Pass Username and Password from JSF or JSP to Oracle Reports

Question

I would like to know is there any way using JSF, JSTL or JSP to pass userid and password to another applications without being not visible when user sees the hardcoded value in view source in browser?

Ideally I would want to call Oracle report from either JSF or JSP page, so how can I pass the username and password by not adding in hidden fields or in inputfields, so that when user looks view source in browser he/she should not be able to see the authentication details.

I can add something like

Map map = new HashMap();
map.put("username", "SMITH");
map.put("password", "SMT");
FacesContext.getCurrentInstance().getExternalContext().getSessionMap()
        .put("reportParams", map);
ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
ec.redirect("http://server:8889/reports/rwservlet");

but not sure how can I pass the map with the url or how to call this using JSTL or in JSF page. Even if I pass as parameter, user will be able to see the parameter values perhaps.

Any help is highly appreciable.

Thanks

Answer 1

In Oracle Report server authentication details can be provided in cgicmd.dat file in the following manner

myconn:    userid=scott/tiger@DB report=myreport.jsp %*

and use myconn while passing parameter from JSF or JSP to Oracle report. In this way hard coding of username or password can be avoided.