Hi all :
I am using websphere portal server 5.0.0 and use a portlet to implement single sign on when connect to a back end system which works on microsoft iis 5.0 server. The back end system is using a form based log in page so I use HttpFormBasedAuthCredential to log in,after I got a httpUrlconnection to one of it's securitied page ,I want to get session id from the connection which I get set the session id to my current response.I think in this way I can realize the sso.The following is my code,but it's not work,I can get cookies from the connection but not include sesson id after I log in,to my surprise I can get the session id before I log in ! can anyone give me any suggestion ? thanks in advance.
---------------------------------------------------------------------------
HashMap config = new HashMap();
config.put( HttpFormBasedAuthCredential.KEY_USERID_ATTRIBUTE_NAME,sessionBean.getUserParameter());
config.put( HttpFormBasedAuthCredential.KEY_PASSWORD_ATTRIBUTE_NAME,sessionBean.getPwdParameger());
config.put( HttpFormBasedAuthCredential.KEY_LOGIN_URL, sessionBean.getLoginUrl());
config.put( HttpFormBasedAuthCredential.KEY_LOGOUT_URL,sessionBean.getLogoutUrl());
config.put( HttpFormBasedAuthCredential.KEY_USE_AUTH_COOKIES, Boolean.TRUE);
List formData= new ArrayList();
formData.add("login=Login");
config.put( HttpFormBasedAuthCredential.KEY_FORM_DATA, formData);
try {
credential = (HttpFormBasedAuthCredential)
vaultService.getCredential(slotId, "HttpFormBasedAuth", config, request);
} catch (PortletServiceException serviceExc) {
throw(new PortletException("Credential vault error, please contact your admin!", serviceExc));
} catch (CredentialSecretNotSetException userExc) {
throw(new PortletException("Credential not set. Please set it in the edit mode! ", userExc));
}
try {
//use credential object to log in at the backend server
credential.login();
//get an authenticated connection to the backend server and send the actual request
java.net.HttpURLConnection connection = credential.getAuthenticatedConnection(sessionBean.getTargetUrl());
// get cookies from connection
String headerField = null;
String key = null;
String cstr = null;
int i = 0;
// Find the cookies in the headers and store them
// Have to check the field first b/c the HTTP status will have a null
// key - yuck
while((headerField = connection.getHeaderField(i)) != null) {
if ((key = connection.getHeaderFieldKey(i)) != null &&
key.equalsIgnoreCase("Set-Cookie")) {
// Store cookie as a response parameter.
cstr = headerField;
}
i++;
}
/** end of cookie **/
//String cstr = connection.getHeaderField("Set-Cookie");
System.err.println("!!!Cookie -> " + cstr);
---------------------------------------------------------------------------
I use the string Set-Cookie to get the session id, may be it use others,but if I log all the headfield I can't find anyting include the session id.