I need to set a custom header within my JSP based on value I retrieve from a cookie. This cookie is set by a Single Sign On (SSO) service but all it does is set a cookie once the user is authenticated and then it redirects back to a JSP (mine) or whatever URL I supply. It doesn't set anything in the HTTP HEADER so I have to do this somehow. It must be the the HEADER because that is the only way for the Trusted Authentication Service (TAS) URL that handles login to retrieve this value.
I thought I could simply use the response.setHeader method within my JSP and then redirect to the necessary URL for login. I thought this would mean that this custom header would now be part of the REQUEST. It sounds like this can't be done however. I've been told that I could create a Filter that wraps the HttpServletRequest in my own subclass of HttpServletRequestWrapper. Override the getHeader() method to return my custom header, or return the regular header. I really don't know what this means or how I can do this from my JSP.
Yes, I only have a modest understanding of filters. If however the filter is added to the deployment descriptor (web.xml), then its invoked based on a url pattern. Let's say I add my jsp to the url pattern so it gets invoked when someone hits my JSP, I'm not sure of the flow based on what I'm trying to do.
Part of the problem with this approach is that my JSP must be accessed because if the cookie isn't present, then I redirect to the SSO app. If a filter intercepts, then I can never redirect to SSO to have the cookie set once the user is authenticated.
Let's say that I create a second JSP that the filter will intercept based on the web.xml. Basically, I could do the following:
1) My globallogin.jsp (users go here first) will check for a cookie. If it is not present, JSP will redirect to SSO app. *This is already working
2) SSO app will redirect back to globallogin.jsp - *This time cookie is present
3) My globallogin.jsp does a check for the cookie. If it is present, it will forward to myfilter.jsp.
4) myfilter.jsp is intercepted by RewriteRequestHeaderFilter servlet filter based on web.xml
5) RewriteRequestHeaderFilter will read cookies and set value of cookie to a custom header in the getHeader method
6) RewriteRequestHeaderFilter will "forward" to TAS URL login with the appropriate custom header
I am going to try to implement this now.
Your statement that attributes aren't headers is confusing. Can I or can I not set a Header? The TAS method that handles authentication is below and it must have a header. This getUserName() method is called first and it must find a username value in the REQUEST object.
Do you think this will work or does the Request Header have to be set by the web server?
Here is the method that is called when the TAS login URL is requested. userNameHeader is a system property that I can set.
public String getUserName(HttpServletRequest request)
String userName = request.getHeader(userNameHeader);
if(userName == null)
userName = request.getRemoteUser();
LOG.debug("Getting " + userName + " from the request");