How do I read from a text file using JavaScript in an ASPX page?

Several points here:

a. You've posted this in the Java TA - it's JavaScript
b. JS runs client-side, so attempting to read files on the web server won't work
c. Reading files on the client is not permitted to untrusted code

d. The code that you have is IE specific.

You should probably just send another request to the server to fill, say, an iframe with the file

Thank you for your input.  To address:

a:  I posted it in Javascript and Java, in the hopes that it might be seen by more people.  JS is the primary zone.
b:  Ok, then how can I accomplish this?
c:  I don't need to read anything on the client, I need to read a file on the server.  I don't want to put the values directly in my code for fear someone could just right click -> view source, and then see the list of acceptable inputs.


Any insight?

Thanks in advance,
Exx

CEHJ - how would I go about doing that?  My main goal is to ensure that the values I am working with cannot be seen by someone looking at the webpage, nor can they be seen if you do a right click -> view source..  

Thanks!

Forget it, I found some JAVA code that back-ended this and was able to implement it there.

Thanks anyways guys.

>>I don't need to read anything on the client, I need to read a file on the server

I know the file is on the server - you would be reading on the client in JS, as that's where JS runs

exx1976,

Are you sorted here, or do you still need help?

Actually...   LOL

I have a solution, but it's not what I want.

I found some .java files that back-end the .js stuff, and so I hard-coded my list of acceptable inputs into the .java files.   However, this is ugly, and since they are subject to change (not frequent, but enough), it likely won't be good in the long run.   It does work, but being able to simply enter them in a text file, one per line, would be an immense help.

Problem is, I can't recall anything from college about writing .java functions, and declaring them, and classes, and everything else.  I have like 25 .java files, and I suspect I'd have to write a fresh one, declare the class, the constructors, etc etc, just to get it to read from a file.  Unless I can find some solid examples, it's a bit much to figure out on my own.

if you just need your server to return a file then you could simply have the web server serve it up.

What I need to do is pass the contents of the file into a .java applet as an array of strings.  Then I need to compare the values in that array against the contents of an inputbox that a user has filled in.  If their input doesn't match one of the values in the array, then they get bounced.  Obviously I cannot let the users see the contents of this file, ever..

Suggestions?

I would think that it safer to have the java applet read the file.  Since it would be converted to java byte code, the end user would be much less likely to have some mechanism to read the values of java variables during execution.

With JavaScript, the user could use something like FireBug to single step through the code and display the file contents...

or is this a moot point because the file should exist on the user machine anyway?

> Obviously I cannot let the users see the contents of this file, ever..

thats going to tricky, if you're js/applet are going to have access to it then so can the user.
If you have to guarantee the security of the file then checking will need to be done server side.

Yes, the .java code that executes is done solely on the server-side.  It's part of a <post> page that the user doesn't ever see.  What I'm trying to do is modify part of the authentication routines to control the users that are able to login.

This is what I have done.

The relevant portion is about halfway through the code:

String user = getSafeFormParameter(web, Constants.ID_USER).trim();
        String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
        String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim();
        String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim();
        String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).trim();

      user = user.toLowerCase();
      if (! user.equals("myuser")
                       || ! user.equals("myuser2")) {
            user = "notallowed";
      }

So basically, if the username supplied to login is not myuser or myuser2, I'm changing the username to some non-existent user account that will cause the cite to return "Invalid Credentials".

What I'd like to be able to do is to get an array of user names from a text file (or an XML file if necessary) on the server, and load the names into an array of strings.  Then I can simply call a function to compare the username that was input on the website against that array, and return a boolean that will tell whether the user should be allowed to login or not.

package com.citrix.wi.pages.auth;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import com.citrix.authentication.tokens.AccessToken;
import com.citrix.authentication.web.AuthenticationState;
import com.citrix.wi.UserPreferences;
import com.citrix.wi.accountselfservice.AccountTask;
import com.citrix.wi.config.AuthenticationConfiguration;
import com.citrix.wi.config.WIConfiguration;
import com.citrix.wi.config.auth.AuthMethod;
import com.citrix.wi.config.auth.ExplicitAuth;
import com.citrix.wi.config.auth.ExplicitNDSAuth;
import com.citrix.wi.config.auth.ExplicitUDPAuth;
import com.citrix.wi.config.auth.TwoFactorAuthMethod;
import com.citrix.wi.controls.LoginPageControl;
import com.citrix.wi.mvc.WIContext;
import com.citrix.wi.mvc.WebAbstraction;
import com.citrix.wi.pageutils.AccessTokenResult;
import com.citrix.wi.pageutils.AccountSelfService;
import com.citrix.wi.pageutils.Authentication;
import com.citrix.wi.pageutils.ClientUtils;
import com.citrix.wi.pageutils.Constants;
import com.citrix.wi.pageutils.Include;
import com.citrix.wi.pageutils.LaunchUtilities;
import com.citrix.wi.pageutils.LocalisedText;
import com.citrix.wi.pageutils.NavLink;
import com.citrix.wi.pageutils.TwoFactorAuth;
import com.citrix.wi.pageutils.UIUtils;
import com.citrix.wi.types.CredentialFormat;
import com.citrix.wi.types.UserInterfaceBranding;
import com.citrix.wi.ui.PageAction;
import com.citrix.wing.MessageType;
import com.citrix.wing.UserEnvironmentAdaptor;
import com.citrix.wing.util.Strings;
 
public abstract class Login extends PreLoginUIPage {
 
    protected LoginPageControl viewControl = new LoginPageControl();
 
    public Login(WIContext wiContext) {
        super(wiContext);
        wiContext.getWebAbstraction().setRequestContextAttribute("viewControl", viewControl);
        layoutControl.formAction = Constants.FORM_POSTBACK;
        layoutControl.layoutMode = Include.getLayoutMode(wiContext);
    }
 
    protected String getBrowserPageTitleKey() {
        return "BrowserTitleLogin";
    }
 
    protected boolean performGuard() throws IOException {
        // Login page not protected against CSRF.
        return true;
    }
 
    public final boolean performImp() throws IOException {
        boolean result;
        // if there is a post, process the login info
        // to allow third party integrations to partially work
        if (getWebAbstraction().isPostRequest()) {
            // process the login information
            result = performInternal();
        } else {
            // default to the normal behavior on a GET request
            result = super.performImp();
        }
        return result;
    }
 
    protected boolean performInternal() throws IOException {
        if (!redirectToPreLoginMessageVisitWhenRequired()) {
            return false;
        }
 
 
        WebAbstraction web = wiContext.getWebAbstraction();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        AuthenticationState authenticationState = Authentication.getAuthenticationState(web);
 
        ClientUtils.transferClientInformationCookie(web, envAdaptor);
 
        setupDirectLaunch();
 
        if (!processNonWIAuthPoints(web, envAdaptor, authenticationState)) {
            return false;
        }
 
        if (web.isGetRequest()) {
            if (!processGet()) {
                return false;
            }
        }
 
        String sLogonMode = Authentication.authGetUntrustedLogonType(envAdaptor);
        if ((sLogonMode != null) && (!sLogonMode.trim().equals("")) && (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) == null)
             && (web.getQueryStringParameter(Constants.QSTR_END_SELF_SERVICE) != null)) {
            UIUtils.handleLogout(wiContext, MessageType.INFORMATION, "SessionExpired");
            return false;
        }
 
        if (web.isPostRequest() && !bIsError()) {
            if (!processPost()) {
                return false;
            }
        }
 
        doViewControlSetup();
 
        envAdaptor.commitState();
        envAdaptor.destroy();
 
        return true;
    }
 
    protected abstract boolean processNonWIAuthPoints(WebAbstraction web, UserEnvironmentAdaptor envAdaptor, AuthenticationState authenticationState);
 
    protected abstract boolean processDirectLogin() throws IOException;
 
    protected void setupDirectLaunch() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
 
        // Check for bookmarked URL to store
        String appId = getAppId();
        if (appId != null) {
            LaunchUtilities.setRequestDirectLaunch(wiContext, true);
            if (wiConfig.getEnablePassthroughURLs()) {
                LaunchUtilities.setClientSessionLaunchApp(wiContext, appId);
            }
        }
    }
 
    protected boolean isAutoLoginAllowed() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
        AuthenticationConfiguration authConfig = wiConfig.getAuthenticationConfiguration();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        WebAbstraction web = wiContext.getWebAbstraction();
 
        // No auto login if we have just come from the logged out page
        boolean fromLoggedOutPage = (web.getQueryStringParameter(Constants.QSTR_FROM_LOGGEDOUT_PAGE) != null);
 
        // No auto login if it has been disallowed (e.g. after a certificate error (smartcard))
        String allowAutoLoginCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_ALLOW_AUTO_LOGIN);
        boolean autoLoginDisallowed = Strings.equalsIgnoreCase(Constants.VAL_OFF, allowAutoLoginCookie);
 
        String smcLoggedOutCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_SMC_LOGGED_OUT);
        boolean isSMCLoggedOut = Strings.equalsIgnoreCase(Constants.VAL_ON, smcLoggedOutCookie);
 
        boolean directAppLaunchForbidden = (getAppId() != null) && !wiConfig.getEnablePassthroughURLs();
 
        boolean autoLoginChoice = false;
        boolean anonOnly = authConfig.isEnabledMethod(AuthMethod.ANONYMOUS) && (getAllowedAuthMethods().size() == 1);
 
        if (anonOnly) {
            autoLoginChoice = true;
        } else {
            autoLoginChoice = !Boolean.FALSE.equals(wiContext.getUserPreferences().getUseSilentAuth());
        }
 
        return (!fromLoggedOutPage &&
                !autoLoginDisallowed &&
                !isSMCLoggedOut &&
                !directAppLaunchForbidden &&
                autoLoginChoice);
    }
 
    protected boolean processGet() throws IOException {
        boolean result = true;
 
        WebAbstraction web = wiContext.getWebAbstraction();
 
        // This may or may not return
        if (web.getQueryStringParameter(Constants.QSTR_LOGINTYPE) != null) {
            result = handleLoginRequest(web.getQueryStringParameter(Constants.QSTR_LOGINTYPE));
        } else if (web.getQueryStringParameter(Constants.QSTR_START_SELF_SERVICE) != null) {
            SetupAccountSelfService();
            result = false;
        } else if (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) != null) {
 
            Authentication.extractInvalidFieldData(viewControl, web);
 
            result = true;
        } else if (isAutoLoginAllowed() && !bIsError()) {
            result = processDirectLogin();
        }
 
        return result;
    }
 
    protected void SetupAccountSelfService()
    {
        if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration()) && AccountSelfService.isPasswordResetEnabled(wiContext)) {
            Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
        } else if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration())) {
            AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.ACCOUNT_UNLOCK);
        } else if (AccountSelfService.isPasswordResetEnabled(wiContext)) {
            AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.PASSWORD_RESET);
        } else {
            Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
        }
 
        Authentication.redirectToNextAuthPage(wiContext);
    }
 
    protected String getAppIdFromUrl(String url) {
        final String prefix = "/site/" + Constants.PAGE_LAUNCHER + "?";
 
        if (url == null || !url.startsWith(prefix) || prefix.length() >= url.length()) {
            return null;
        }
        String queryString = url.substring(prefix.length());
 
        return LaunchUtilities.getAppIdFromInitialQueryString(wiContext, queryString);
    }
 
    protected static String getSafeFormParameter(WebAbstraction web, String name) {
        return Strings.ensureNonNull(web.getFormParameter(name));
    }
 
    protected Map createExplicitAuthenticationParameters(AccessToken credentials, ExplicitAuth expAuth)
    {
        Map parameters = new HashMap();
        parameters.put(Authentication.VAL_ACCESS_TOKEN, credentials);
        parameters.put(Authentication.VAL_EXPLICIT_AUTH, expAuth);
 
        return parameters;
    }
 
    protected String getAppId()
    {
        AuthenticationState authenticationState
            = Authentication.getAuthenticationState(wiContext.getWebAbstraction());
 
        String initialURL = authenticationState.getInitialURL();
        String appId = null;
 
        if (initialURL != null) {
            appId = getAppIdFromUrl(initialURL);
        } else {
            appId = LaunchUtilities.getClientSessionLaunchApp(wiContext);
        }
        return appId;
    }
 
    protected void clearInitialUrl() {
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).setInitialURL(null);
    }
 
    protected String getDefaultLoginType(String lm) {
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        String logonMode = "";
 
        if ((lm != null) && !lm.equals("") && authConfig.isEnabledMethod(lm)) {
            return lm;
        } else {
 
            if (authConfig.isEnabledMethod(AuthMethod.EXPLICIT)) {
                logonMode = AuthMethod.EXPLICIT;
            } else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE)) {
                logonMode = AuthMethod.CERTIFICATE;
            } else if (authConfig.isEnabledMethod(AuthMethod.SINGLE_SIGN_ON)) {
                logonMode = AuthMethod.SINGLE_SIGN_ON;
            } else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE_SINGLE_SIGN_ON)) {
                logonMode = AuthMethod.CERTIFICATE_SINGLE_SIGN_ON;
            } else if (authConfig.isEnabledMethod(AuthMethod.ANONYMOUS)) {
                logonMode = AuthMethod.ANONYMOUS;
            }
        }
        return logonMode;
    }
 
    protected boolean processPost() throws IOException {
        WebAbstraction web = wiContext.getWebAbstraction();
 
        String loginType = web.getFormParameter(Constants.ID_LOGIN_TYPE);
 
        if (loginType == null || !wiContext.getConfiguration().getAuthenticationConfiguration().isEnabledMethod(loginType)) {
            return true;
        }
 
        return handleLoginRequest(loginType);
    }
 
    protected boolean handleLoginRequest(String loginType) throws IOException {
        PageAction pageAction = null; // default to rendering the login page
 
        WebAbstraction web = wiContext.getWebAbstraction();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        if (authConfig.isEnabledMethod(loginType)) {
 
            setLogonModePreference(loginType);
 
            pageAction = getPageAction(loginType);
 
            if (pageAction != null) {
                Authentication.authStoreLogonType(loginType, envAdaptor);
 
                if (pageAction.getUseRedirect()) {
                    envAdaptor.commitState();
                    envAdaptor.destroy();
                    web.clientRedirectToUrl(pageAction.getURL());
                } else {
                    String forwardUrl = Authentication.getAuthenticationPageContextPath(wiContext, pageAction.getURL());
                    web.serverForwardToContextUrl(forwardUrl);
                }
            }
        }
 
        return (pageAction == null);
    }
 
    protected PageAction getPageAction(String loginType) throws IOException {
        PageAction pageAction = null;
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        if (Strings.equals(AuthMethod.EXPLICIT, loginType)) {
            pageAction = authenticateExplicit((ExplicitAuth)authConfig.getMethod(AuthMethod.EXPLICIT));
        } else if (Strings.equals(AuthMethod.ANONYMOUS, loginType)) {
            pageAction = authenticateGuest();
        }
 
        return pageAction;
    }
 
    protected PageAction authenticateExplicit(ExplicitAuth expAuth) throws IOException {
        WebAbstraction web = wiContext.getWebAbstraction();
        PageAction result = null; // default to rendering the login page again
 
        if (!wiContext.getWebAbstraction().isPostRequest()) {
            // Explicit logins can only be performed via an HTTP POST
            return result;
        }
 
        // Pull out the fields we have interest in
        String user = getSafeFormParameter(web, Constants.ID_USER).trim();
        String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
        String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim();
        String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim();
        String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).trim();
 
	user = user.toLowerCase();
	if (! user.equals("myuser")
               || ! user.equals("myuser2")) {
		user = "notallowed";
	}
 
        if (Strings.hasControlChars(user)
            || Strings.hasControlChars(password)
            || Strings.hasControlChars(domain)
            || Strings.hasControlChars(context)
            || Strings.hasControlChars(passcode)) {
            UIUtils.HandleLoginFailedMessage(wiContext, MessageType.ERROR, "InvalidCredentials");
        } else if (expAuth instanceof ExplicitNDSAuth) {
            result = authenticateNDS((ExplicitNDSAuth)expAuth, user, password, passcode, context);
        } else {
            ExplicitUDPAuth udpAuth = (ExplicitUDPAuth)expAuth;
 
            AccessTokenResult accessTokenResult = Authentication.createAccessToken(user, domain, password,
                udpAuth);
            AccessToken credentials = accessTokenResult.getAccessToken();
 
            if (!accessTokenResult.isError()) {
                Map parameters = createExplicitAuthenticationParameters(credentials, expAuth);
 
                Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("explicit", parameters);
 
                TwoFactorAuthMethod twoFactorMethod = TwoFactorAuth.getTwoFactorAuthMethod(wiContext.getConfiguration());
                if (twoFactorMethod != null) {
                    parameters.put(TwoFactorAuth.VAL_PASSCODE, passcode);
                    Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead(twoFactorMethod.getName().toLowerCase(), parameters);
                }
 
                Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
 
                result = new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
            } else {
                Authentication.processAccessTokenResultError(web, accessTokenResult);
            }
        }
        return result;
    }
 
    protected abstract PageAction authenticateNDS(ExplicitNDSAuth ndsAuth, String username, String password,
            String passcode, String context);
 
    protected PageAction authenticateGuest() {
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("anonymous", null);
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
        return new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
    }
 
    protected boolean bIsError() {
        return isFeedbackSet();
    }
 
    protected boolean redirectToPreLoginMessageVisitWhenRequired() {
        if (PreLoginMessage.isPreLoginMessageConfiguredToAppear(wiContext)) {
            if (getWebAbstraction().isGetRequest()) {
                if (getWebAbstraction().getSessionAttribute("SV_PRE_LOGIN_MESSAGE_VISITED") == null
                      && getWebAbstraction().getQueryStringParameter(Constants.QSTR_MSG_KEY) == null) {
                    getWebAbstraction().clientRedirectToUrl(Constants.PAGE_PRE_LOGIN_MESSAGE);
                    return false;
                }
            }
        }
        return true;
    }
 
    protected Set getAllowedAuthMethods() {
        Set authMethods = new HashSet(10);
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        for (int i = 0; i < ALL_AVAILABLE_METHODS.length; i++) {
            if (authConfig.isEnabledMethod(ALL_AVAILABLE_METHODS[i])) {
                authMethods.add(ALL_AVAILABLE_METHODS[i]);
            }
        }
 
        return authMethods;
    }
 
    private static final String[] ALL_AVAILABLE_METHODS = new String[]
                                      { AuthMethod.EXPLICIT, AuthMethod.ANONYMOUS };
 
    protected String getDefaultWelcomeBodyText() {
        String bodyText = "";
 
        if (getAllowedAuthMethods().size() > 1) {
            bodyText = wiContext.getString(MULTI_AUTH_WELCOME_KEY);
        } else {
            bodyText = wiContext.getString(APPS_WELCOME_KEY); // App specific text by default
 
            if (Include.getSiteBranding(wiContext) == UserInterfaceBranding.DESKTOPS) {
                bodyText = wiContext.getString(DESKTOPS_WELCOME_KEY);
            }
        }
 
        return bodyText;
    }
 
    protected static final String MULTI_AUTH_WELCOME_KEY = "LoginWelcomeMsg2";
    protected static final String APPS_WELCOME_KEY = "LoginWelcomeMsg1";
    protected static final String DESKTOPS_WELCOME_KEY = "LoginWelcomeMsg3";
 
    protected void setupNavControl() {
        super.setupNavControl();
        navControl.setCurrentLink(NavLink.LOGIN);
    }
 
    protected void setLoginDomainPreference() {
 
        WebAbstraction web = wiContext.getWebAbstraction();
        String loginDomainPreference = web.getFormParameter(Constants.ID_DOMAIN);
 
        if (loginDomainPreference != null) {
            UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
            newUserPrefs.setLoginDomainPreference(loginDomainPreference);
            Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
        }
    }
 
    protected void setLogonModePreference(String logonMode) {
        if (logonMode != null) {
            UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
            newUserPrefs.setAuthMethod(logonMode);
            Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
        }
    }
 
    protected void doViewControlSetup() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
 
        recordCurrentPageURL();
        layoutControl.isLoginPage = true;
 
        setupNavControl();
 
        String customText = LocalisedText.getLoginSysMessage(wiContext);
        if (customText != null) {
            sysMessageControl.setMessage(customText);
        }
 
        welcomeControl.setTitle(wiContext.getString("LoginWelcomeTitle"));
 
        if (Include.isCompactLayout(wiContext)) {
            welcomeControl.setTitle(wiContext.getString("ScreenTitleLogin"));
        } else { // Check for custom welcome title and message, which would override what we have already set
            String customTitle = LocalisedText.getLoginTitle(wiContext);
            if (customTitle != null) {
                welcomeControl.setTitle(customTitle);
            }
        }
 
        welcomeControl.setBody(getDefaultWelcomeBodyText());
 
        String customMsg = LocalisedText.getLoginWelcomeMessage(wiContext);
        if (customMsg != null) {
            welcomeControl.setBody(customMsg);
        }
 
        viewControl.setShowPasscode(TwoFactorAuth.getTwoFactorAuthMethod(wiConfig) != null);
 
        viewControl.setShowAccountSelfService(AccountSelfService.isAccountSelfServiceConfigEnabled(wiContext));
        viewControl.setAccountSelfServiceLinkTextKey(AccountSelfService.getAccountSelfServiceLinkKey(wiContext));
 
        if (LaunchUtilities.getDirectLaunchModeInUse(wiContext) && !bIsError()) {
            if (!wiConfig.getEnablePassthroughURLs()) {
                setFeedback(MessageType.WARNING, "ShortcutDisabled");
                LaunchUtilities.setRequestDirectLaunch(wiContext, false);
            } else {
                setFeedback(MessageType.INFORMATION, "HaveAwaitingApplication");
            }
        }
 
        viewControl.allowedLogonModes().addAll(getAllowedAuthMethods());
 
        String logonMode = getDefaultLoginType(wiContext.getUserPreferences().getAuthMethod());
        viewControl.setSelectedLogonMode(logonMode);
 
        boolean isWIAuthPoint = wiContext.getConfiguration().getAuthenticationConfiguration().getAuthPoint().isWebInterfaceAuthPoint();
        boolean explicitInUse = isWIAuthPoint && (logonMode.equals(AuthMethod.EXPLICIT));
 
        if (!explicitInUse) {
            viewControl.setExplicitDisabled(true);
            viewControl.setDomainDisabled(true);
        }
    }
 
    protected void setDomainDisplay(ExplicitUDPAuth udpAuth) {
        if (udpAuth != null) {
            int numDomains = udpAuth.getDomainSelection().size();
            int numRestrictedDomains = udpAuth.getDomains().size();
 
            boolean hideDomain =
                ((udpAuth.getDomainFieldHidden() && ((numDomains <= 1) || udpAuth.getDomainsRestricted())) ||
                 (udpAuth.getCredentialFormat() == CredentialFormat.UPN) ||
                 (udpAuth.getDomainsRestricted() && (numRestrictedDomains == 0)));
            viewControl.setShowDomain(!hideDomain);
 
            if (numDomains != 0) {
                viewControl.setLoginDomainSelection(udpAuth.getDomainSelectionArray());
                viewControl.setLoginDomainPreference(wiContext.getUserPreferences().getLoginDomainPreference());
            }
            if (numRestrictedDomains > 0) {
                viewControl.setLoginDomains(udpAuth.getDomainsArray());
            }
            viewControl.setRestrictDomains(udpAuth.getDomainsRestricted());
        }
    }
}

Select allOpen in new window

All you need to do it let the Java applet read the md5 hashes of the acceptable inputs from a file and compare them to the md5 hash of the inputs. Absolutely unreadable by anyone or anything

Another option is to have the user enter their userid & password, which are then sent (over an SSL connection) to the server to be validated.  The server should then either reply with an authentication indication.

CEHJ - that sounds like an awesome idea, however, that puts me back in the same situation:   I don't know how to read from a file!

HonorGod - the server already does handle authentication.  The users are authenticating with their Active Directory accounts.  Problem is, in the base software, there is no way to control WHICH users get access.  It's an all-or-none prospect.  What I'm trying to do is provide a control whereby I can grant access to this to a small subset of users.

Make sense?

Yup... but the "which" authentication can, and should occur on the server.
So, have the client application (i.e., javascript on the webpage) sent the userid to the server, and have it check if this user is allowed to access any more information.  The response can then be used by the JavaScript to determine what to do (e.g., redirect to a different page based upon the server response)

Uhh, that's what I'm doing?

The code I posted up a few posts is back-end code, the user never sees it.  It's the .java code that handles the authentication with the XML service on the Presentation Servers...

No can someone PLEEEEEEEEEEEEEEEEEEEEEEASE show me how to write a function that I can use to read from a text file on the server?

This should get you started but for a full implementation you'd need to contact me via my profile

Reading a file:

http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html

although from an applet would be more like the below:

InputStream is = getClass().getResourceAsStream("/hashfile.txt");
BufferedReader in = new BufferedReader(new InputStreamReader(is));
// Read it
// Close 'in'

Select allOpen in new window

Java tutorial for file I/O
http://java.sun.com/docs/books/tutorial/essential/io/

It sounds like a BufferedInputStream would be your best bet:
http://java.sun.com/docs/books/tutorial/essential/io/buffers.html

Some example code for which is available here:
http://kickjava.com/597.htm

byte [] data = new byte [ 1024 ];
BufferedInputStream bis  = new BufferedInputStream ( new DataInputStream ( new FileInputStream ( "file" )  )  ) ; 
while ( bis.read( data ) != -1 ) {  
  // process data
}  
bis.close();

Select allOpen in new window

Actually, I've tried both of those implementations, and I get errors.

Below is a function that I wrote and tried to add to the code pasted a few posts above.  It didn't work, and I can't figure out why.

//    protected boolean chk(String nm) {
//	try {
//	    FileReader fr = new FileReader("names.txt");
//	    BufferedReader br = new BufferedReader(fr);
//	    da = new String();
//	    while ((da = br.readline()) != null) {
//		if (nm.equals(da)) {
//		  in.close();
//		  return false;
//	        }
//	    }
//	    in.close();
//	    return true;
//	} catch (IOException e) {
//	    return true;
//	}
//    }

Select allOpen in new window

da type is not defined/specified...

  String da = new String()

I made that change and the page was once again broken.

From http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html

try {
  BufferedReader in = new BufferedReader(new FileReader("infilename"));
  String str;
  while ((str = in.readLine()) != null) {
    process(str);
  }
  in.close();
} catch (IOException e) {
}

Select allOpen in new window

You can't use File* in an applet. See the code i posted above

CEHJ - thanks, I'll give that a shot shortly and report back.

isn't security a concern? cause that won't be very secure

>>that won't be very secure

What won't be?

whay are you using an applet btw, wouldn't it be simpler to read directly from the js?
Certainly be a more stable solution.

or for a secure solution have the js make a call to the server and do the validation there.

The file read occurs on the server, so it should be ok.

It's not on an applet.