aspose file tools*
The moose likes Servlets and the fly likes Passing username from Java Application using httpHeader to OBIEE server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Passing username from Java Application using httpHeader to OBIEE server" Watch "Passing username from Java Application using httpHeader to OBIEE server" New topic
Author

Passing username from Java Application using httpHeader to OBIEE server

Shyam Lingaraju
Greenhorn

Joined: Feb 14, 2011
Posts: 3
Hi All,

We have requirement to pass the user name from java application to OBIEE server for authentication.
We are trying to pass user name using below code.

response.setHeader("REMOTE_USER", userId);
response.sendRedirect(URL);

But the OBIEE which is installed in another machine is not able to get the this user name.
Is this the correct way to set the httpHeader to response object?

Regards
Shyam


amit punekar
Ranch Hand

Joined: May 14, 2004
Posts: 511
Hello,
I do not think this will work because,
You set the response header and redirect the response. This response header is part of the request that you initiated and it will not flow to the redirected URL. Redirect is entirely a new request from browser. (In your case OBIEE).

If you want to communicate with your server using HTTP Protocol, then you can use Apache HTTPClient. This is only about communication. We have not understood what you are trying to achieve by sending the username to another server.

regds,
amit
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41508
    
  53
Indeed, response headers will not be part of the subsequent redirect request. You could pass it along as an URL parameter, though.


Ping & DNS - my free Android networking tools app
Shyam Lingaraju
Greenhorn

Joined: Feb 14, 2011
Posts: 3
Thank you for your response.
Currently we are using the URL parameters to pass the user information to OBIEE, But it is not secure authentication process and wanted to change the same by using the httpHeader.

Actually we are implementing the Sigle Sign On(SSO), between OTM(Java Application) and OBIEE. Hence once user logged in into OTM will not have to login again when he access any OBIEE links and the user name has to pass to OBIEE for authentication using httpHeader.

Regards
Shyam

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41508
    
  53
Currently we are using the URL parameters to pass the user information to OBIEE, But it is not secure authentication process and wanted to change the same by using the httpHeader.

What kind of attack are you trying to guard against where information passed in an HTTP header would be more secure than information passed in the URL? That sounds implausible, especially as the user name should not be in need of hiding to begin with.

Actually we are implementing the Sigle Sign On(SSO), between OTM(Java Application) and OBIEE. Hence once user logged in into OTM will not have to login again when he access any OBIEE links and the user name has to pass to OBIEE for authentication using httpHeader.

As explained, HTTP headers are not going to work. Doesn't the SSO software provide some kind of token or ID upon login into the first app that could then be passed to other apps subsequently?
amit punekar
Ranch Hand

Joined: May 14, 2004
Posts: 511
Hi,
Okay now understood your scenario. So you want to use this for SSO purpose.
The SSO solutions generally use cookies for the passing the identity of the user between different systems. For that you need to setup something like domains and sub-domains. Here is one blog post that will help you understand how to use cookies for the SSO.

May be you can use cookie based approach in your case.
1) Set cookies in parent domain using the response. Instead of setting response header in your case.
2) when you redirect the user to the URL in response.sendRedirect() make sure it's part of the sub-domain so that your cookies get pushed along with the new request to OBIEE server.

regds,
amit
Shyam Lingaraju
Greenhorn

Joined: Feb 14, 2011
Posts: 3
Hi Amit,

Thank you. Yes this is my scenario.
As the httpHeader will not solve my purpose now i am switching into cookies.
I had tried cookies but still my cookies are not getting registered.

Here is my scenario
----------------------
I have java application running on tomcat(http://localhost:90), Once i enter the user id and password in this application, using another link in the same application i need to launch OBIEE which is there in another machine(http://<machine-name>:9704/analytics/saw.dll?Dashboard).

I am creating cookies once i login in into the java application like below.

Cookie remoteUserCookie = new Cookie("REMOTE_USER",userId);
try {

remoteUserCookie.setDomain(Domain);
remoteUserCookie.setPath(path);

}catch(NullPointerException npe){
//Don't do anything
}

response.addCookie(remoteUserCookie);

But i was unable to get these cookie at OBIEE server.
I didn't under stand the concept of domain and subdomain.
What should i need to mention in domain, Subdomain and path.

To test the application whether the cookie has set correcltly, I had written the sample servlet to get the cookies.

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class CookieTest extends HttpServlet {

public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();

// Get the current session ID by searching the received cookies.
String cookieid = null;
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("REMOTE_USER")) {
cookieid = cookies[i].getValue();
break;
}
}
}
System.out.println("Cookie Id--"+cookieid);

// If the session ID wasn't sent, generate one.
// Then be sure to send it to the client with the response.

}

}

But i was unable to get the cookie i had set.

Can anybody please help me on this.

Regards
Shyam
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Passing username from Java Application using httpHeader to OBIEE server