File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes How to set custom HTTP header for single sign on Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to set custom HTTP header for single sign on" Watch "How to set custom HTTP header for single sign on" New topic
Author

How to set custom HTTP header for single sign on

sharon yang
Greenhorn

Joined: May 19, 2009
Posts: 9
Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.

It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.

I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.

My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?

Thanks in advance for your help.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29261
    
140

Sharon,
Welcome to JavaRanch!

You set the header in your servlet:
response.setHeader(name, value)

Base 64 is an encoding. You have to call an API to do it before setting the value in the header.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39551
    
  27
The header name would be "Authorization", and its value

"Basic " + Base64Coder.encode(username + ":" + password)

The Base64Coder class can be found here.


Ping & DNS - updated with new look and Ping home screen widget
sharon yang
Greenhorn

Joined: May 19, 2009
Posts: 9
Thank you for your replies.

I tried to set the header in the response object like you said in my servlet, but I was not able to get the header value from the jsp page (I created a jsp page to test). it is "null". by the way, I used redirect to the jsp page.

i did something like the following in my jsp page to see the result:
<%
System.out.println("test " + request.getHeader("Authorization"));
%>

any idea?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39551
    
  27
"Authorization" is a request header, not a response header. Maybe we're misunderstanding what exactly you're tying to do.

In any case, response header have no relationship to request headers of any subsequent requests (unless the client explicitly sets them, which a web browser wouldn't).
sharon yang
Greenhorn

Joined: May 19, 2009
Posts: 9
I couldn't find a API to set the request header. It seems like i am not able to set a custom header in request object.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18141
    
    8

You're doing this in a JSP? Well, don't look at the request headers for the JSP. They aren't anything to do with it.

You have to create an HTTP request which you send to etran. You set the headers on that request. This request isn't the one which came from your JSP's client, it's a new request which you have to create and send. I would recommend that you use Apache's HttpClient code to do that, rather than trying to create a java.net.HttpURLConnection object yourself.
sharon yang
Greenhorn

Joined: May 19, 2009
Posts: 9
Thanks Paul.

I set the request header in servlet, and I want to test if I can get the http header in jsp. is it correct? If not, how can I test if the header is correctly set?

yes right now I am trying to do your approach too. I am using HttpURLConnection object. Why do you suggest to use Apache's HttpClient?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18141
    
    8

I definitely agree with Ulf, we don't know what you are trying to do.

If you have to generate your own request to etran, then you'll need to... generate a request. You can't use a request that was sent to your application. But it isn't clear that you have to do that. You have something about a link to etran in your original description.
sharon yang
Greenhorn

Joined: May 19, 2009
Posts: 9
sorry if I confused you.

the jsp page is only for testing purpose. I assume etran uses jsp/asp to handle/parse the request header. I just want to make sure that I pass the http header correctly. Once I am able to determine the header is correctly set, I will replace the name of my jsp to the login page of etran.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to set custom HTTP header for single sign on
 
Similar Threads
How do I add a list of groups to principal
How to set custom HTTP header for single sign on
JAAS Single sign On
how to implement single sign on for applications deployed in sun glass fish server
How to set custom HTTP REQUEST HEADER