mrgordonz
asked on
Insert custom HTTP header variable
Hi Experts,
Quick bit of background info to set the scene:
The product I work with is a J2EE web application, which implements JAAS. This allows customers to write custom login modules if the out-of-the-box modules don't suit. In this case the app server is Websphere 5.1.1.3, and the web server is IBM HTTP Server (ie: Apache).
I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application. TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.
I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test. I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.
I need the PHP page to do a POST to a JSP page called custom_sso.jsp. The JSP custom_sso.jsp includes the following code:
String username = request.getHeader("iv-user ");
which is then passed to the custom login module.
For example, if I browse to http://myserver/testlogin.php, this page would display a single text box and a submit button. I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp. The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.
Cheers,
Paul
PS: The 500 points are for urgency, not difficulty. I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.
Quick bit of background info to set the scene:
The product I work with is a J2EE web application, which implements JAAS. This allows customers to write custom login modules if the out-of-the-box modules don't suit. In this case the app server is Websphere 5.1.1.3, and the web server is IBM HTTP Server (ie: Apache).
I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application. TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.
I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test. I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.
I need the PHP page to do a POST to a JSP page called custom_sso.jsp. The JSP custom_sso.jsp includes the following code:
String username = request.getHeader("iv-user
which is then passed to the custom login module.
For example, if I browse to http://myserver/testlogin.php, this page would display a single text box and a submit button. I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp. The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.
Cheers,
Paul
PS: The 500 points are for urgency, not difficulty. I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.
Why PHP?
In your design, you are in effect writing a proxy - this is not the optimal way.
I have 2 options for you:
1. Get a real proxy client, try paros or burp. Both are java clients that provide http request interception and modification at will. google to find them - both are open source and very easy to use.
2. For test automation, get the wget tool or the curl tool. Both can be repeatedly used to send any http request with any headers you like.
For example, to add your header to a wget request,
wget --header="iv-user: mrgordonz" --post-file=somefile http://myserver/MyApp/custom_sso.jsp
to completely simulate a regular browser, you will also want to add flags for the client, referer etc.
ShalomC
In your design, you are in effect writing a proxy - this is not the optimal way.
I have 2 options for you:
1. Get a real proxy client, try paros or burp. Both are java clients that provide http request interception and modification at will. google to find them - both are open source and very easy to use.
2. For test automation, get the wget tool or the curl tool. Both can be repeatedly used to send any http request with any headers you like.
For example, to add your header to a wget request,
wget --header="iv-user: mrgordonz" --post-file=somefile http://myserver/MyApp/custom_sso.jsp
to completely simulate a regular browser, you will also want to add flags for the client, referer etc.
ShalomC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sammo - unfortunately, using getParameter() is not an option because TAM only uses the http header, so it has to be getHeader().
ShalomC - I'll give the utilities you mentioned a go and see if they do what I need. I assume with wget or curl I will actually see my application load in a browser and the username I specify in iv-user will get procesed by the login module?
ShalomC - I'll give the utilities you mentioned a go and see if they do what I need. I assume with wget or curl I will actually see my application load in a browser and the username I specify in iv-user will get procesed by the login module?
No, wget and curl will give you a text file containing the actual response from the server, and it is up to you to see if the response is OK.
The advantage is that the test is easily scriptable and repeatable.
If you want to see the result in a browser, use paros or burp.
ShalomC
The advantage is that the test is easily scriptable and repeatable.
If you want to see the result in a browser, use paros or burp.
ShalomC
ASKER
Sammo - even though I still need to provide a solution which involves getHeader(), your suggestion gave me an idea that enabled me to at least test the login module end to end.
hi mrgordonz,
Did u get any solution to this problem?
i'm aslo facing similar situation, if u got the solution, please let me know.
i can give u more than 500 points.
please reply to below ID,
srikanthbdvt@gmail.com
Did u get any solution to this problem?
i'm aslo facing similar situation, if u got the solution, please let me know.
i can give u more than 500 points.
please reply to below ID,
srikanthbdvt@gmail.com
http://jibbering.com/2002/4/httprequest.html
http://weblogs.asp.net/mschwarz/archive/2003/03/30/4480.aspx
http://www.codeproject.com/soap/ConsumWebServicefromASP.asp