wood burning stoves 2.0*
The moose likes Servlets and the fly likes HTTPAuthentication SSO Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "HTTPAuthentication SSO" Watch "HTTPAuthentication SSO" New topic
Author

HTTPAuthentication SSO

angela gianni
Greenhorn

Joined: Dec 12, 2002
Posts: 2
I am writing a jsp to perform single signon to an application that uses Basic Authentication. This 3rd party application is running on a different server .I have stored the usernames and passwords for this app in an external LDAP server. So, I can retrieve them, encode them in Base64 and send the header via a URL Connection. Here's my code:
URL url = new URL("http://some.external.server/loginpage");
URLConnection conn = url.openConnection();
conn.setDoInput (true);

conn.setRequestProperty ("Authorization",userNamePasswordBase64(uname,pword));

conn.connect ();
System.out.println(conn.toString());
for (int i=0;i<10;i++)
System.out.println(conn.getHeaderField(i));
try {
BufferedReader in = new BufferedReader(
conn.getInputStream());
String line;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
}
catch (IOException e) {
e.printStackTrace();
}
The bean is able to login to the application, and it is returning the page that I am suppose to see as if I log in directly thru the URL.

1. The returned page has images, files, jsp:forward and URL links that is relative to the server I am connecting to. But, the client is actually connected to my servlet on my machine. So, all the links are broken and I can't get the content. Can I do a sendRedirect() on the response and yet still authenticated to the server? Is there any possibility to do that?
Please help. Thanks.
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Originally posted by angela gianni:
... The returned page has images, files, jsp:forward and URL links that is relative to the server I am connecting to. But, the client is actually connected to my servlet on my machine. So, all the links are broken and I can't get the content. Can I do a sendRedirect() on the response and yet still authenticated to the server? Is there any possibility to do that?
Please help. Thanks.

Hi,
there is no "obvious" solution, but you might want to try the following:
1) We assume, that what you retrieve is well formed html (I didn't get the jsp: forward - it should be resolved on the original server???).
2) Get a copy of htmltidy (the javalib)
3) convert what you got from the original server from html into xhtml (this is what tidy will do for you)
4) Feed that xhtml into an XMLParser (make your pick: DOM/SAX). The parser nicely traverses all href and src for you
5) Put a little logic there: keep complete references (http://... unless they point to the original server?), ammend the relative references to make them complete -- or load that resource onto your server dynamically. (That looks much like code for a proxy then).
Hope that helps!
angela gianni
Greenhorn

Joined: Dec 12, 2002
Posts: 2
Hi,
thank you for your response. I have to do the process dinamically when I call the application.
Do you have any source code that could me help to understand better the procces?
I have found as HTMLtidy the jTidy program. Do you know one other library?
But, is it not possible to send the Authorization header into the sendredirect or something like that?
Thank you,
Angela.
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Originally posted by angela gianni:
...I have found as HTMLtidy the jTidy program...

Hi Angela,
jTidy is the right lib.
I've only written code for something like that in LotusScript (a IBM Basic Clone), that might not be very helpful...
You might want to look at xml.com or in the XML section here to find samples of XML parsing. The idea is the following: you could use string operations to find references --- but then you have to deal with a huge bunch of exceptions, specialties etc. Instead of that you get a form of html (xhtml) that can be parsed by an XML parser. (A good idea is to play with the win32 commandline or gui version of html tidy a bit, also get an XML editor -free XML Notepad would do - to see the effect of the xhtml transition. You will see that the html most probably will not be displayed in the xml editor, the xhtml will.
While parsing you can inspect the node types, once you encounter the type attribute/src or attribute href you need to inspect the content. You even do not need to bother in what tag src/href is encoded....
Hope that helps!
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: HTTPAuthentication SSO
 
Similar Threads
"MISSING BYTE ORDER MARK" exception during receiving messege through socket
calling a page on a differnet web server
Entering many records..Need help!
Performance Issue: HttpURLConnection
Search Problem