Our system is a gateway interacting with Siteminder for authentication and connecting to back end systems. Siteminder is returning SMSESSION and SMIDENTITY in the header. How to retrieve the userid from SMSESSION. The format is as below:
SMSESSION=dQtTYNjolqkVPoblyV2iUYzlaffxweO7jwHdbC8R8HCRzyuR2E6we22hBEdfOquw4Wx4V2Ly6tuTq7DctZXBpiUVOqYr1htSKExdDauUYD0Eh+jmdw9yBSSjkUm/nlDd6iFizN2zeyBAGda7jgHbyvKCB0T54ZrFFEMTd1jdJfiOJS0q6c
I have tried to take the encoded string manually and decode it but its not getting me the user id. How to get the userid from SMSESSION?
Thanks,
I believe SMSESSION cookie is encrypted by the agent, you won't be able to do much with it. You'll have to work with the external SiteMinder support team to ask them to add the SM_USER or other headers. It is a part of SiteMinder configuration.
The user ID can be found in a default SiteMinder header tageed "SM_USER"
You can get the SM_USER from the response.getHeaderNames(), use the following script in your index.jsp:
<script language="JavaScript" type="text/javascript">
<%
java.util.Enumeration names = request.getHeaderNames();
String SM_USER = "";
while(names.hasMoreElements())
{
String name = (String)names.nextElement();
if(name.contains("SM_USER"))
{
SM_USER = request.getHeader("SM_USER");
}
}
%>
var SM_USER = '<%= SM_USER %>';
</script>
Then you can access the SM_USER value from window.SM_USER
Related
ColdFusion being as obscure as it is, Twilio doesn't have any SDKs for it. I'm trying to give Synch a go; I'm not getting the JSON request for the access token correct. Trying to mimic what is done by their node.js example here, I thought I could just output the JSON to the page on token.cfm:
{
"identity":"#Username#",
"token":["#AccountSID#","#APPSID#","#SECRET#"]
}
This is called from index.cfm:
<script src="js/jquery.js" ></script>
<script src="https://media.twiliocdn.com/sdk/js/sync/releases/0.5.7/twilio-sync.min.js"></script>
<script>
function fetchAccessToken(handler) {
// We use jQuery to make an Ajax request to our server to retrieve our
// Access Token
$.getJSON('token.cfm', function(data) {
// The data sent back from the server should contain a long string, which
// is the token you'll need to initialize the SDK. This string is in a format
// called JWT (JSON Web Token) - more at http://jwt.io
console.log(data.token);
// Since the starter app doesn't implement authentication, the server sends
// back a randomly generated username for the current client, which is how
// they will be identified while sending messages. If your app has a login
// system, you should use the e-mail address or username that uniquely identifies
// a user instead.
console.log(data.identity);
handler(data);
});
}
$(document).ready(function()
{
fetchAccessToken(initializeSync);
function initializeSync(tokenResponse) {
var syncClient = new Twilio.Sync.Client(tokenResponse.token);
// Use syncClient here
}
});
</script>
The response I receive is
{code: 400, message: "Unable to process JSON"}
code:
400
message:
"Unable to process JSON"
Can I accomplish this? Or, alternately, can the token be built by JavaScript alone?
Your JS is a very roundabout way of writing this:
$(function() {
$.get('token.cfm').done(function (response) {
var syncClient = new Twilio.Sync.Client(response.token);
// ... use syncClient here
});
});
but this still requires that the response is actually parseable as JSON.
If your CFM page just contains this:
<cfoutput>
{
"identity":"#Username#",
"token":["#AccountSID#","#APPSID#","#SECRET#"]
}
</cfoutput>
then this almost certainly produces syntactically wrong JSON. Don't do that.
JSON is to be produced from a data structure and a serialization function, that's no different in ColdFusion than in any other language.
<cfset AccountSID = "...">
<cfset APPSID = "...">
<cfset SECRET = "...">
<cfset tokenData = {
"identity" = Username,
"token" = [AccountSID, APPSID, SECRET]
}>
<cfcontent type="application/json"><cfoutput>#SerializeJSON(tokenData)#</cfoutput>
There are other, nicer ways of creating JSON responses, most prominently CF components with functions annotated with the "json" returnformat, but doing it manually like above is enough for a one-off.
I am new to nodejs as well as developing.
I am trying to get a set of data bat from a nutrition site in JSON format. If I formulate the url with my app and api keys along with criteria to paste into the browser I get a JSON data ok. When I try to send a POST request as the site asks for when the request comes back it says it cannot find the url. What it is doing is attaching ':443' to the end of the host url and like I said coming back as an error:
Error: getaddrinfo ENOTFOUND https://api.nutritionix.com/v1_1/search https://api.nutritionix.com/v1_1/search:443
What I would like to do is after the end of the url is append the 'postData'.
Here is my code:
var https = require('https');
var querystring = require('querystring');
var postData = { // Nutrionix required JSON formt
"appId":"MY_APP_KEY",
"appKey":"MY_API_KEY",
"query": "Lentils",
"fields": ["item_name", "nf_calories", "nf_serving_size_qty", "nf_serving_size_unit"],
"sort":{
"field":"score",
"order":"desc"
},
"filters":{
"item_type":"2"
}
};
console.log("This is header dta" + postData);
postBody = querystring.stringify(postData);
var post_options = {
host:"https://api.nutritionix.com/v1_1/search",
"port":"443",
method:"post",
"path":"/",
headers:{"Content-Type":"application/json",
'Content-Length': postBody.length
}
}
console.log(post_options);
var request = https.request(post_options,function(response){
return response;
});
I also am passing this data into the dev HTTP add-on in Chrome and getting back the proper response.
Any help would be appreciated.
Can you please take a look at this documentation?
It seems that you don't need to mention HTTPS
Take the port off, 443 is the default for HTTPS.
I'm writing a simple jsp code for login which retrieves data from mysql. The code is showing error at response.sendRedirect("feedback.jsp");
<%#page import="java.sql.ResultSet"%>
<%#page import="java.sql.Statement"%>
<%#page import="java.sql.DriverManager"%>
<%#page import="java.sql.Connection"%>
<%
String user=request.getParameter("username");
String passwrd=request.getParameter("password");
try{
Class.forName("com.mysql.jdbc.Driver");
java.sql.Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/feedback", "root", "");
Statement st=con.createStatement();
ResultSet rs=st.executeQuery("select username,password from users");
while(rs.next())
{
String username=rs.getString(1);
String password=rs.getString(2);
if(user.equals(username) && passwrd.equals(password))
{
response.sendRedirect("feedback.jsp");
}
else
{
out.println("Invalid Credentials");
}
}
}
catch(NumberFormatException e){
System.out.print(e);
e.printStackTrace();
}
%>
The connection to database is working as the else statement of "Invalid Credentials" is working if incorrect username and password combination is entered. The error i'm getting is "Cannot call sendRedirect() after the response has been committed"
Thanks.
if the URL is absolute http://www.google.com , it redirects to
http://www.google.com.
If the URL is not absolute , it redirects
relative to the current URL. If the URL starts with / it redirects
relative to the context root, Else it redirects to the current url
You should return after redirecting.
response.sendRedirect("http://www.google.com");
return;
It does not return automatically after calling sendRedirect().
First of all, Java code connecting to a database should be inside a servlet, and not inside a JSP. JSPs are view components. They should not use scriptlets AT ALL. Their only responsibility should be to generate HTML from attributes stored in the request by a controller, written in Java.
You get this exception because you try to redirect after sending data to the response already. Sending a redirect consists in setting a response header. And the headers are sent before the response body.
Also, your strategy for finding a user is extremely inefficient. You have the user name. So instead of getting all the users from the database and comparing them one by one with the username you have, you should add a where clause to your query:
select username, password from user where username = ?
Read the Java tutorial about prepared statements.
And finally, storing passwords in clear text in the database is a very bad practice. They should be hashed using a strong cryptographic hashing algorithm.
This is usually because you have sent response to the client, and you are changing or trying to send response after it is being sent to the user. Try removing any spaces or output before your redirect statement. In this case I would suggest remove all white-spaces before <% and then try executing your code.
I am using an API to have users create an account within my app.
Now I am able to generate the URL required in objective-C to submit the values and in the API documentation it has the return numbers that will confirm to me what has happened.
My question is how do I relay that information to the user of the app?
The return call is shown to me in a HTML page as plain text.
Any ideas?
Thanks in advance.
///////
2012-10-03 12:24:31.557 Multi Web[72631:15203] Dictionary list - {
Connection = "keep-alive";
"Content-Encoding" = gzip;
"Content-Length" = 26;
"Content-Location" = "signup.php";
"Content-Type" = "text/html";
Date = "Tue, 02 Oct 2012 23:24:32 GMT";
P3P = "policyref=\"/w3c/p3p.xml\", CP=\"ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE\"";
Server = "Apache/2.2.14 (Ubuntu)";
Status = "200 OK";
TCN = choice;
Vary = "negotiate,Accept-Encoding";
"X-Limit-Key-Limit" = 10000;
"X-Limit-Key-Remaining" = 9992;
"X-Limit-Key-Reset" = 236;
"X-Limit-User-Limit" = 320;
"X-Limit-User-Remaining" = 319;
"X-Limit-User-Reset" = 3600;
"X-Powered-By" = "PHP/5.3.2-1ubuntu4.14";
I got this in my console so I now, I have created the account succesfully.
In the middle it says Status = "200 OK";
How do I use that particular line? If I can hook up a UIAlertView to that then i am where I want to be.
Cheers.
I'm not sure if your situation is related to this question. According to docs from the getPocket API you are using, i see the following:
According to apple docs, the default HTTP method is GET. What you need to do is check the response headers from the API. So what you need to do is change your httpMethod to HEAD like so:
NSMutableURLRequest *modReq = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:#"www.somesite.com/?something"]];
[modReq setHTTPMethod:#"HEAD"];
Then you can read the values from the header with something like so:
NSURLResponse* response = // the response, from somewhere
NSDictionary* headers = [(NSHTTPURLResponse *)response allHeaderFields];
You can then get the response values, and tell the user whats up accordingly.
It's called designing and creating a user interface.
You send a request to the server and get a response. Your job is to examine the response, recognise what it means, and tell the user in an appropriate way what the response meant. Since the user is not an expert in parsing html, showing the html would almost always be entirely inappropriate.
For a user entering a username and password correctly, the appropriate response is usually that the user can now access the site.
I have a simple Backbone.js/Bootstrap front end in HTML5 with a Node.js/Restify backend. I am setting cookies in a header response from the server as below:
res.setHeader("Set-Cookie", ["token=ninja", "language=javascript"]);
On the client side, I am making a REST call as
var response = this.model.fetch().success(function(data){
//success
}).error(function(data){
//error
}).complete(function(data){
//complete
});
that callsback a parse method in the model.
How can I read the cookie value in the model?
Include Cookie.js.
You can then reference individual cookies like this:
var token = Cookie.get('token')
# token == 'ninja'
Here is what I figured out. My application has two components - the HTML/js from one domain that talks to a REST sevice on another domain (and therefore is cross-domain.) Because the cookie is set from REST, it appears is not readable across domains. So the web page will not store the cookie even though the server is sending it. One alternative is to use local cookies or use the technique illustrated by http://backbonetutorials.com/cross-domain-sessions/.
Assuming you are using jQuery with Backbone, you can get the headers by defining the parse function in your model by calling getAllResponseHeaders or getResponseHeader:
var model = Backbone.Model.extend({
// the rest of your model
parse: function(resp, xhr) {
var allHeaders = xhr. getAllResponseHeaders();
var cookieHeader = xhr. getResponseHeader("Set-Cookie");
// do something with the headers
return resp;
}
});