{
      so.print
      ("<HTML>\n"+
      "<HEAD>\n"+
      "<TITLE><b>ERROR!!</b></TITLE>\n"+
      "</HEAD>\n"+
      "<BODY>\n"+
      "<CENTER>\n"+
      "<b>"+errorMessage+"</b>\n"+
      "</CENTER>\n"+
      "</BODY></HTML>");
}

public void askForPassword(HttpServletResponse response)
{
      response.setStatus( response.SC_UNAUTHORIZED ); //ie 401 Error Code
      response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-few\"");
}


}//closes out the entire XMLTransaction class
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6245900
Do you have a servlet log??
I guess you might be having more details about the exception logged into that.

Anyway from your code, I see that you do not exit if authentication fails. I guess the following changes are required.

1. Do not open the output stream until you are ready to write it. ie, for writing out authentication failure message open htmloutput stream in askForPassword method.
In your doGet method open stream only upon sucessful validation.

2. In your doGet method, you should end servicing the request upon calling askForPassword method. I see that the program seems to continue even after you call that method. I guess that methos should be followed by a return statement.

And your control can be somehting like this to avoid calling askForPassword method at multiple places.

   if (authorization == null ) // can also add code to check ""
   {
        user_text = "invalid user";
        password_text = "invalid password";
   }
   else
   {
        // extract userid and passowrd
   }

//validate
  if( !( user_text.equals( "valid" ) && validate_password ) )
  {
    askForPassword( response );
    return;
   }
 // valid userid ... continue process
 // open your output stream to write your data

0
 

Author Comment

by:gvijay1
ID: 6246333
hi viswa,

I tried ur examplle and this is how the code looks now.

    String authorization = request.getHeader("Authorization");
    String user_text=new String("valid user");
    String password_text=new String("valid password");

  ServletOutputStream htmlOutputStream = response.getOutputStream();

  if (authorization == null ) // can also add code to check ""
  {
       user_text = "invalid user";
       password_text = "invalid password";
  }
  else
  {
         String userInfo = authorization.substring(6).trim();
         BASE64Decoder decoder = new BASE64Decoder();
         String namePassword = new String(decoder.decodeBuffer(userInfo));
         int index = namePassword.indexOf(":");
         user_text = namePassword.substring(0, index);
         password_text = namePassword.substring(index+1);
  }

//  validate
 if( user_text.equals("invalid user") && password_text.equals("invalid password") )
 {
   askForPassword( response);
   return;
  }
// valid userid ... continue process
//**************************************************************************************
//
//
public void askForPassword(HttpServletResponse response)
{
     response.setStatus( response.SC_UNAUTHORIZED ); //ie 401 Error Code
     response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-few\"");
}


This time, when I try to make a servlet call, I get a message box saying that the "Document contains no data. Try again later...blah, blah. Seems like I have done everything the same way, what is the issue now?

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Expert Comment

by:viswa081400
ID: 6246529
Hi vijay,

I have copied your code and made a few changes and tested it. It works fine. I'm attaching the piece of code for your reference. The only change is that i'm using different Base64Util class. And you have to use your actual validation parameters to validate.

public void service( HttpServletRequest req, HttpServletResponse res )
        throws IOException, ServletException
    {
       
        String authorization = req.getHeader( "Authorization" );
        String user_text = "";
        String password_text = "";
        if (authorization == null ) // can also add code to check ""
        {
            user_text = "invalid user";
            password_text = "invalid password";
        }
        else
        {
                String userInfo = authorization.substring(6).trim();
                //BASE64Decoder decoder = new BASE64Decoder();
                //String namePassword = new String(decoder.decodeBuffer(userInfo));
                String namePassword = Base64Util.Decode( userInfo );
                int index = namePassword.indexOf(":");
                user_text = namePassword.substring(0, index);
                password_text = namePassword.substring(index+1);
        }

        //  validate
        if( ! ( user_text.equalsIgnoreCase("user") && password_text.equalsIgnoreCase("password") ))
        {
            askForPassword( res );
            return;
        }
        ServletOutputStream htmlOutputStream = res.getOutputStream();
        htmlOutputStream.print( "Success " );
        // valid userid ... continue process
        //**************************************************************************************
        //
        //



       
    }
   
    public void askForPassword(HttpServletResponse response) throws IOException
    {
        String unauthorized_msg = "<HTML><HEAD><TITLE>Authorization Failure</TITLE></HEAD><BODY><FONT SIZE='-1' COLOR='BLUE' FACE='ARIAL'> Authentication required to enter!!</FONT></BODY></HTML>";
        ServletOutputStream sos = response.getOutputStream( );
        response.setStatus( response.SC_UNAUTHORIZED ); //ie 401 Error Code
        response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-few\"");
        response.setContentType( "text/html" );
        response.setContentLength( unauthorized_msg.length( ) );
        byte[] ab = unauthorized_msg.getBytes( );
        sos.print( unauthorized_msg );
        sos.flush( );
        sos.close();
    }
0
 

Author Comment

by:gvijay1
ID: 6246681
Hi Viswa,

First of all, I appreciate ur time and help in this matter. When I first enter the website the authentication message popps up and asks the user to validate himself. This is handled by WebSphere itself. After that point, I am merely trying to get the user name and password that was initially entered and use it to run transactions. Thus, I do not need to authenticate that the user is valid. It is handled initially. I am not sure if this changes how I approach this problem.

I tried the code u sent me, but I am still getting an unhandled exception and I am not sure at all where this is happening. Also, I am not sure if this is a websphere problem. Pls let me know if there is an easier way to do this??

0
 

Author Comment

by:gvijay1
ID: 6246689
Viswa,

Another note...I notice u are doing this in the service method and not in the Get method. Does this make a difference? If so, how can I incorporate this into the existing servlet??

-Guna
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6246729
Did you try looking into websphere log's??
The logs might contains more details about the exception.
If you can find that, it would be helpful to analyze the problem
0
 

Author Comment

by:gvijay1
ID: 6256104
Hi Viswa,

I managed to look into the error logs and found the issue. The reason for the exception is that after the decoding, the following string is returned...

 ?ea?????EA?EE?

Thus, the substring function is not working and it gives the following exception..

?java.lang.StringIndexOutOfBoundsException: String index out of range: -1

DO you know how to convert this data back to regular text. That will solve my problem, I am sure.

-gvijay1
0
 
LVL 1

Expert Comment

by:viswa081400
ID: 6256478
Check if the authorization header value starts with BASIC
0
 

Author Comment

by:gvijay1
ID: 6257271
Hi,

I am pretty sure that the header starts with BASIC. Here is how the header is being set.

response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-few\"");

Could this be a server configuration issue??

0
 
LVL 1

Accepted Solution

by:
viswa081400 earned 100 total points
ID: 6257663
Thats what i wanted to make sure. If it was any configuration issue or any other setup issue that has nothing to do with u'r code
0
 

Author Comment

by:gvijay1
ID: 6257744
Thanks Viswa,

I will talk to the our server management guy to see if the settings are correct on the server.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

For customizing the look of your lightweight component and making it look opaque like it was made of plastic.  This tip assumes your component to be of rectangular shape and completely opaque.   (CODE)
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now