I am trying to login the site. There are couple of GET request before moving to login screen and on the login screen:
My Request Parameter is:
username=8888888888&password=8888888888&AUTH_STATE=2c83bef4-9ab3-4549-8d3b-243e5864cc78
I know my username and password but when i capture the parameters using firebug, i found that along with that AUTH_STATE also going..
I tried to find the AUTH_STATE parameter in any of the GET Response made before login call.. But i did not find it out.. Is there any way to get that ???
I should be there in the login page. Check the HTML response of the login page.
Related
I am facing one problem that i am unable to login to the liferay website using JMeter.
The problem i know already but don't know how to hanmdle it.
I get to know that "p_auth" token is requried to access the sub pages, but here i am facing an issue in which i don't even able to acccess the login page itself if run the script second time.
My concerns:
how to check "p_auth" token parameter for login page (i.e without login)
Please help me to solve the problem.
Note: i tried to extract the "p_auth" token , but i am unable to see any "p_auth" token for login page itself(i.e without login.. just a login page(get api))
Your test plan need to look like:
Open Login Page - HTTP GET request
Extract p_auth dynamic parameter value using a suitable JMeter Post-Processor
Perform the login - HTTP POST request where you need to provide your credentials and the p_auth token value from the previous request
You won't be able to "see" the token in the page, it's hidden in the page source so you will need to use browser developer tools or JMeter's View Results Tree listener in order to "see" the token value.
Also don't forget to add HTTP Cookie Manager to your test plan as missing CSRF token is not the only thing which can stop you from logging in.
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
I have a HttpServletRequest object with me in a post login hook. How to get what URL is there is the browser.
When I am using PortalUtil.getCurrentCompleteURL(HttpServletRequest) I am always getting http://localhost:8080/c. I need something like http://localhost:8080/web/abc.
I don't have ThemeDisplay object with me.
I guess that the URL you are looking for is the one from before the login. The portal saves that one in the session when redirecting to the login page. You can access it like this:
String lastPath = session.getAttribute(WebKeys.LAST_PATH);
I am building an application and I want to do a validation in which when user tries to access a POST method he should be redirected to a new Page. For example when I Login, the username and password validations are done in the post method that has
#RequestMapping(value = "/firstPage.htm", method = RequestMethod.POST)
So what I want to do is if user saves this link xyz.../firstPage.htm after the application is closed by pasting it in browser url, he should not get 405 error instead he should be redirected to another page that says You are not Authenticated to view this page.
How do I do this?
Regards,
Zingo
You could add another method in your controller that handles the same URI, but with RequestMethod Get. It can simply shows a page with a login form asking the user to login.
This will also lead to a more standardized approach. Where a GET request to a URL shows the form, while POSTing credentials to the same URL logs you in.
Hope this helps.
Iam using custom Authorize filter to on my action method to check if user has an access to it.
If user does not have an access then user is redirected to Unauthorize page.
The problem iam facing here is iam using Jquery Ajax request to call that action method. Everything works well if the user has an access. But if the user does not have an access the code is not able to bind the View("Unauthorize") and it display the existing view on the browsers screen;
Any suggestions would be helpful.
Thanks.
The thing is that ajax requests can not send a redirect response. You can instead either return a status code that tells the calling javascript to redirect or simply change the Response.ContentType to application/javascript and use window.location = "newUri" as the response body.