Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Need servlet to add a customer http header then forward page, but header not coming through...

Posted on 2004-08-30
Medium Priority
Last Modified: 2013-11-24
Good afternoon Experts!

I will preface this with the statement that I am NOT a java programming expert, but mostly a front end html/javascript type who is fairly familiar with http so I appologize upfront if I'm a bit airheaded with any response :-).

I have a senario at work where we use a product called Siteminder for our application's authentication. It is configured so we can have a single sign on solution. Siteminder traps the URL of our application and returns an html sign-on page when not authenticated. On submitting the sign-on page it then does the authentication check, and assuming a valid user is found, it converts the input field value into a new http header attribute and *somehow* forwards to the original URL of our app.

We are in the process of having to modify all our application's login servlets to check the request.getHeader("username") instead of the request.getParameter("username"). While a minor change, it's compounded by the fact that the "powers that be" won't allow us developement copies of Siteminder on our desktops. This means we can't test the code til we deploy to our QA area and any new apps we build we have to hard code a username in the absence of getting the username in the http header of the request. I decided to fake Siteminder so I could test this app (and future apps).

The Problem:

I have begun the new fake login page solution. I copied the single sign on html page Siteminder uses and created a custom servlet in a new web application (weblogic 8.1). I added a hidden field on the fake login page called "forwardTo" which is the name of the logon servlet of the real app. So my custom servlet is supposed to mimic Siteminder and forward my login username in an http header to the location i've set with my forwardTo field. So far I have set the new http header with response.setHeader("username", request.getParameter("username")) and tried both a requestDispatcher(request.getParameter("forwardTo")) and response.sendRedirect(request.getParameter("forwardTo")) and neither seems to work. I found a nice piece of code on the net that prints an html page iterating through all the http headers and so far I haven't seen my custom header come through.

The Question:

Do I have a fundemental http/java lapse in understanding or can a forward or redirect keep the custom http header I added? If neither a forward or redirect can keep the custom header, is what i'm trying to do impossible? Doesn't seem impossible because Siteminder does it. I thought this would be a simple thing, create a servlet, grab the request param, add the http header, forward to login page and be done. Don't want to give up, but don't see where to go from here...

Any thoughts, help, code, etc. are greatly appreciated! I think this has turned out to be difficult so i'm giving 250 points. Hopefully you guys find it easy. If more are required please advise and i'll adjust the points if possible...

thanks in advance,

-"Lost in Javaland"
Question by:iammab2u
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 11935416
Could you hardcode the base app url in the servlet and then append the user name?


String urlL   = "/siteminder/blah/blah/blah";

String username = request.getParameter( "username" );

url += "?user=" + username;

response.sendRedirect( url );



Author Comment

ID: 11935544
Unfortunately not. The real Siteminder puts the value of the html text box "username" into the http header variable and then that gets forwarded to our apps. If it was put it on the querystring then we could call our logon servlets and just append the param (http://localhost/myapp?username=joeblow).

Because our new code has to check if there is a header variable called "username" and if it's not there we have to assume someone is trying to gain access to the app inappropriately. In other words, our login servlets MUST have this http header variable and when it's found it has already been authenticated on the corporate LDAP server so we know it's a valid username. We can then use the username to look up the user in the database to see if they are authenticated for our specific application.

My problem is that I can't seem to mimic setting an http header variable in my custom servlet and then forwarding it to the same login servlet that Siteminder would.

Author Comment

ID: 11935683
Thougth this illustration might help...

What Siteminder does:

1) user types url to web app in browser
2) Siteminder captures URL and redirects to a login page.
html login page / textfield with username and password
3) html page submits, siteminder takes username and converts
value into the http header and *redirects* to original url (1 above)
4) web application checks http header for "username" param to get
name of authenticated user. (used to check request.getParameter(),
now use request.getHeader().)

What i'm looking for is a servlet that mimics step 3 by taking the username, adding it to the response header and forwarding to the servlet of my choice (currently a servlet that prints all the http headers it gets). Once I see the header variable come through I can change to the "forwardTo" hidden field which will be the logon servlet of the real application...

hope this helps
Build and deliver software with DevOps

A digital transformation requires faster time to market, shorter software development lifecycles, and the ability to adapt rapidly to changing customer demands. DevOps provides the solution.

LVL 35

Accepted Solution

girionis earned 1000 total points
ID: 11940369
What you are trying to do is certainly doable, at the end of the day we are programmers we can so anythign ;)

>  The real Siteminder puts the value of the html text box "username" into the http header variable and then that gets forwarded to our apps.

Do you know the name of the header that contains the username? If we assume that Siteminder has somehow altered the header of the http-request you can simply do:

String username = request.getHeader("<header name>");
LVL 35

Expert Comment

ID: 11940375
LVL 35

Expert Comment

ID: 11940401
Have also a look here: of how to specify your own headers in the response.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
A solution for Fortify Path Manipulation.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question