Insert custom HTTP header variable

Posted on 2006-04-17
Last Modified: 2012-08-13
Hi Experts,

Quick bit of background info to set the scene:

The product I work with is a J2EE web application, which implements JAAS.  This allows customers to write custom login modules if the out-of-the-box modules don't suit.  In this case the app server is Websphere, and the web server is IBM HTTP Server (ie: Apache).

I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application.  TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.

I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test.  I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.

I need the PHP page to do a POST to a JSP page called custom_sso.jsp.  The JSP custom_sso.jsp includes the following code:

String username = request.getHeader("iv-user");

which is then passed to the custom login module.

For example, if I browse to http://myserver/testlogin.php, this page would display a single text box and a submit button.  I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp.  The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.



PS: The 500 points are for urgency, not difficulty.  I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.
Question by:mrgordonz
    LVL 5

    Expert Comment

    PHP is do on server. Is not able do anythng on client when after user make entry.  You need do this use javascript for make httpRequest after set custom header.  See if here is answer question:
    LVL 32

    Expert Comment

    Why PHP?
    In your design, you are in effect writing a proxy - this is not the optimal way.
    I have 2 options for you:

    1. Get a real proxy client, try paros or burp. Both are java clients that provide http request interception and modification at will. google to find them - both are open source and very easy to use.

    2. For test automation, get the wget tool or the curl tool. Both can be  repeatedly used to send any http request with any headers you like.

    For example, to add your header to a wget request,

    wget --header="iv-user: mrgordonz"  --post-file=somefile  http://myserver/MyApp/custom_sso.jsp

    to completely simulate a regular browser, you will also want to add flags for the client, referer etc.

    LVL 2

    Accepted Solution

    If you have a HTML form on your PHP page (it doesnt even need to be PHP, just standard HTML) that looks like the following:

    <form method=POST action=http://myserver/MyApp/custom_sso.jsp>
    <input type="text" name="iv-user">
    <input type=submit>

    then on your JSP page instead of:
    String username = request.getHeader("iv-user");

    String username = request.getParameter("iv-user")

    This will read the username value from the posted data.

    Hope this helps!

    Author Comment

    Sammo - unfortunately, using getParameter() is not an option because TAM only uses the http header, so it has to be getHeader().

    ShalomC - I'll give the utilities you mentioned a go and see if they do what I need.  I assume with wget or curl I will actually see my application load in a browser and the username I specify in iv-user will get procesed by the login module?
    LVL 32

    Expert Comment

    No, wget and curl will give you a text file containing the actual response from the server, and it is up to you to see if the response is OK.
    The advantage is that the test is easily scriptable and repeatable.

    If you want to see the result in a browser, use paros or burp.


    Author Comment

    Sammo - even though I still need to provide a solution which involves getHeader(), your suggestion gave me an idea that enabled me to at least test the login module end to end.
    LVL 1

    Expert Comment

    hi mrgordonz,
    Did u get any solution to this problem?
    i'm aslo facing similar situation, if u got the solution, please let me know.
    i can give u more than 500 points.
    please reply to below ID,


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit ( and similar technologies have enjoyed wide adoption, making it possib…
    Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
    This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
    This tutorial walks through the best practices in adding a local business to Google Maps including how to properly search for duplicates, marker placement, and inputing business details. Login to your Google Account, then search for "Google Mapmaker…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now