In Authentication API you can set HTTP Header variable(s) or Cookie(s), just like setting authentication success and failure via the Policy Manager UI.
For example, if you are using C# managed code, the program fragment will be something like this:
info.get_ActionInfo().SetAction("Cookie:ANResult","NOTALLOWED",IObAuthnPlugin.ActionType.ObAnFailFixedVals);
info.get_ActionInfo().SetAction("HeaderVar:ANResult","NOTALLOWED",IObAuthnPlugin.ActionType.ObAnFailFixedVals);
Using the above code, when authentication is failed (ObAnFailFixedVals),
- a cookie ANResult will contain the value "NOTALLOWED"; and
- a HTTP header variable ANResult will contain the value "NOTALLOWED"
In fact, you can also redirect the user to a particular webpage (URL) by using the same method (SetAction()) with the first argument "redirectURL", e.g.
info.get_ActionInfo().SetAction("redirectURL","/failed.asp",IObAuthnPlugin.ActionType.ObAnFailRedirect);
The above line will redirect the user to /failed.asp if authentication is failed.
Monday, March 22, 2010
Friday, March 19, 2010
[WLS] cookie-http-only element in weblogic.xml
Q: The
A: The
For WLS 10.3.0, please log a SR and obtain the patch to enable the element.
Notes:
1. The element is not formally listed in the WLS 10.3.1 documentation.
2. Usage of the element in 10.0 can be found in the documentation.
cookie-http-only
element is in WLS (WebLogic Server) 9.2 and 10.0 (according to the documentation), can I use it with 10.3.0 or 10.3.1?A: The
cookie-http-only
element is used for making the session cookies unavailable to browser scripts. The element is one of session-descriptor elements. It was introduced in WLS 10.3.1 and back ported to version 9.2 and 10.0.For WLS 10.3.0, please log a SR and obtain the patch to enable the element.
Notes:
1. The element is not formally listed in the WLS 10.3.1 documentation.
2. Usage of the element in 10.0 can be found in the documentation.
Subscribe to:
Posts (Atom)