[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Insert custom HTTP header variable

Posted on 2006-04-17
Medium Priority
Last Modified: 2012-08-13
Hi Experts,

Quick bit of background info to set the scene:

The product I work with is a J2EE web application, which implements JAAS.  This allows customers to write custom login modules if the out-of-the-box modules don't suit.  In this case the app server is Websphere, and the web server is IBM HTTP Server (ie: Apache).

I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application.  TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.

I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test.  I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.

I need the PHP page to do a POST to a JSP page called custom_sso.jsp.  The JSP custom_sso.jsp includes the following code:

String username = request.getHeader("iv-user");

which is then passed to the custom login module.

For example, if I browse to http://myserver/testlogin.php, this page would display a single text box and a submit button.  I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp.  The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.



PS: The 500 points are for urgency, not difficulty.  I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.
Question by:mrgordonz

Expert Comment

ID: 16469702
PHP is do on server. Is not able do anythng on client when after user make entry.  You need do this use javascript for make httpRequest after set custom header.  See if here is answer question:

LVL 33

Expert Comment

ID: 16469730
Why PHP?
In your design, you are in effect writing a proxy - this is not the optimal way.
I have 2 options for you:

1. Get a real proxy client, try paros or burp. Both are java clients that provide http request interception and modification at will. google to find them - both are open source and very easy to use.

2. For test automation, get the wget tool or the curl tool. Both can be  repeatedly used to send any http request with any headers you like.

For example, to add your header to a wget request,

wget --header="iv-user: mrgordonz"  --post-file=somefile  http://myserver/MyApp/custom_sso.jsp

to completely simulate a regular browser, you will also want to add flags for the client, referer etc.


Accepted Solution

Sammo earned 1500 total points
ID: 16469776
If you have a HTML form on your PHP page (it doesnt even need to be PHP, just standard HTML) that looks like the following:

<form method=POST action=http://myserver/MyApp/custom_sso.jsp>
<input type="text" name="iv-user">
<input type=submit>

then on your JSP page instead of:
String username = request.getHeader("iv-user");

String username = request.getParameter("iv-user")

This will read the username value from the posted data.

Hope this helps!
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 16472200
Sammo - unfortunately, using getParameter() is not an option because TAM only uses the http header, so it has to be getHeader().

ShalomC - I'll give the utilities you mentioned a go and see if they do what I need.  I assume with wget or curl I will actually see my application load in a browser and the username I specify in iv-user will get procesed by the login module?
LVL 33

Expert Comment

ID: 16472872
No, wget and curl will give you a text file containing the actual response from the server, and it is up to you to see if the response is OK.
The advantage is that the test is easily scriptable and repeatable.

If you want to see the result in a browser, use paros or burp.


Author Comment

ID: 16496523
Sammo - even though I still need to provide a solution which involves getHeader(), your suggestion gave me an idea that enabled me to at least test the login module end to end.

Expert Comment

ID: 21630501
hi mrgordonz,
Did u get any solution to this problem?
i'm aslo facing similar situation, if u got the solution, please let me know.
i can give u more than 500 points.
please reply to below ID,


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question