• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

How to set custom HTTP header for single sign on

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.

It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.

I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.

My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?

Thanks in advance for your help.
 
author & internet detective
Posts: 41967
911
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sharon,
Welcome to JavaRanch!

You set the header in your servlet:
response.setHeader(name, value)

Base 64 is an encoding. You have to call an API to do it before setting the value in the header.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The header name would be "Authorization", and its value

"Basic " + Base64Coder.encode(username + ":" + password)

The Base64Coder class can be found here.
 
sharon yang
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your replies.

I tried to set the header in the response object like you said in my servlet, but I was not able to get the header value from the jsp page (I created a jsp page to test). it is "null". by the way, I used redirect to the jsp page.

i did something like the following in my jsp page to see the result:
<%
System.out.println("test " + request.getHeader("Authorization"));
%>

any idea?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Authorization" is a request header, not a response header. Maybe we're misunderstanding what exactly you're tying to do.

In any case, response header have no relationship to request headers of any subsequent requests (unless the client explicitly sets them, which a web browser wouldn't).
 
sharon yang
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I couldn't find a API to set the request header. It seems like i am not able to set a custom header in request object.
 
Marshal
Posts: 28296
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're doing this in a JSP? Well, don't look at the request headers for the JSP. They aren't anything to do with it.

You have to create an HTTP request which you send to etran. You set the headers on that request. This request isn't the one which came from your JSP's client, it's a new request which you have to create and send. I would recommend that you use Apache's HttpClient code to do that, rather than trying to create a java.net.HttpURLConnection object yourself.
 
sharon yang
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Paul.

I set the request header in servlet, and I want to test if I can get the http header in jsp. is it correct? If not, how can I test if the header is correctly set?

yes right now I am trying to do your approach too. I am using HttpURLConnection object. Why do you suggest to use Apache's HttpClient?
 
Paul Clapham
Marshal
Posts: 28296
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I definitely agree with Ulf, we don't know what you are trying to do.

If you have to generate your own request to etran, then you'll need to... generate a request. You can't use a request that was sent to your application. But it isn't clear that you have to do that. You have something about a link to etran in your original description.
 
sharon yang
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sorry if I confused you.

the jsp page is only for testing purpose. I assume etran uses jsp/asp to handle/parse the request header. I just want to make sure that I pass the http header correctly. Once I am able to determine the header is correctly set, I will replace the name of my jsp to the login page of etran.
 
Enjoy the full beauty of the english language. Embedded in this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic