exx1976
asked on
How do I read from a text file using JavaScript in an ASPX page?
I am trying to read the contents of a text file (it could be an XML file if need be, any type of file) into the JS on the web page so that I can compare user input against a list of allowed inputs. Can anyone throw up some code as to how to do this? I'm not really too strong on JS, I'm more of a VBS kinda guy, but this whole site is already written in JS.
Here's what I've written so far, please feel free to hack it up/make it work by any means possible.
Thanks!
Here's what I've written so far, please feel free to hack it up/make it work by any means possible.
Thanks!
function check(Name){
var data = "";
var fileObj = new ActiveXObject("Scripting.FileSystemObject");
if (fileObj.FileExists("C:\Inetpub\wwwroot\Citrix\XenApp\auth\clientscripts\names.txt")) {
var f = fileObj.GetFile("C:\Inetpub\wwwroot\Citrix\XenApp\auth\clientscripts\name.txt",1);
var ts = f.OpenAsTextStream(1,0);
while (!f.AtEndOfStream) {
data = ts.ReadLine();
if (data == Name) {
txtStream.Close();
return true;
}
}
txtStream.Close();
}
return false;
}
d. The code that you have is IE specific.
You should probably just send another request to the server to fill, say, an iframe with the file
ASKER
Thank you for your input. To address:
a: I posted it in Javascript and Java, in the hopes that it might be seen by more people. JS is the primary zone.
b: Ok, then how can I accomplish this?
c: I don't need to read anything on the client, I need to read a file on the server. I don't want to put the values directly in my code for fear someone could just right click -> view source, and then see the list of acceptable inputs.
Any insight?
Thanks in advance,
Exx
a: I posted it in Javascript and Java, in the hopes that it might be seen by more people. JS is the primary zone.
b: Ok, then how can I accomplish this?
c: I don't need to read anything on the client, I need to read a file on the server. I don't want to put the values directly in my code for fear someone could just right click -> view source, and then see the list of acceptable inputs.
Any insight?
Thanks in advance,
Exx
ASKER
CEHJ - how would I go about doing that? My main goal is to ensure that the values I am working with cannot be seen by someone looking at the webpage, nor can they be seen if you do a right click -> view source..
Thanks!
Thanks!
ASKER
Forget it, I found some JAVA code that back-ended this and was able to implement it there.
Thanks anyways guys.
Thanks anyways guys.
>>I don't need to read anything on the client, I need to read a file on the server
I know the file is on the server - you would be reading on the client in JS, as that's where JS runs
I know the file is on the server - you would be reading on the client in JS, as that's where JS runs
exx1976,
Are you sorted here, or do you still need help?
Are you sorted here, or do you still need help?
ASKER
Actually... LOL
I have a solution, but it's not what I want.
I found some .java files that back-end the .js stuff, and so I hard-coded my list of acceptable inputs into the .java files. However, this is ugly, and since they are subject to change (not frequent, but enough), it likely won't be good in the long run. It does work, but being able to simply enter them in a text file, one per line, would be an immense help.
Problem is, I can't recall anything from college about writing .java functions, and declaring them, and classes, and everything else. I have like 25 .java files, and I suspect I'd have to write a fresh one, declare the class, the constructors, etc etc, just to get it to read from a file. Unless I can find some solid examples, it's a bit much to figure out on my own.
I have a solution, but it's not what I want.
I found some .java files that back-end the .js stuff, and so I hard-coded my list of acceptable inputs into the .java files. However, this is ugly, and since they are subject to change (not frequent, but enough), it likely won't be good in the long run. It does work, but being able to simply enter them in a text file, one per line, would be an immense help.
Problem is, I can't recall anything from college about writing .java functions, and declaring them, and classes, and everything else. I have like 25 .java files, and I suspect I'd have to write a fresh one, declare the class, the constructors, etc etc, just to get it to read from a file. Unless I can find some solid examples, it's a bit much to figure out on my own.
if you just need your server to return a file then you could simply have the web server serve it up.
ASKER
What I need to do is pass the contents of the file into a .java applet as an array of strings. Then I need to compare the values in that array against the contents of an inputbox that a user has filled in. If their input doesn't match one of the values in the array, then they get bounced. Obviously I cannot let the users see the contents of this file, ever..
Suggestions?
Suggestions?
I would think that it safer to have the java applet read the file. Since it would be converted to java byte code, the end user would be much less likely to have some mechanism to read the values of java variables during execution.
With JavaScript, the user could use something like FireBug to single step through the code and display the file contents...
or is this a moot point because the file should exist on the user machine anyway?
With JavaScript, the user could use something like FireBug to single step through the code and display the file contents...
or is this a moot point because the file should exist on the user machine anyway?
> Obviously I cannot let the users see the contents of this file, ever..
thats going to tricky, if you're js/applet are going to have access to it then so can the user.
If you have to guarantee the security of the file then checking will need to be done server side.
thats going to tricky, if you're js/applet are going to have access to it then so can the user.
If you have to guarantee the security of the file then checking will need to be done server side.
ASKER
Yes, the .java code that executes is done solely on the server-side. It's part of a <post> page that the user doesn't ever see. What I'm trying to do is modify part of the authentication routines to control the users that are able to login.
This is what I have done.
The relevant portion is about halfway through the code:
String user = getSafeFormParameter(web, Constants.ID_USER).trim();
String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim( );
String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim ();
String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).tri m();
user = user.toLowerCase();
if (! user.equals("myuser")
|| ! user.equals("myuser2")) {
user = "notallowed";
}
So basically, if the username supplied to login is not myuser or myuser2, I'm changing the username to some non-existent user account that will cause the cite to return "Invalid Credentials".
What I'd like to be able to do is to get an array of user names from a text file (or an XML file if necessary) on the server, and load the names into an array of strings. Then I can simply call a function to compare the username that was input on the website against that array, and return a boolean that will tell whether the user should be allowed to login or not.
This is what I have done.
The relevant portion is about halfway through the code:
String user = getSafeFormParameter(web, Constants.ID_USER).trim();
String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim(
String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim
String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).tri
user = user.toLowerCase();
if (! user.equals("myuser")
|| ! user.equals("myuser2")) {
user = "notallowed";
}
So basically, if the username supplied to login is not myuser or myuser2, I'm changing the username to some non-existent user account that will cause the cite to return "Invalid Credentials".
What I'd like to be able to do is to get an array of user names from a text file (or an XML file if necessary) on the server, and load the names into an array of strings. Then I can simply call a function to compare the username that was input on the website against that array, and return a boolean that will tell whether the user should be allowed to login or not.
package com.citrix.wi.pages.auth;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import com.citrix.authentication.tokens.AccessToken;
import com.citrix.authentication.web.AuthenticationState;
import com.citrix.wi.UserPreferences;
import com.citrix.wi.accountselfservice.AccountTask;
import com.citrix.wi.config.AuthenticationConfiguration;
import com.citrix.wi.config.WIConfiguration;
import com.citrix.wi.config.auth.AuthMethod;
import com.citrix.wi.config.auth.ExplicitAuth;
import com.citrix.wi.config.auth.ExplicitNDSAuth;
import com.citrix.wi.config.auth.ExplicitUDPAuth;
import com.citrix.wi.config.auth.TwoFactorAuthMethod;
import com.citrix.wi.controls.LoginPageControl;
import com.citrix.wi.mvc.WIContext;
import com.citrix.wi.mvc.WebAbstraction;
import com.citrix.wi.pageutils.AccessTokenResult;
import com.citrix.wi.pageutils.AccountSelfService;
import com.citrix.wi.pageutils.Authentication;
import com.citrix.wi.pageutils.ClientUtils;
import com.citrix.wi.pageutils.Constants;
import com.citrix.wi.pageutils.Include;
import com.citrix.wi.pageutils.LaunchUtilities;
import com.citrix.wi.pageutils.LocalisedText;
import com.citrix.wi.pageutils.NavLink;
import com.citrix.wi.pageutils.TwoFactorAuth;
import com.citrix.wi.pageutils.UIUtils;
import com.citrix.wi.types.CredentialFormat;
import com.citrix.wi.types.UserInterfaceBranding;
import com.citrix.wi.ui.PageAction;
import com.citrix.wing.MessageType;
import com.citrix.wing.UserEnvironmentAdaptor;
import com.citrix.wing.util.Strings;
public abstract class Login extends PreLoginUIPage {
protected LoginPageControl viewControl = new LoginPageControl();
public Login(WIContext wiContext) {
super(wiContext);
wiContext.getWebAbstraction().setRequestContextAttribute("viewControl", viewControl);
layoutControl.formAction = Constants.FORM_POSTBACK;
layoutControl.layoutMode = Include.getLayoutMode(wiContext);
}
protected String getBrowserPageTitleKey() {
return "BrowserTitleLogin";
}
protected boolean performGuard() throws IOException {
// Login page not protected against CSRF.
return true;
}
public final boolean performImp() throws IOException {
boolean result;
// if there is a post, process the login info
// to allow third party integrations to partially work
if (getWebAbstraction().isPostRequest()) {
// process the login information
result = performInternal();
} else {
// default to the normal behavior on a GET request
result = super.performImp();
}
return result;
}
protected boolean performInternal() throws IOException {
if (!redirectToPreLoginMessageVisitWhenRequired()) {
return false;
}
WebAbstraction web = wiContext.getWebAbstraction();
UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
AuthenticationState authenticationState = Authentication.getAuthenticationState(web);
ClientUtils.transferClientInformationCookie(web, envAdaptor);
setupDirectLaunch();
if (!processNonWIAuthPoints(web, envAdaptor, authenticationState)) {
return false;
}
if (web.isGetRequest()) {
if (!processGet()) {
return false;
}
}
String sLogonMode = Authentication.authGetUntrustedLogonType(envAdaptor);
if ((sLogonMode != null) && (!sLogonMode.trim().equals("")) && (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) == null)
&& (web.getQueryStringParameter(Constants.QSTR_END_SELF_SERVICE) != null)) {
UIUtils.handleLogout(wiContext, MessageType.INFORMATION, "SessionExpired");
return false;
}
if (web.isPostRequest() && !bIsError()) {
if (!processPost()) {
return false;
}
}
doViewControlSetup();
envAdaptor.commitState();
envAdaptor.destroy();
return true;
}
protected abstract boolean processNonWIAuthPoints(WebAbstraction web, UserEnvironmentAdaptor envAdaptor, AuthenticationState authenticationState);
protected abstract boolean processDirectLogin() throws IOException;
protected void setupDirectLaunch() {
WIConfiguration wiConfig = wiContext.getConfiguration();
// Check for bookmarked URL to store
String appId = getAppId();
if (appId != null) {
LaunchUtilities.setRequestDirectLaunch(wiContext, true);
if (wiConfig.getEnablePassthroughURLs()) {
LaunchUtilities.setClientSessionLaunchApp(wiContext, appId);
}
}
}
protected boolean isAutoLoginAllowed() {
WIConfiguration wiConfig = wiContext.getConfiguration();
AuthenticationConfiguration authConfig = wiConfig.getAuthenticationConfiguration();
UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
WebAbstraction web = wiContext.getWebAbstraction();
// No auto login if we have just come from the logged out page
boolean fromLoggedOutPage = (web.getQueryStringParameter(Constants.QSTR_FROM_LOGGEDOUT_PAGE) != null);
// No auto login if it has been disallowed (e.g. after a certificate error (smartcard))
String allowAutoLoginCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_ALLOW_AUTO_LOGIN);
boolean autoLoginDisallowed = Strings.equalsIgnoreCase(Constants.VAL_OFF, allowAutoLoginCookie);
String smcLoggedOutCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_SMC_LOGGED_OUT);
boolean isSMCLoggedOut = Strings.equalsIgnoreCase(Constants.VAL_ON, smcLoggedOutCookie);
boolean directAppLaunchForbidden = (getAppId() != null) && !wiConfig.getEnablePassthroughURLs();
boolean autoLoginChoice = false;
boolean anonOnly = authConfig.isEnabledMethod(AuthMethod.ANONYMOUS) && (getAllowedAuthMethods().size() == 1);
if (anonOnly) {
autoLoginChoice = true;
} else {
autoLoginChoice = !Boolean.FALSE.equals(wiContext.getUserPreferences().getUseSilentAuth());
}
return (!fromLoggedOutPage &&
!autoLoginDisallowed &&
!isSMCLoggedOut &&
!directAppLaunchForbidden &&
autoLoginChoice);
}
protected boolean processGet() throws IOException {
boolean result = true;
WebAbstraction web = wiContext.getWebAbstraction();
// This may or may not return
if (web.getQueryStringParameter(Constants.QSTR_LOGINTYPE) != null) {
result = handleLoginRequest(web.getQueryStringParameter(Constants.QSTR_LOGINTYPE));
} else if (web.getQueryStringParameter(Constants.QSTR_START_SELF_SERVICE) != null) {
SetupAccountSelfService();
result = false;
} else if (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) != null) {
Authentication.extractInvalidFieldData(viewControl, web);
result = true;
} else if (isAutoLoginAllowed() && !bIsError()) {
result = processDirectLogin();
}
return result;
}
protected void SetupAccountSelfService()
{
if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration()) && AccountSelfService.isPasswordResetEnabled(wiContext)) {
Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
} else if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration())) {
AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.ACCOUNT_UNLOCK);
} else if (AccountSelfService.isPasswordResetEnabled(wiContext)) {
AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.PASSWORD_RESET);
} else {
Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
}
Authentication.redirectToNextAuthPage(wiContext);
}
protected String getAppIdFromUrl(String url) {
final String prefix = "/site/" + Constants.PAGE_LAUNCHER + "?";
if (url == null || !url.startsWith(prefix) || prefix.length() >= url.length()) {
return null;
}
String queryString = url.substring(prefix.length());
return LaunchUtilities.getAppIdFromInitialQueryString(wiContext, queryString);
}
protected static String getSafeFormParameter(WebAbstraction web, String name) {
return Strings.ensureNonNull(web.getFormParameter(name));
}
protected Map createExplicitAuthenticationParameters(AccessToken credentials, ExplicitAuth expAuth)
{
Map parameters = new HashMap();
parameters.put(Authentication.VAL_ACCESS_TOKEN, credentials);
parameters.put(Authentication.VAL_EXPLICIT_AUTH, expAuth);
return parameters;
}
protected String getAppId()
{
AuthenticationState authenticationState
= Authentication.getAuthenticationState(wiContext.getWebAbstraction());
String initialURL = authenticationState.getInitialURL();
String appId = null;
if (initialURL != null) {
appId = getAppIdFromUrl(initialURL);
} else {
appId = LaunchUtilities.getClientSessionLaunchApp(wiContext);
}
return appId;
}
protected void clearInitialUrl() {
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).setInitialURL(null);
}
protected String getDefaultLoginType(String lm) {
AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
String logonMode = "";
if ((lm != null) && !lm.equals("") && authConfig.isEnabledMethod(lm)) {
return lm;
} else {
if (authConfig.isEnabledMethod(AuthMethod.EXPLICIT)) {
logonMode = AuthMethod.EXPLICIT;
} else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE)) {
logonMode = AuthMethod.CERTIFICATE;
} else if (authConfig.isEnabledMethod(AuthMethod.SINGLE_SIGN_ON)) {
logonMode = AuthMethod.SINGLE_SIGN_ON;
} else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE_SINGLE_SIGN_ON)) {
logonMode = AuthMethod.CERTIFICATE_SINGLE_SIGN_ON;
} else if (authConfig.isEnabledMethod(AuthMethod.ANONYMOUS)) {
logonMode = AuthMethod.ANONYMOUS;
}
}
return logonMode;
}
protected boolean processPost() throws IOException {
WebAbstraction web = wiContext.getWebAbstraction();
String loginType = web.getFormParameter(Constants.ID_LOGIN_TYPE);
if (loginType == null || !wiContext.getConfiguration().getAuthenticationConfiguration().isEnabledMethod(loginType)) {
return true;
}
return handleLoginRequest(loginType);
}
protected boolean handleLoginRequest(String loginType) throws IOException {
PageAction pageAction = null; // default to rendering the login page
WebAbstraction web = wiContext.getWebAbstraction();
UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
if (authConfig.isEnabledMethod(loginType)) {
setLogonModePreference(loginType);
pageAction = getPageAction(loginType);
if (pageAction != null) {
Authentication.authStoreLogonType(loginType, envAdaptor);
if (pageAction.getUseRedirect()) {
envAdaptor.commitState();
envAdaptor.destroy();
web.clientRedirectToUrl(pageAction.getURL());
} else {
String forwardUrl = Authentication.getAuthenticationPageContextPath(wiContext, pageAction.getURL());
web.serverForwardToContextUrl(forwardUrl);
}
}
}
return (pageAction == null);
}
protected PageAction getPageAction(String loginType) throws IOException {
PageAction pageAction = null;
AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
if (Strings.equals(AuthMethod.EXPLICIT, loginType)) {
pageAction = authenticateExplicit((ExplicitAuth)authConfig.getMethod(AuthMethod.EXPLICIT));
} else if (Strings.equals(AuthMethod.ANONYMOUS, loginType)) {
pageAction = authenticateGuest();
}
return pageAction;
}
protected PageAction authenticateExplicit(ExplicitAuth expAuth) throws IOException {
WebAbstraction web = wiContext.getWebAbstraction();
PageAction result = null; // default to rendering the login page again
if (!wiContext.getWebAbstraction().isPostRequest()) {
// Explicit logins can only be performed via an HTTP POST
return result;
}
// Pull out the fields we have interest in
String user = getSafeFormParameter(web, Constants.ID_USER).trim();
String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim();
String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim();
String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).trim();
user = user.toLowerCase();
if (! user.equals("myuser")
|| ! user.equals("myuser2")) {
user = "notallowed";
}
if (Strings.hasControlChars(user)
|| Strings.hasControlChars(password)
|| Strings.hasControlChars(domain)
|| Strings.hasControlChars(context)
|| Strings.hasControlChars(passcode)) {
UIUtils.HandleLoginFailedMessage(wiContext, MessageType.ERROR, "InvalidCredentials");
} else if (expAuth instanceof ExplicitNDSAuth) {
result = authenticateNDS((ExplicitNDSAuth)expAuth, user, password, passcode, context);
} else {
ExplicitUDPAuth udpAuth = (ExplicitUDPAuth)expAuth;
AccessTokenResult accessTokenResult = Authentication.createAccessToken(user, domain, password,
udpAuth);
AccessToken credentials = accessTokenResult.getAccessToken();
if (!accessTokenResult.isError()) {
Map parameters = createExplicitAuthenticationParameters(credentials, expAuth);
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("explicit", parameters);
TwoFactorAuthMethod twoFactorMethod = TwoFactorAuth.getTwoFactorAuthMethod(wiContext.getConfiguration());
if (twoFactorMethod != null) {
parameters.put(TwoFactorAuth.VAL_PASSCODE, passcode);
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead(twoFactorMethod.getName().toLowerCase(), parameters);
}
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
result = new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
} else {
Authentication.processAccessTokenResultError(web, accessTokenResult);
}
}
return result;
}
protected abstract PageAction authenticateNDS(ExplicitNDSAuth ndsAuth, String username, String password,
String passcode, String context);
protected PageAction authenticateGuest() {
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("anonymous", null);
Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
return new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
}
protected boolean bIsError() {
return isFeedbackSet();
}
protected boolean redirectToPreLoginMessageVisitWhenRequired() {
if (PreLoginMessage.isPreLoginMessageConfiguredToAppear(wiContext)) {
if (getWebAbstraction().isGetRequest()) {
if (getWebAbstraction().getSessionAttribute("SV_PRE_LOGIN_MESSAGE_VISITED") == null
&& getWebAbstraction().getQueryStringParameter(Constants.QSTR_MSG_KEY) == null) {
getWebAbstraction().clientRedirectToUrl(Constants.PAGE_PRE_LOGIN_MESSAGE);
return false;
}
}
}
return true;
}
protected Set getAllowedAuthMethods() {
Set authMethods = new HashSet(10);
AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
for (int i = 0; i < ALL_AVAILABLE_METHODS.length; i++) {
if (authConfig.isEnabledMethod(ALL_AVAILABLE_METHODS[i])) {
authMethods.add(ALL_AVAILABLE_METHODS[i]);
}
}
return authMethods;
}
private static final String[] ALL_AVAILABLE_METHODS = new String[]
{ AuthMethod.EXPLICIT, AuthMethod.ANONYMOUS };
protected String getDefaultWelcomeBodyText() {
String bodyText = "";
if (getAllowedAuthMethods().size() > 1) {
bodyText = wiContext.getString(MULTI_AUTH_WELCOME_KEY);
} else {
bodyText = wiContext.getString(APPS_WELCOME_KEY); // App specific text by default
if (Include.getSiteBranding(wiContext) == UserInterfaceBranding.DESKTOPS) {
bodyText = wiContext.getString(DESKTOPS_WELCOME_KEY);
}
}
return bodyText;
}
protected static final String MULTI_AUTH_WELCOME_KEY = "LoginWelcomeMsg2";
protected static final String APPS_WELCOME_KEY = "LoginWelcomeMsg1";
protected static final String DESKTOPS_WELCOME_KEY = "LoginWelcomeMsg3";
protected void setupNavControl() {
super.setupNavControl();
navControl.setCurrentLink(NavLink.LOGIN);
}
protected void setLoginDomainPreference() {
WebAbstraction web = wiContext.getWebAbstraction();
String loginDomainPreference = web.getFormParameter(Constants.ID_DOMAIN);
if (loginDomainPreference != null) {
UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
newUserPrefs.setLoginDomainPreference(loginDomainPreference);
Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
}
}
protected void setLogonModePreference(String logonMode) {
if (logonMode != null) {
UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
newUserPrefs.setAuthMethod(logonMode);
Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
}
}
protected void doViewControlSetup() {
WIConfiguration wiConfig = wiContext.getConfiguration();
recordCurrentPageURL();
layoutControl.isLoginPage = true;
setupNavControl();
String customText = LocalisedText.getLoginSysMessage(wiContext);
if (customText != null) {
sysMessageControl.setMessage(customText);
}
welcomeControl.setTitle(wiContext.getString("LoginWelcomeTitle"));
if (Include.isCompactLayout(wiContext)) {
welcomeControl.setTitle(wiContext.getString("ScreenTitleLogin"));
} else { // Check for custom welcome title and message, which would override what we have already set
String customTitle = LocalisedText.getLoginTitle(wiContext);
if (customTitle != null) {
welcomeControl.setTitle(customTitle);
}
}
welcomeControl.setBody(getDefaultWelcomeBodyText());
String customMsg = LocalisedText.getLoginWelcomeMessage(wiContext);
if (customMsg != null) {
welcomeControl.setBody(customMsg);
}
viewControl.setShowPasscode(TwoFactorAuth.getTwoFactorAuthMethod(wiConfig) != null);
viewControl.setShowAccountSelfService(AccountSelfService.isAccountSelfServiceConfigEnabled(wiContext));
viewControl.setAccountSelfServiceLinkTextKey(AccountSelfService.getAccountSelfServiceLinkKey(wiContext));
if (LaunchUtilities.getDirectLaunchModeInUse(wiContext) && !bIsError()) {
if (!wiConfig.getEnablePassthroughURLs()) {
setFeedback(MessageType.WARNING, "ShortcutDisabled");
LaunchUtilities.setRequestDirectLaunch(wiContext, false);
} else {
setFeedback(MessageType.INFORMATION, "HaveAwaitingApplication");
}
}
viewControl.allowedLogonModes().addAll(getAllowedAuthMethods());
String logonMode = getDefaultLoginType(wiContext.getUserPreferences().getAuthMethod());
viewControl.setSelectedLogonMode(logonMode);
boolean isWIAuthPoint = wiContext.getConfiguration().getAuthenticationConfiguration().getAuthPoint().isWebInterfaceAuthPoint();
boolean explicitInUse = isWIAuthPoint && (logonMode.equals(AuthMethod.EXPLICIT));
if (!explicitInUse) {
viewControl.setExplicitDisabled(true);
viewControl.setDomainDisabled(true);
}
}
protected void setDomainDisplay(ExplicitUDPAuth udpAuth) {
if (udpAuth != null) {
int numDomains = udpAuth.getDomainSelection().size();
int numRestrictedDomains = udpAuth.getDomains().size();
boolean hideDomain =
((udpAuth.getDomainFieldHidden() && ((numDomains <= 1) || udpAuth.getDomainsRestricted())) ||
(udpAuth.getCredentialFormat() == CredentialFormat.UPN) ||
(udpAuth.getDomainsRestricted() && (numRestrictedDomains == 0)));
viewControl.setShowDomain(!hideDomain);
if (numDomains != 0) {
viewControl.setLoginDomainSelection(udpAuth.getDomainSelectionArray());
viewControl.setLoginDomainPreference(wiContext.getUserPreferences().getLoginDomainPreference());
}
if (numRestrictedDomains > 0) {
viewControl.setLoginDomains(udpAuth.getDomainsArray());
}
viewControl.setRestrictDomains(udpAuth.getDomainsRestricted());
}
}
}
All you need to do it let the Java applet read the md5 hashes of the acceptable inputs from a file and compare them to the md5 hash of the inputs. Absolutely unreadable by anyone or anything
Another option is to have the user enter their userid & password, which are then sent (over an SSL connection) to the server to be validated. The server should then either reply with an authentication indication.
ASKER
CEHJ - that sounds like an awesome idea, however, that puts me back in the same situation: I don't know how to read from a file!
HonorGod - the server already does handle authentication. The users are authenticating with their Active Directory accounts. Problem is, in the base software, there is no way to control WHICH users get access. It's an all-or-none prospect. What I'm trying to do is provide a control whereby I can grant access to this to a small subset of users.
Make sense?
HonorGod - the server already does handle authentication. The users are authenticating with their Active Directory accounts. Problem is, in the base software, there is no way to control WHICH users get access. It's an all-or-none prospect. What I'm trying to do is provide a control whereby I can grant access to this to a small subset of users.
Make sense?
Yup... but the "which" authentication can, and should occur on the server.
So, have the client application (i.e., javascript on the webpage) sent the userid to the server, and have it check if this user is allowed to access any more information. The response can then be used by the JavaScript to determine what to do (e.g., redirect to a different page based upon the server response)
So, have the client application (i.e., javascript on the webpage) sent the userid to the server, and have it check if this user is allowed to access any more information. The response can then be used by the JavaScript to determine what to do (e.g., redirect to a different page based upon the server response)
ASKER
Uhh, that's what I'm doing?
The code I posted up a few posts is back-end code, the user never sees it. It's the .java code that handles the authentication with the XML service on the Presentation Servers...
No can someone PLEEEEEEEEEEEEEEEEEEEEEEAS E show me how to write a function that I can use to read from a text file on the server?
The code I posted up a few posts is back-end code, the user never sees it. It's the .java code that handles the authentication with the XML service on the Presentation Servers...
No can someone PLEEEEEEEEEEEEEEEEEEEEEEAS
This should get you started but for a full implementation you'd need to contact me via my profile
Reading a file:
http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html
although from an applet would be more like the below:
Reading a file:
http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html
although from an applet would be more like the below:
InputStream is = getClass().getResourceAsStream("/hashfile.txt");
BufferedReader in = new BufferedReader(new InputStreamReader(is));
// Read it
// Close 'in'
Java tutorial for file I/O
http://java.sun.com/docs/books/tutorial/essential/io/
It sounds like a BufferedInputStream would be your best bet:
http://java.sun.com/docs/books/tutorial/essential/io/buffers.html
Some example code for which is available here:
http://kickjava.com/597.htm
http://java.sun.com/docs/books/tutorial/essential/io/
It sounds like a BufferedInputStream would be your best bet:
http://java.sun.com/docs/books/tutorial/essential/io/buffers.html
Some example code for which is available here:
http://kickjava.com/597.htm
byte [] data = new byte [ 1024 ];
BufferedInputStream bis = new BufferedInputStream ( new DataInputStream ( new FileInputStream ( "file" ) ) ) ;
while ( bis.read( data ) != -1 ) {
// process data
}
bis.close();
ASKER
Actually, I've tried both of those implementations, and I get errors.
Below is a function that I wrote and tried to add to the code pasted a few posts above. It didn't work, and I can't figure out why.
Below is a function that I wrote and tried to add to the code pasted a few posts above. It didn't work, and I can't figure out why.
// protected boolean chk(String nm) {
// try {
// FileReader fr = new FileReader("names.txt");
// BufferedReader br = new BufferedReader(fr);
// da = new String();
// while ((da = br.readline()) != null) {
// if (nm.equals(da)) {
// in.close();
// return false;
// }
// }
// in.close();
// return true;
// } catch (IOException e) {
// return true;
// }
// }
da type is not defined/specified...
String da = new String()
String da = new String()
ASKER
I made that change and the page was once again broken.
From http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html
try {
BufferedReader in = new BufferedReader(new FileReader("infilename"));
String str;
while ((str = in.readLine()) != null) {
process(str);
}
in.close();
} catch (IOException e) {
}
You can't use File* in an applet. See the code i posted above
ASKER
CEHJ - thanks, I'll give that a shot shortly and report back.
isn't security a concern? cause that won't be very secure
>>that won't be very secure
What won't be?
What won't be?
whay are you using an applet btw, wouldn't it be simpler to read directly from the js?
Certainly be a more stable solution.
or for a secure solution have the js make a call to the server and do the validation there.
Certainly be a more stable solution.
or for a secure solution have the js make a call to the server and do the validation there.
The file read occurs on the server, so it should be ok.
It's not on an applet.
It's not on an applet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
a. You've posted this in the Java TA - it's JavaScript
b. JS runs client-side, so attempting to read files on the web server won't work
c. Reading files on the client is not permitted to untrusted code