Oracle BI has xmlpserver which the administrator is using for configuring the server. To use the xmlpserver services, the administrator have to create a session using createSession function.
I've tried to generate a session several times and I've got the same value in the response. I changed the password and but again I got the same response.
private String createCallerSession(final XDOPrincipal user, final String domain) {
Logger.log("XMLPService.createCallerSession...if here things are looking ok", 1);
final String token = tokenize(domain, user.getName());
final XDOPrincipal principal = TokenHolder.getPrincipal(token);
if (principal == null) {
final XDOPrincipal guser = (XDOPrincipal)GlobalUser.get();
TokenHolder.addPrincipal(token, guser);
}
return token;
}
private static String tokenize(final String domain, final String username) {
final StringBuffer sb = new StringBuffer();
if (domain != null) {
sb.append(domain);
}
sb.append(':').append(username);
final int key = sb.toString().hashCode();
return new Integer(key).toString();
}
WHAT? It seems that the session consists of two public datas (username and server ID). In order to check it I wrote a simple code and here is what I got as a result.