smitapatnaik
Programmer
<%
String userID = "";
String auth = request.getHeader("Authorization"
if (auth == null) {
response.setContentLength(0);
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader(" "NTLM"
response.flushBuffer();
return;
}
if (auth.startsWith("NTLM ") { byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1) { // first step of authentication
off = 18;
// this part is for full hand-shaking, just tested, didn't care about result passwords
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setContentLength(0);
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader(" "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
response.flushBuffer();
return;
} else if (msg[8] == 3) { // third step of authentization - takes long time, nod needed if zou care only for loginname
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
userID = new String(msg, offset, length);
} else
return;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
userID = new String(msg, offset, length);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
userID = new String(msg, offset, length);
}
%>
I am using the above piece of code to get the userid from the system without specifically again askin the user to enter his userid....I dont know how the code works but it works fine...It gets me the userid......
To authenticate this particular user i check his/her userid with that in a table in the database......I have done that as follows
<%
String user = "";
try{
String url="jdbcracle:thin172.19.48.137:1521:dms";
String usr="dms1";
String pwd="dms";
Class.forName("oracle.jdbc.driver.OracleDriver"
Connection conn=DriverManager.getConnection(url,usr,pwd);
Statement st = conn.createStatement();
ResultSet rs = null;
%>
<%=userID%>
<%
rs = st.executeQuery("select * from TBL_USERS where USER_ID='"+userID+"'"
while (rs.next()){
user = rs.getString("user_name"
}
if (user.equals (userID)){
System.out.println("Welcome," + " " +user+ " "
}
}catch(Exception e){
System.out.println("Exception occured in catch"
e.printStackTrace();
}
%>
The problem is m getting exhausted resultset error......When i checked the query in oracle, the query runs properly.......I am badly stuck....Please help.......
String userID = "";
String auth = request.getHeader("Authorization"
if (auth == null) {
response.setContentLength(0);
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader(" "NTLM"
response.flushBuffer();
return;
}
if (auth.startsWith("NTLM ") { byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1) { // first step of authentication
off = 18;
// this part is for full hand-shaking, just tested, didn't care about result passwords
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setContentLength(0);
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader(" "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
response.flushBuffer();
return;
} else if (msg[8] == 3) { // third step of authentization - takes long time, nod needed if zou care only for loginname
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
userID = new String(msg, offset, length);
} else
return;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
userID = new String(msg, offset, length);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
userID = new String(msg, offset, length);
}
%>
I am using the above piece of code to get the userid from the system without specifically again askin the user to enter his userid....I dont know how the code works but it works fine...It gets me the userid......
To authenticate this particular user i check his/her userid with that in a table in the database......I have done that as follows
<%
String user = "";
try{
String url="jdbcracle:thin172.19.48.137:1521:dms";
String usr="dms1";
String pwd="dms";
Class.forName("oracle.jdbc.driver.OracleDriver"
Connection conn=DriverManager.getConnection(url,usr,pwd);
Statement st = conn.createStatement();
ResultSet rs = null;
%>
<%=userID%>
<%
rs = st.executeQuery("select * from TBL_USERS where USER_ID='"+userID+"'"
while (rs.next()){
user = rs.getString("user_name"
}
if (user.equals (userID)){
System.out.println("Welcome," + " " +user+ " "
}
}catch(Exception e){
System.out.println("Exception occured in catch"
e.printStackTrace();
}
%>
The problem is m getting exhausted resultset error......When i checked the query in oracle, the query runs properly.......I am badly stuck....Please help.......