• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

authenticate url in java method and open the secured page in browser

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi i have a use case, i need to prepare a url in java method which is to a secured page, on clicking of that link the browser should open that secured page without challenging that user again with credentials.

so i need to to the authentication in that java method and need to prepare a url, any pointers on how to achieve this is very helpful.

Thanks in advance.
Rang
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you say "Java method", where would this Java code be running: as part of a web app? As part of a desktop app on the same machine where the browser is running? Somewhere else?
 
ranganath noonepally
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Sir,

Yes sir the java method is running as part of web app. Thanks for your immediate reply sir.

Rang.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How does the user get that URL - if it's on a page in said web app, then the authentication can happen beforehand, and the whole issue would be moot. So I'm guessing that the URL would be sent via email to the user? Or would it be displayed on some other wee page that is not part of the web app it points to?

Either way, it's no problem to construct an URL that contains a cryptographically secure token that identifies the user, and which can't easily be spoofed. But if the URL somehow gets into the wrong hands, then anybody else could see what only the authenticated user should see. So you may not want to show a user who came in using that URL quite the same data you would show a user who had properly authenticated himself.
 
ranganath noonepally
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Sir,

Actually we are hard coding the url in our java method, and this method we are using in an internal application, so we will be all right if we hard coded the url, i used basic authentication to authenticate the url using Base64 Encoder, but I am getting the secured page, but if i try to open in browser then its challenging me again. even i tried to append cookies like jsession id to the secure page url, still no use.

can you help me on how to achieve this, lets say if my login page is www.abc.com and after logging in the java method, i will construct like www.abc.com/page1 and it should open without challenging the user again.

thanks,
Ranga.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This sounds odd. If it's all part of the same web app, then after authenticating once it should not be necessary again, provided that the authentication used the first time authorized the user for the role needed for the second page. How are you setting up authentication in the web.xml file?
 
ranganath noonepally
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
we are accessing 3rd party url in our internal application. like we need to authenticate www.abc.com in java and allow the user to open www.abc.com/page1 which is a secured page.

I hope I am clear now.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess I was too subtle, so I'll ask directly now: are www.abc.com and www.abc.com/page1 part of the same web app? If they are, then authentication for one should authenticate you for the other. If they are not, then something like SSO is called for.

I don't understand what your mention of a 3rd party URL has to do with anything. So far, you were talking only about URLs on the same server - is it more complicated than that?
 
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
just out of curiosity, when you say authentication are you referring to like a .htaccess type authentication or a web app driven type of authentication? I'm also a little confused on what your really asking for and the only thing i think of is that maybe www.abc.com is some sort of java web authenication while www.abc.com/page1 maybe is a .htaccess controlled auth....or vise versa. So your asking how to bypass a .htaccess auth if you have already securely logged in via the web app somewhere else??
 
ranganath noonepally
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi all,

let me clear my use case,

i need to populate a href with some url (like www.abc.com/page1) which is a secured page and for that usually we go to www.abc.com where we give user name and password, and login to that web app and navigates to the page1.

But how do you accomplish the same task, with out going to login page where on click of that href i should call some java method, and navigates to page1.

TIA.
Ranga.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That depends on how you're managing authentication (which is why I asked that a couple posts back). Somehow you need to recreate the conditions of a logged-in user - we can't advise on how you might go about that, because we have no idea how it is managed in this web app.
 
ranganath noonepally
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
we are trying to use an internal jira app, can you point me to any examples or samples.
reply
    Bookmark Topic Watch Topic
  • New Topic