Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problems with authorisation of the user in HTML with Frame

0 views
Skip to first unread message

Tolik Gusin

unread,
Sep 15, 2008, 11:18:05 AM9/15/08
to
Hi All,

There is web-raw service Web1 which returns html page with Frame.
Each of frames, for creation of the part html pages,
calls the web-raw services (Web2, Web3).
All three web-services (Web1, Web2, Web3) demand authorisation.
There are three Stored Procedure (TestWeb1, TestWeb2, TestWeb3) which
form
html pages for corresponding web-services.
There is user UserWeb1 to whom the rights to these SP are granted.

The SQL-script for check is in the letter end.

I start Web a browser (SeaMonkey, IE) and in address string i type:
http://mysite/Web1
In the appeared window of a login, i enter the user name "UserWeb1" and
its
password "123".

After that in a browser i is displayed html page.
But in 50 % of cases, in top frame or in the bottom frame, instead of
the
corresponding parts html pages, the error "401 Authorization Required"
is
displayed.
If from this frame in the menu to select the item "Refresh Frame", then
html
The page will be displayed normally.

That is it turns out, that authorisation of the user for separate parts
the frame works not always correctly.

Question: What do i do incorrectly ?


=======================================================
CREATE PROCEDURE dba.TestWeb1()
result (html_document long varchar)
BEGIN

declare res long varchar;

set res = '<html>\n<head>\n';
set res = res || '<title>Test Frame Site</title>\n';
set res = res || '</head>\n';
set res = res || '<frameset rows="35%,65%">\n';
set res = res || '<frame name="where" src="/Web2">\n';
set res = res || '<frame name="select" src="/Web3">\n';
set res = res || '</frameset>\n';
set res = res || '</html>';

call dbo.sa_set_http_header('Content-Type', 'text/html;
charset=windows-1251');
call dbo.sa_set_http_header('Pragma', 'no-cache');
call dbo.sa_set_http_header('Cache-Control', 'no-cache');

select res;

END
go

CREATE PROCEDURE dba.TestWeb2()
result (html_document long varchar)
BEGIN

declare res long varchar;

set res = '<html>\n<head>\n';
set res = res || '</head>\n<body>\n';
set res = res || 'Russian Text Top Frame\n';
set res = res || '</body>\n</html>';

call dbo.sa_set_http_header('Content-Type', 'text/html;
charset=windows-1251');
call dbo.sa_set_http_header('Pragma', 'no-cache');
call dbo.sa_set_http_header('Cache-Control', 'no-cache');

select res;

END
go

CREATE PROCEDURE dba.TestWeb3()
result (html_document long varchar)
BEGIN

declare res long varchar;

set res = '<html>\n<head>\n';
set res = res || '</head>\n<body>\n';
set res = res || 'Russian Text Bottom Frame\n';
set res = res || '</body>\n</html>';

call dbo.sa_set_http_header('Content-Type', 'text/html;
charset=windows-1251');
call dbo.sa_set_http_header('Pragma', 'no-cache');
call dbo.sa_set_http_header('Cache-Control', 'no-cache');

select res;

END
go

CREATE SERVICE "Web1" TYPE 'RAW' AUTHORIZATION ON AS call
dba.TestWeb1();
CREATE SERVICE "Web2" TYPE 'RAW' AUTHORIZATION ON AS call
dba.TestWeb2();
CREATE SERVICE "Web3" TYPE 'RAW' AUTHORIZATION ON AS call
dba.TestWeb3();

CREATE USER "UserWeb1" IDENTIFIED BY '123';
GRANT EXECUTE ON "DBA"."TestWeb1" TO "UserWeb1";
GRANT EXECUTE ON "DBA"."TestWeb2" TO "UserWeb1";
GRANT EXECUTE ON "DBA"."TestWeb3" TO "UserWeb1";
=======================================================

--
Best Regards, Stalker

Origin: The History is Dead

Mark Culp

unread,
Sep 16, 2008, 9:13:50 AM9/16/08
to
You are doing everything correctly, but your browser is not
handling the situation properly. - My guess is that IE has a race
condition that is causing it to not record the authorization
credentials in its cache quickly enough and this is causing the
second and third (frame) requests to not find the credentials
and hence causing the error.

Possible solutions:

- switch to using a different browser :-)

- have web1 service set/return a cookie to the browser;
turn off authorization to web2 and web3 services;
change testweb2 and testweb3 procedures to check that a valid
cookie has been set - if not, return an error message (or nothing)
--
Mark Culp
SQLAnywhere Research and Development
iAnywhere Solutions Engineering
-------------------------------------------------------------------------
-- SQL Anywhere Blog Center - http://www.sybase.com/sqlanyblogs
-- SQL Anywhere Developer Community:
-- http://www.sybase.com/developer/library/sql-anywhere-techcorner
-------------------------------------------------------------------------

Tolik Gusin

unread,
Sep 16, 2008, 1:01:23 PM9/16/08
to
Mark Culp wrote:

> Possible solutions:

>
> - have web1 service set/return a cookie to the browser;
> turn off authorization to web2 and web3 services;
> change testweb2 and testweb3 procedures to check that a valid
> cookie has been set - if not, return an error message (or nothing)

If it is possible, write please an example of operation with cookie on
the basis of my sql-script.

Mark Culp

unread,
Sep 16, 2008, 4:42:18 PM9/16/08
to
Please refer to the SQLAnywhere samples that you should have in your
installation directory - specifically, look at the HTTP samples:

- cookie.sql contains:
http_cookie() routine that may be used to extract a cookie
from the data that is sent to the server from the browser
set_http_cookie() routine that may be used to set the Set-Cookie
header in the response from the server to the browser
cookie() procedure & 'cookie' web service example that illustrates
how to use the above two routines.

- session.sql contains similar code to cookie but also demostrates how
you would use cookies to use the session capability of the server.

- Mark

Tolik Gusin

unread,
Oct 6, 2008, 10:54:01 AM10/6/08
to
Mark Culp wrote:
>
> You are doing everything correctly, but your browser is not
> handling the situation properly. - My guess is that IE has a race
> condition that is causing it to not record the authorization
> credentials in its cache quickly enough and this is causing the
> second and third (frame) requests to not find the credentials
> and hence causing the error.
>
> Possible solutions:
>
> - have web1 service set/return a cookie to the browser;
> turn off authorization to web2 and web3 services;
> change testweb2 and testweb3 procedures to check that a valid
> cookie has been set - if not, return an error message (or nothing)


According to your advice, before starting to work with "Cookie", i have
changed a way authorisations for web-tools "Web2" and "Web3".

========
CREATE SERVICE "Web2" TYPE 'RAW' AUTHORIZATION OFF USER "UserWeb1" AS
call dba.TestWeb2();
CREATE SERVICE "Web3" TYPE 'RAW' AUTHORIZATION OFF USER "UserWeb1" AS
call dba.TestWeb3();
========
(The complete new SQL-script for check is in the letter end).

That is now at performance of web-services "Web2" and "Web3"
authorisation not
it is necessary also these web-services now are fulfilled from the user
name "UserWeb1".

I start Web a browser (SeaMonkey 1.1.12, IE 6.0 SP2, FireFox 3.0.3) and
in
to address string I type:


http://mysite/Web1
In the appeared window of a login, i enter the user name "UserWeb1" and
its
password "123".

After that in a browser i is displayed html page.

But in upper or in the lower frame, instead of the corresponding

parts html pages, the error "401 Authorization Required" is displayed.
If from this frame in the menu to select the item "Refresh Frame", then
html

the page will be displayed normally.

That is it turns out, what even after i have disabled necessity
authorisations of web-tools "Web2" and "Web3", all the same there is the
same
error.

Question: What do I do incorrectly ?
After all now web-services "Web2" and "Web3" should not demand
authorisation,
and should work simply from the user name "UserWeb1".

P.S. Sybase SA 11.0.0.1264

declare res long varchar;

select res;

END
go

declare res long varchar;

select res;

END
go

declare res long varchar;

select res;

END
go

CREATE USER "UserWeb1" IDENTIFIED BY '123';


GRANT EXECUTE ON "DBA"."TestWeb1" TO "UserWeb1";
GRANT EXECUTE ON "DBA"."TestWeb2" TO "UserWeb1";
GRANT EXECUTE ON "DBA"."TestWeb3" TO "UserWeb1";

CREATE SERVICE "Web1" TYPE 'RAW' AUTHORIZATION ON AS call
dba.TestWeb1();
CREATE SERVICE "Web2" TYPE 'RAW' AUTHORIZATION OFF USER "UserWeb1" AS
call dba.TestWeb2();
CREATE SERVICE "Web3" TYPE 'RAW' AUTHORIZATION OFF USER "UserWeb1" AS
call dba.TestWeb3();

0 new messages