Good afternoon Experts!
I have a senario at work where we use a product called Siteminder for our application's authentication. It is configured so we can have a single sign on solution. Siteminder traps the URL of our application and returns an html sign-on page when not authenticated. On submitting the sign-on page it then does the authentication check, and assuming a valid user is found, it converts the input field value into a new http header attribute and *somehow* forwards to the original URL of our app.
We are in the process of having to modify all our application's login servlets to check the request.getHeader("username") instead of the request.getParameter("username"). While a minor change, it's compounded by the fact that the "powers that be" won't allow us developement copies of Siteminder on our desktops. This means we can't test the code til we deploy to our QA area and any new apps we build we have to hard code a username in the absence of getting the username in the http header of the request. I decided to fake Siteminder so I could test this app (and future apps).
I have begun the new fake login page solution. I copied the single sign on html page Siteminder uses and created a custom servlet in a new web application (weblogic 8.1). I added a hidden field on the fake login page called "forwardTo" which is the name of the logon servlet of the real app. So my custom servlet is supposed to mimic Siteminder and forward my login username in an http header to the location i've set with my forwardTo field. So far I have set the new http header with response.setHeader("username", request.getParameter("username")) and tried both a requestDispatcher(request.getParameter("forwardTo")) and response.sendRedirect(request.getParameter("forwardTo")) and neither seems to work. I found a nice piece of code on the net that prints an html page iterating through all the http headers and so far I haven't seen my custom header come through.
Do I have a fundemental http/java lapse in understanding or can a forward or redirect keep the custom http header I added? If neither a forward or redirect can keep the custom header, is what i'm trying to do impossible? Doesn't seem impossible because Siteminder does it. I thought this would be a simple thing, create a servlet, grab the request param, add the http header, forward to login page and be done. Don't want to give up, but don't see where to go from here...
Any thoughts, help, code, etc. are greatly appreciated! I think this has turned out to be difficult so i'm giving 250 points. Hopefully you guys find it easy. If more are required please advise and i'll adjust the points if possible...
thanks in advance,
-"Lost in Javaland"