F OAA Banner Information JSP Page Template
Following is the
oaabannerinfotemplate.jsp
template file
that must be created as a part of OAA Error Analyzer
plugin.<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page session="false"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ include file="locale-ctx.jsp" %> <!-- The purpose of this page template is to demonstrate reading of MFA Error Codes and display the appropriate banner message it for the user to progress, if allowed by the configuration. Note: This is a template and additional check have to be added for security aspects.--> <%! public void jspInit(){ oracle.security.am.pbl.transport.http.proxy.ServletCatalog.registerServlet("/pages/oaabannerinfotemplate.jsp", this); } %> <% //added the change to check if this is a call to load the JSP which is generally done when called from NAP Tunnelling if(request.getParameter("proxyloading") != null ) { String proxyLoad = request.getParameter("proxyloading"); if("true".equalsIgnoreCase(proxyLoad)){ return; } } //Set the Expires and Cache Control Headers response.setHeader("Cache-Control", "no-cache, no-store"); response.setHeader("Pragma", "no-cache"); response.setHeader("Expires", "0"); response.setContentType("text/html; charset=UTF-8"); String arabicCss =""; %> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" "" ><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>OAA Register or Enable Factor Warning</title> <link rel='stylesheet' href='<%=request.getContextPath()%>/pages/css/login_page<%=arabicCss%>.css'/> <link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/pages/css/general.css" > <!-- Start Disable frame hijacking Script--> <%@ include file="/pages/clickjackingScript.jsp" %> <!-- End Disable frame hijacking Script--> <style> body { background:url(<%=request.getContextPath()%>/pages/images/loginpage_bg.png); background-repeat:repeat-x; background-color:#185E87; } </style> </head> <body> <div Style="position:absolute; visibility:show; left:0px; top:0px;z-index:1"> <img src="<%=request.getContextPath()%>/pages/images/login_logo.png" /> </div> <div Style="position:relative; visibility:show; left:0px; top:0px;z-index:1"> <% //request_id, p_error_code and OAM_REQ need to be checked for XSS and CSS type of attacks. String reqId = request.getParameter("request_id"); if( reqId == null && request.getAttribute("request_id") != null ) { reqId = (String)request.getAttribute("request_id"); } String bannerMessage = "Error: Invalid factor registration."; String errCode = request.getParameter("p_error_code"); String reqToken = request.getParameter("OAM_REQ"); %> <div id="top"> <div id="login-header"> </div> <div id="content"> <div id="login"> <div id="title">Warning: OAA Register or Enable Factor</div> <!--Please update action to point to OAM server auth_cred_submit end-point.--> <div id="login-form"> <form id="loginData" action="http://idmpe0062.idm.idmociclou1iad.oraclevcn.com:14100/oam/server/auth_cred_submit" method="post" name="loginData"> <% if(errCode != null && errCode.length() > 0) { try { if(errCode.equalsIgnoreCase("OAA-1")) { //Provide localized message for factor registration bannerMessage = "Please register factor to access the resource."; } else if(errCode.equalsIgnoreCase("OAA-2")) { //Provide localized message for enabling factor bannerMessage = "Please enable factor to access the resource."; } } catch(Exception e) { //Provide localized message for authentication failure bannerMessage = "Authentication failed."; } %> <div class="message-row"> <noscript><p class="loginFailed">JavaScript is required. Enable JavaScript to use warning page.</p></noscript> <p class="loginFailed"> <%=bannerMessage%> </p> </div> <% } %> <table width="290" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td class="lefttop"></td> <td class="topmiddle" width="100%" height="12"></td> <td class="righttop"></td> </tr> <tr> <td class="leftmiddle"></td> <td class="boxcontent" width="100"> <table width="100%" cellpadding="0" cellspacing="0"> <tbody> </tr> </tbody> </tbody> </table> </table> <input type="hidden" name="<%="request_id"%>" value="<%=reqId%>"></input> <% if(reqToken != null && reqToken.length() > 0) { %> <input type="hidden" name="<%="OAM_REQ"%>" value="<%=reqToken%>"></input> <% } %> <div class="button-row"> <span class="ctrl"> <input type="submit" value="OK" class="formButton" onclick="this.disabled=true;document.body.style.cursor = 'wait'; form.WARNING_DISPLAYED.value='Confirm'; this.className='formButton-disabled';form.submit();return false;"/> <input type="hidden" name="WARNING_DISPLAYED" value="OK"/> </span> </div> </form> </div> </div> </div> </div> </div> <div class="login-footer-version"> <div class="info"> <% //Provide footer version as necessary String footerVersion = ""; //Provide copyRightNotice as necessary String copyRightNotice = ""; //Provide trademark as necessary String trademark = ""; %> <p id="footerVersion"><%=footerVersion%></p> <p id="copyright"><%=copyRightNotice%></p> <p id="trademark"><%=trademark%></p> </div> </div> </body> </html>