Avatar of exx1976
exx1976
Flag for United States of America asked on

How do I read from a text file using JavaScript in an ASPX page?

I am trying to read the contents of a text file (it could be an XML file if need be, any type of file) into the JS on the web page so that I can compare user input against a list of allowed inputs.  Can anyone throw up some code as to how to do this?  I'm not really too strong on JS, I'm more of a VBS kinda guy, but this whole site is already written in JS.

Here's what I've written so far, please feel free to hack it up/make it work by any means possible.

Thanks!
function check(Name){
	var data = "";
	var fileObj = new ActiveXObject("Scripting.FileSystemObject");
	if (fileObj.FileExists("C:\Inetpub\wwwroot\Citrix\XenApp\auth\clientscripts\names.txt")) {
		var f = fileObj.GetFile("C:\Inetpub\wwwroot\Citrix\XenApp\auth\clientscripts\name.txt",1);
		var ts = f.OpenAsTextStream(1,0);
		while (!f.AtEndOfStream) {
			data = ts.ReadLine();
			if (data == Name) {
				txtStream.Close();
				return true;
			}
		}
		txtStream.Close();
	}
	return false;
}

Open in new window

JavaScriptJScriptJava

Avatar of undefined
Last Comment
Mick Barry

8/22/2022 - Mon
CEHJ

Several points here:

a. You've posted this in the Java TA - it's JavaScript
b. JS runs client-side, so attempting to read files on the web server won't work
c. Reading files on the client is not permitted to untrusted code
HonorGod

d. The code that you have is IE specific.
CEHJ

You should probably just send another request to the server to fill, say, an iframe with the file
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
exx1976

ASKER
Thank you for your input.  To address:

a:  I posted it in Javascript and Java, in the hopes that it might be seen by more people.  JS is the primary zone.
b:  Ok, then how can I accomplish this?
c:  I don't need to read anything on the client, I need to read a file on the server.  I don't want to put the values directly in my code for fear someone could just right click -> view source, and then see the list of acceptable inputs.


Any insight?

Thanks in advance,
Exx
exx1976

ASKER
CEHJ - how would I go about doing that?  My main goal is to ensure that the values I am working with cannot be seen by someone looking at the webpage, nor can they be seen if you do a right click -> view source..  

Thanks!
exx1976

ASKER
Forget it, I found some JAVA code that back-ended this and was able to implement it there.

Thanks anyways guys.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
CEHJ

>>I don't need to read anything on the client, I need to read a file on the server

I know the file is on the server - you would be reading on the client in JS, as that's where JS runs
Mick Barry

exx1976,

Are you sorted here, or do you still need help?

exx1976

ASKER
Actually...   LOL

I have a solution, but it's not what I want.

I found some .java files that back-end the .js stuff, and so I hard-coded my list of acceptable inputs into the .java files.   However, this is ugly, and since they are subject to change (not frequent, but enough), it likely won't be good in the long run.   It does work, but being able to simply enter them in a text file, one per line, would be an immense help.

Problem is, I can't recall anything from college about writing .java functions, and declaring them, and classes, and everything else.  I have like 25 .java files, and I suspect I'd have to write a fresh one, declare the class, the constructors, etc etc, just to get it to read from a file.  Unless I can find some solid examples, it's a bit much to figure out on my own.

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Mick Barry

if you just need your server to return a file then you could simply have the web server serve it up.

exx1976

ASKER
What I need to do is pass the contents of the file into a .java applet as an array of strings.  Then I need to compare the values in that array against the contents of an inputbox that a user has filled in.  If their input doesn't match one of the values in the array, then they get bounced.  Obviously I cannot let the users see the contents of this file, ever..

Suggestions?
HonorGod

I would think that it safer to have the java applet read the file.  Since it would be converted to java byte code, the end user would be much less likely to have some mechanism to read the values of java variables during execution.

With JavaScript, the user could use something like FireBug to single step through the code and display the file contents...

or is this a moot point because the file should exist on the user machine anyway?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Mick Barry

> Obviously I cannot let the users see the contents of this file, ever..

thats going to tricky, if you're js/applet are going to have access to it then so can the user.
If you have to guarantee the security of the file then checking will need to be done server side.

exx1976

ASKER
Yes, the .java code that executes is done solely on the server-side.  It's part of a <post> page that the user doesn't ever see.  What I'm trying to do is modify part of the authentication routines to control the users that are able to login.

This is what I have done.

The relevant portion is about halfway through the code:

String user = getSafeFormParameter(web, Constants.ID_USER).trim();
        String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
        String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim();
        String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim();
        String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).trim();

      user = user.toLowerCase();
      if (! user.equals("myuser")
                       || ! user.equals("myuser2")) {
            user = "notallowed";
      }

So basically, if the username supplied to login is not myuser or myuser2, I'm changing the username to some non-existent user account that will cause the cite to return "Invalid Credentials".

What I'd like to be able to do is to get an array of user names from a text file (or an XML file if necessary) on the server, and load the names into an array of strings.  Then I can simply call a function to compare the username that was input on the website against that array, and return a boolean that will tell whether the user should be allowed to login or not.
package com.citrix.wi.pages.auth;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import com.citrix.authentication.tokens.AccessToken;
import com.citrix.authentication.web.AuthenticationState;
import com.citrix.wi.UserPreferences;
import com.citrix.wi.accountselfservice.AccountTask;
import com.citrix.wi.config.AuthenticationConfiguration;
import com.citrix.wi.config.WIConfiguration;
import com.citrix.wi.config.auth.AuthMethod;
import com.citrix.wi.config.auth.ExplicitAuth;
import com.citrix.wi.config.auth.ExplicitNDSAuth;
import com.citrix.wi.config.auth.ExplicitUDPAuth;
import com.citrix.wi.config.auth.TwoFactorAuthMethod;
import com.citrix.wi.controls.LoginPageControl;
import com.citrix.wi.mvc.WIContext;
import com.citrix.wi.mvc.WebAbstraction;
import com.citrix.wi.pageutils.AccessTokenResult;
import com.citrix.wi.pageutils.AccountSelfService;
import com.citrix.wi.pageutils.Authentication;
import com.citrix.wi.pageutils.ClientUtils;
import com.citrix.wi.pageutils.Constants;
import com.citrix.wi.pageutils.Include;
import com.citrix.wi.pageutils.LaunchUtilities;
import com.citrix.wi.pageutils.LocalisedText;
import com.citrix.wi.pageutils.NavLink;
import com.citrix.wi.pageutils.TwoFactorAuth;
import com.citrix.wi.pageutils.UIUtils;
import com.citrix.wi.types.CredentialFormat;
import com.citrix.wi.types.UserInterfaceBranding;
import com.citrix.wi.ui.PageAction;
import com.citrix.wing.MessageType;
import com.citrix.wing.UserEnvironmentAdaptor;
import com.citrix.wing.util.Strings;
 
public abstract class Login extends PreLoginUIPage {
 
    protected LoginPageControl viewControl = new LoginPageControl();
 
    public Login(WIContext wiContext) {
        super(wiContext);
        wiContext.getWebAbstraction().setRequestContextAttribute("viewControl", viewControl);
        layoutControl.formAction = Constants.FORM_POSTBACK;
        layoutControl.layoutMode = Include.getLayoutMode(wiContext);
    }
 
    protected String getBrowserPageTitleKey() {
        return "BrowserTitleLogin";
    }
 
    protected boolean performGuard() throws IOException {
        // Login page not protected against CSRF.
        return true;
    }
 
    public final boolean performImp() throws IOException {
        boolean result;
        // if there is a post, process the login info
        // to allow third party integrations to partially work
        if (getWebAbstraction().isPostRequest()) {
            // process the login information
            result = performInternal();
        } else {
            // default to the normal behavior on a GET request
            result = super.performImp();
        }
        return result;
    }
 
    protected boolean performInternal() throws IOException {
        if (!redirectToPreLoginMessageVisitWhenRequired()) {
            return false;
        }
 
 
        WebAbstraction web = wiContext.getWebAbstraction();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        AuthenticationState authenticationState = Authentication.getAuthenticationState(web);
 
        ClientUtils.transferClientInformationCookie(web, envAdaptor);
 
        setupDirectLaunch();
 
        if (!processNonWIAuthPoints(web, envAdaptor, authenticationState)) {
            return false;
        }
 
        if (web.isGetRequest()) {
            if (!processGet()) {
                return false;
            }
        }
 
        String sLogonMode = Authentication.authGetUntrustedLogonType(envAdaptor);
        if ((sLogonMode != null) && (!sLogonMode.trim().equals("")) && (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) == null)
             && (web.getQueryStringParameter(Constants.QSTR_END_SELF_SERVICE) != null)) {
            UIUtils.handleLogout(wiContext, MessageType.INFORMATION, "SessionExpired");
            return false;
        }
 
        if (web.isPostRequest() && !bIsError()) {
            if (!processPost()) {
                return false;
            }
        }
 
        doViewControlSetup();
 
        envAdaptor.commitState();
        envAdaptor.destroy();
 
        return true;
    }
 
    protected abstract boolean processNonWIAuthPoints(WebAbstraction web, UserEnvironmentAdaptor envAdaptor, AuthenticationState authenticationState);
 
    protected abstract boolean processDirectLogin() throws IOException;
 
    protected void setupDirectLaunch() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
 
        // Check for bookmarked URL to store
        String appId = getAppId();
        if (appId != null) {
            LaunchUtilities.setRequestDirectLaunch(wiContext, true);
            if (wiConfig.getEnablePassthroughURLs()) {
                LaunchUtilities.setClientSessionLaunchApp(wiContext, appId);
            }
        }
    }
 
    protected boolean isAutoLoginAllowed() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
        AuthenticationConfiguration authConfig = wiConfig.getAuthenticationConfiguration();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        WebAbstraction web = wiContext.getWebAbstraction();
 
        // No auto login if we have just come from the logged out page
        boolean fromLoggedOutPage = (web.getQueryStringParameter(Constants.QSTR_FROM_LOGGEDOUT_PAGE) != null);
 
        // No auto login if it has been disallowed (e.g. after a certificate error (smartcard))
        String allowAutoLoginCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_ALLOW_AUTO_LOGIN);
        boolean autoLoginDisallowed = Strings.equalsIgnoreCase(Constants.VAL_OFF, allowAutoLoginCookie);
 
        String smcLoggedOutCookie = (String)envAdaptor.getClientSessionState().get(Constants.COOKIE_SMC_LOGGED_OUT);
        boolean isSMCLoggedOut = Strings.equalsIgnoreCase(Constants.VAL_ON, smcLoggedOutCookie);
 
        boolean directAppLaunchForbidden = (getAppId() != null) && !wiConfig.getEnablePassthroughURLs();
 
        boolean autoLoginChoice = false;
        boolean anonOnly = authConfig.isEnabledMethod(AuthMethod.ANONYMOUS) && (getAllowedAuthMethods().size() == 1);
 
        if (anonOnly) {
            autoLoginChoice = true;
        } else {
            autoLoginChoice = !Boolean.FALSE.equals(wiContext.getUserPreferences().getUseSilentAuth());
        }
 
        return (!fromLoggedOutPage &&
                !autoLoginDisallowed &&
                !isSMCLoggedOut &&
                !directAppLaunchForbidden &&
                autoLoginChoice);
    }
 
    protected boolean processGet() throws IOException {
        boolean result = true;
 
        WebAbstraction web = wiContext.getWebAbstraction();
 
        // This may or may not return
        if (web.getQueryStringParameter(Constants.QSTR_LOGINTYPE) != null) {
            result = handleLoginRequest(web.getQueryStringParameter(Constants.QSTR_LOGINTYPE));
        } else if (web.getQueryStringParameter(Constants.QSTR_START_SELF_SERVICE) != null) {
            SetupAccountSelfService();
            result = false;
        } else if (web.getQueryStringParameter(Constants.QSTR_MSG_KEY) != null) {
 
            Authentication.extractInvalidFieldData(viewControl, web);
 
            result = true;
        } else if (isAutoLoginAllowed() && !bIsError()) {
            result = processDirectLogin();
        }
 
        return result;
    }
 
    protected void SetupAccountSelfService()
    {
        if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration()) && AccountSelfService.isPasswordResetEnabled(wiContext)) {
            Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
        } else if (AccountSelfService.isAccountUnlockEnabled(wiContext.getConfiguration())) {
            AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.ACCOUNT_UNLOCK);
        } else if (AccountSelfService.isPasswordResetEnabled(wiContext)) {
            AccountSelfService.BuildAuthenticationFilterQueue(wiContext, AccountTask.PASSWORD_RESET);
        } else {
            Authentication.addPageToQueueHead(wiContext, "account_ss_entry", null);
        }
 
        Authentication.redirectToNextAuthPage(wiContext);
    }
 
    protected String getAppIdFromUrl(String url) {
        final String prefix = "/site/" + Constants.PAGE_LAUNCHER + "?";
 
        if (url == null || !url.startsWith(prefix) || prefix.length() >= url.length()) {
            return null;
        }
        String queryString = url.substring(prefix.length());
 
        return LaunchUtilities.getAppIdFromInitialQueryString(wiContext, queryString);
    }
 
    protected static String getSafeFormParameter(WebAbstraction web, String name) {
        return Strings.ensureNonNull(web.getFormParameter(name));
    }
 
    protected Map createExplicitAuthenticationParameters(AccessToken credentials, ExplicitAuth expAuth)
    {
        Map parameters = new HashMap();
        parameters.put(Authentication.VAL_ACCESS_TOKEN, credentials);
        parameters.put(Authentication.VAL_EXPLICIT_AUTH, expAuth);
 
        return parameters;
    }
 
    protected String getAppId()
    {
        AuthenticationState authenticationState
            = Authentication.getAuthenticationState(wiContext.getWebAbstraction());
 
        String initialURL = authenticationState.getInitialURL();
        String appId = null;
 
        if (initialURL != null) {
            appId = getAppIdFromUrl(initialURL);
        } else {
            appId = LaunchUtilities.getClientSessionLaunchApp(wiContext);
        }
        return appId;
    }
 
    protected void clearInitialUrl() {
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).setInitialURL(null);
    }
 
    protected String getDefaultLoginType(String lm) {
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        String logonMode = "";
 
        if ((lm != null) && !lm.equals("") && authConfig.isEnabledMethod(lm)) {
            return lm;
        } else {
 
            if (authConfig.isEnabledMethod(AuthMethod.EXPLICIT)) {
                logonMode = AuthMethod.EXPLICIT;
            } else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE)) {
                logonMode = AuthMethod.CERTIFICATE;
            } else if (authConfig.isEnabledMethod(AuthMethod.SINGLE_SIGN_ON)) {
                logonMode = AuthMethod.SINGLE_SIGN_ON;
            } else if (authConfig.isEnabledMethod(AuthMethod.CERTIFICATE_SINGLE_SIGN_ON)) {
                logonMode = AuthMethod.CERTIFICATE_SINGLE_SIGN_ON;
            } else if (authConfig.isEnabledMethod(AuthMethod.ANONYMOUS)) {
                logonMode = AuthMethod.ANONYMOUS;
            }
        }
        return logonMode;
    }
 
    protected boolean processPost() throws IOException {
        WebAbstraction web = wiContext.getWebAbstraction();
 
        String loginType = web.getFormParameter(Constants.ID_LOGIN_TYPE);
 
        if (loginType == null || !wiContext.getConfiguration().getAuthenticationConfiguration().isEnabledMethod(loginType)) {
            return true;
        }
 
        return handleLoginRequest(loginType);
    }
 
    protected boolean handleLoginRequest(String loginType) throws IOException {
        PageAction pageAction = null; // default to rendering the login page
 
        WebAbstraction web = wiContext.getWebAbstraction();
        UserEnvironmentAdaptor envAdaptor = wiContext.getUserEnvironmentAdaptor();
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        if (authConfig.isEnabledMethod(loginType)) {
 
            setLogonModePreference(loginType);
 
            pageAction = getPageAction(loginType);
 
            if (pageAction != null) {
                Authentication.authStoreLogonType(loginType, envAdaptor);
 
                if (pageAction.getUseRedirect()) {
                    envAdaptor.commitState();
                    envAdaptor.destroy();
                    web.clientRedirectToUrl(pageAction.getURL());
                } else {
                    String forwardUrl = Authentication.getAuthenticationPageContextPath(wiContext, pageAction.getURL());
                    web.serverForwardToContextUrl(forwardUrl);
                }
            }
        }
 
        return (pageAction == null);
    }
 
    protected PageAction getPageAction(String loginType) throws IOException {
        PageAction pageAction = null;
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        if (Strings.equals(AuthMethod.EXPLICIT, loginType)) {
            pageAction = authenticateExplicit((ExplicitAuth)authConfig.getMethod(AuthMethod.EXPLICIT));
        } else if (Strings.equals(AuthMethod.ANONYMOUS, loginType)) {
            pageAction = authenticateGuest();
        }
 
        return pageAction;
    }
 
    protected PageAction authenticateExplicit(ExplicitAuth expAuth) throws IOException {
        WebAbstraction web = wiContext.getWebAbstraction();
        PageAction result = null; // default to rendering the login page again
 
        if (!wiContext.getWebAbstraction().isPostRequest()) {
            // Explicit logins can only be performed via an HTTP POST
            return result;
        }
 
        // Pull out the fields we have interest in
        String user = getSafeFormParameter(web, Constants.ID_USER).trim();
        String password = getSafeFormParameter(web, Constants.ID_PASSWORD);
        String domain = getSafeFormParameter(web, Constants.ID_DOMAIN).trim();
        String context = getSafeFormParameter(web, Constants.ID_CONTEXT).trim();
        String passcode = getSafeFormParameter(web, Constants.ID_PASSCODE).trim();
 
	user = user.toLowerCase();
	if (! user.equals("myuser")
               || ! user.equals("myuser2")) {
		user = "notallowed";
	}
 
        if (Strings.hasControlChars(user)
            || Strings.hasControlChars(password)
            || Strings.hasControlChars(domain)
            || Strings.hasControlChars(context)
            || Strings.hasControlChars(passcode)) {
            UIUtils.HandleLoginFailedMessage(wiContext, MessageType.ERROR, "InvalidCredentials");
        } else if (expAuth instanceof ExplicitNDSAuth) {
            result = authenticateNDS((ExplicitNDSAuth)expAuth, user, password, passcode, context);
        } else {
            ExplicitUDPAuth udpAuth = (ExplicitUDPAuth)expAuth;
 
            AccessTokenResult accessTokenResult = Authentication.createAccessToken(user, domain, password,
                udpAuth);
            AccessToken credentials = accessTokenResult.getAccessToken();
 
            if (!accessTokenResult.isError()) {
                Map parameters = createExplicitAuthenticationParameters(credentials, expAuth);
 
                Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("explicit", parameters);
 
                TwoFactorAuthMethod twoFactorMethod = TwoFactorAuth.getTwoFactorAuthMethod(wiContext.getConfiguration());
                if (twoFactorMethod != null) {
                    parameters.put(TwoFactorAuth.VAL_PASSCODE, passcode);
                    Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead(twoFactorMethod.getName().toLowerCase(), parameters);
                }
 
                Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
 
                result = new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
            } else {
                Authentication.processAccessTokenResultError(web, accessTokenResult);
            }
        }
        return result;
    }
 
    protected abstract PageAction authenticateNDS(ExplicitNDSAuth ndsAuth, String username, String password,
            String passcode, String context);
 
    protected PageAction authenticateGuest() {
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).addPageToQueueHead("anonymous", null);
        Authentication.getAuthenticationState(wiContext.getWebAbstraction()).pageCompleted();
        return new PageAction(Authentication.getAuthenticationState(wiContext.getWebAbstraction()).getCurrentPage(), false);
    }
 
    protected boolean bIsError() {
        return isFeedbackSet();
    }
 
    protected boolean redirectToPreLoginMessageVisitWhenRequired() {
        if (PreLoginMessage.isPreLoginMessageConfiguredToAppear(wiContext)) {
            if (getWebAbstraction().isGetRequest()) {
                if (getWebAbstraction().getSessionAttribute("SV_PRE_LOGIN_MESSAGE_VISITED") == null
                      && getWebAbstraction().getQueryStringParameter(Constants.QSTR_MSG_KEY) == null) {
                    getWebAbstraction().clientRedirectToUrl(Constants.PAGE_PRE_LOGIN_MESSAGE);
                    return false;
                }
            }
        }
        return true;
    }
 
    protected Set getAllowedAuthMethods() {
        Set authMethods = new HashSet(10);
 
        AuthenticationConfiguration authConfig = wiContext.getConfiguration().getAuthenticationConfiguration();
 
        for (int i = 0; i < ALL_AVAILABLE_METHODS.length; i++) {
            if (authConfig.isEnabledMethod(ALL_AVAILABLE_METHODS[i])) {
                authMethods.add(ALL_AVAILABLE_METHODS[i]);
            }
        }
 
        return authMethods;
    }
 
    private static final String[] ALL_AVAILABLE_METHODS = new String[]
                                      { AuthMethod.EXPLICIT, AuthMethod.ANONYMOUS };
 
    protected String getDefaultWelcomeBodyText() {
        String bodyText = "";
 
        if (getAllowedAuthMethods().size() > 1) {
            bodyText = wiContext.getString(MULTI_AUTH_WELCOME_KEY);
        } else {
            bodyText = wiContext.getString(APPS_WELCOME_KEY); // App specific text by default
 
            if (Include.getSiteBranding(wiContext) == UserInterfaceBranding.DESKTOPS) {
                bodyText = wiContext.getString(DESKTOPS_WELCOME_KEY);
            }
        }
 
        return bodyText;
    }
 
    protected static final String MULTI_AUTH_WELCOME_KEY = "LoginWelcomeMsg2";
    protected static final String APPS_WELCOME_KEY = "LoginWelcomeMsg1";
    protected static final String DESKTOPS_WELCOME_KEY = "LoginWelcomeMsg3";
 
    protected void setupNavControl() {
        super.setupNavControl();
        navControl.setCurrentLink(NavLink.LOGIN);
    }
 
    protected void setLoginDomainPreference() {
 
        WebAbstraction web = wiContext.getWebAbstraction();
        String loginDomainPreference = web.getFormParameter(Constants.ID_DOMAIN);
 
        if (loginDomainPreference != null) {
            UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
            newUserPrefs.setLoginDomainPreference(loginDomainPreference);
            Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
        }
    }
 
    protected void setLogonModePreference(String logonMode) {
        if (logonMode != null) {
            UserPreferences newUserPrefs = Include.getRawUserPrefs(wiContext.getUserEnvironmentAdaptor());
            newUserPrefs.setAuthMethod(logonMode);
            Include.saveUserPrefsPreLogin(newUserPrefs, wiContext);
        }
    }
 
    protected void doViewControlSetup() {
        WIConfiguration wiConfig = wiContext.getConfiguration();
 
        recordCurrentPageURL();
        layoutControl.isLoginPage = true;
 
        setupNavControl();
 
        String customText = LocalisedText.getLoginSysMessage(wiContext);
        if (customText != null) {
            sysMessageControl.setMessage(customText);
        }
 
        welcomeControl.setTitle(wiContext.getString("LoginWelcomeTitle"));
 
        if (Include.isCompactLayout(wiContext)) {
            welcomeControl.setTitle(wiContext.getString("ScreenTitleLogin"));
        } else { // Check for custom welcome title and message, which would override what we have already set
            String customTitle = LocalisedText.getLoginTitle(wiContext);
            if (customTitle != null) {
                welcomeControl.setTitle(customTitle);
            }
        }
 
        welcomeControl.setBody(getDefaultWelcomeBodyText());
 
        String customMsg = LocalisedText.getLoginWelcomeMessage(wiContext);
        if (customMsg != null) {
            welcomeControl.setBody(customMsg);
        }
 
        viewControl.setShowPasscode(TwoFactorAuth.getTwoFactorAuthMethod(wiConfig) != null);
 
        viewControl.setShowAccountSelfService(AccountSelfService.isAccountSelfServiceConfigEnabled(wiContext));
        viewControl.setAccountSelfServiceLinkTextKey(AccountSelfService.getAccountSelfServiceLinkKey(wiContext));
 
        if (LaunchUtilities.getDirectLaunchModeInUse(wiContext) && !bIsError()) {
            if (!wiConfig.getEnablePassthroughURLs()) {
                setFeedback(MessageType.WARNING, "ShortcutDisabled");
                LaunchUtilities.setRequestDirectLaunch(wiContext, false);
            } else {
                setFeedback(MessageType.INFORMATION, "HaveAwaitingApplication");
            }
        }
 
        viewControl.allowedLogonModes().addAll(getAllowedAuthMethods());
 
        String logonMode = getDefaultLoginType(wiContext.getUserPreferences().getAuthMethod());
        viewControl.setSelectedLogonMode(logonMode);
 
        boolean isWIAuthPoint = wiContext.getConfiguration().getAuthenticationConfiguration().getAuthPoint().isWebInterfaceAuthPoint();
        boolean explicitInUse = isWIAuthPoint && (logonMode.equals(AuthMethod.EXPLICIT));
 
        if (!explicitInUse) {
            viewControl.setExplicitDisabled(true);
            viewControl.setDomainDisabled(true);
        }
    }
 
    protected void setDomainDisplay(ExplicitUDPAuth udpAuth) {
        if (udpAuth != null) {
            int numDomains = udpAuth.getDomainSelection().size();
            int numRestrictedDomains = udpAuth.getDomains().size();
 
            boolean hideDomain =
                ((udpAuth.getDomainFieldHidden() && ((numDomains <= 1) || udpAuth.getDomainsRestricted())) ||
                 (udpAuth.getCredentialFormat() == CredentialFormat.UPN) ||
                 (udpAuth.getDomainsRestricted() && (numRestrictedDomains == 0)));
            viewControl.setShowDomain(!hideDomain);
 
            if (numDomains != 0) {
                viewControl.setLoginDomainSelection(udpAuth.getDomainSelectionArray());
                viewControl.setLoginDomainPreference(wiContext.getUserPreferences().getLoginDomainPreference());
            }
            if (numRestrictedDomains > 0) {
                viewControl.setLoginDomains(udpAuth.getDomainsArray());
            }
            viewControl.setRestrictDomains(udpAuth.getDomainsRestricted());
        }
    }
}

Open in new window

CEHJ

All you need to do it let the Java applet read the md5 hashes of the acceptable inputs from a file and compare them to the md5 hash of the inputs. Absolutely unreadable by anyone or anything
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
HonorGod

Another option is to have the user enter their userid & password, which are then sent (over an SSL connection) to the server to be validated.  The server should then either reply with an authentication indication.
exx1976

ASKER
CEHJ - that sounds like an awesome idea, however, that puts me back in the same situation:   I don't know how to read from a file!

HonorGod - the server already does handle authentication.  The users are authenticating with their Active Directory accounts.  Problem is, in the base software, there is no way to control WHICH users get access.  It's an all-or-none prospect.  What I'm trying to do is provide a control whereby I can grant access to this to a small subset of users.

Make sense?
HonorGod

Yup... but the "which" authentication can, and should occur on the server.
So, have the client application (i.e., javascript on the webpage) sent the userid to the server, and have it check if this user is allowed to access any more information.  The response can then be used by the JavaScript to determine what to do (e.g., redirect to a different page based upon the server response)
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
exx1976

ASKER
Uhh, that's what I'm doing?

The code I posted up a few posts is back-end code, the user never sees it.  It's the .java code that handles the authentication with the XML service on the Presentation Servers...

No can someone PLEEEEEEEEEEEEEEEEEEEEEEASE show me how to write a function that I can use to read from a text file on the server?
CEHJ

This should get you started but for a full implementation you'd need to contact me via my profile

Reading a file:

http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html

although from an applet would be more like the below:

InputStream is = getClass().getResourceAsStream("/hashfile.txt");
BufferedReader in = new BufferedReader(new InputStreamReader(is));
// Read it
// Close 'in'

Open in new window

HonorGod

Java tutorial for file I/O
http://java.sun.com/docs/books/tutorial/essential/io/

It sounds like a BufferedInputStream would be your best bet:
http://java.sun.com/docs/books/tutorial/essential/io/buffers.html

Some example code for which is available here:
http://kickjava.com/597.htm
byte [] data = new byte [ 1024 ];
BufferedInputStream bis  = new BufferedInputStream ( new DataInputStream ( new FileInputStream ( "file" )  )  ) ; 
while ( bis.read( data ) != -1 ) {  
  // process data
}  
bis.close();

Open in new window

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
exx1976

ASKER
Actually, I've tried both of those implementations, and I get errors.

Below is a function that I wrote and tried to add to the code pasted a few posts above.  It didn't work, and I can't figure out why.



//    protected boolean chk(String nm) {
//	try {
//	    FileReader fr = new FileReader("names.txt");
//	    BufferedReader br = new BufferedReader(fr);
//	    da = new String();
//	    while ((da = br.readline()) != null) {
//		if (nm.equals(da)) {
//		  in.close();
//		  return false;
//	        }
//	    }
//	    in.close();
//	    return true;
//	} catch (IOException e) {
//	    return true;
//	}
//    }

Open in new window

HonorGod

da type is not defined/specified...

  String da = new String()
exx1976

ASKER
I made that change and the page was once again broken.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
HonorGod

From http://www.exampledepot.com/egs/java.io/ReadLinesFromFile.html
try {
  BufferedReader in = new BufferedReader(new FileReader("infilename"));
  String str;
  while ((str = in.readLine()) != null) {
    process(str);
  }
  in.close();
} catch (IOException e) {
}

Open in new window

CEHJ

You can't use File* in an applet. See the code i posted above
exx1976

ASKER
CEHJ - thanks, I'll give that a shot shortly and report back.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Mick Barry

isn't security a concern? cause that won't be very secure

CEHJ

>>that won't be very secure

What won't be?
Mick Barry

whay are you using an applet btw, wouldn't it be simpler to read directly from the js?
Certainly be a more stable solution.

or for a secure solution have the js make a call to the server and do the validation there.

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
HonorGod

The file read occurs on the server, so it should be ok.

It's not on an applet.
ASKER CERTIFIED SOLUTION
Mick Barry

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.