Insert custom HTTP header variable

Hi Experts,

Quick bit of background info to set the scene:

The product I work with is a J2EE web application, which implements JAAS.  This allows customers to write custom login modules if the out-of-the-box modules don't suit.  In this case the app server is Websphere, and the web server is IBM HTTP Server (ie: Apache).

I have written a custom login module for a customer which implements Single Sign-On (SSO) in a specific way - the user logs in to the corporate portal via TAM (Tivoli Access Manager), and from the corporate portal the user clicks a link to our application.  TAM inserts a custom variable ("iv-user") into the HTTP header of the request, and my login module reads the value of the variable and checks to see if that username is a valid user in our application.

I am pretty sure the login module itself is OK, but I need to do a complete end-to-end test.  I would like to set up a little PHP page (or something similar) which I can use to submit a request for my application and which will insert the custom header variable.

I need the PHP page to do a POST to a JSP page called custom_sso.jsp.  The JSP custom_sso.jsp includes the following code:

String username = request.getHeader("iv-user");

which is then passed to the custom login module.

For example, if I browse to http://myserver/testlogin.php, this page would display a single text box and a submit button.  I enter a username and click Submit, which performs a POST to http://myserver/MyApp/custom_sso.jsp.  The PHP page needs to insert a custom HTTP header called "iv-user" (without quotes), and the value of that variable is the username I typed in.



PS: The 500 points are for urgency, not difficulty.  I suspect the solution is pretty simple (for those who know PHP), but I need a solution real quick.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PHP is do on server. Is not able do anythng on client when after user make entry.  You need do this use javascript for make httpRequest after set custom header.  See if here is answer question:
Shalom CarmelCTOCommented:
Why PHP?
In your design, you are in effect writing a proxy - this is not the optimal way.
I have 2 options for you:

1. Get a real proxy client, try paros or burp. Both are java clients that provide http request interception and modification at will. google to find them - both are open source and very easy to use.

2. For test automation, get the wget tool or the curl tool. Both can be  repeatedly used to send any http request with any headers you like.

For example, to add your header to a wget request,

wget --header="iv-user: mrgordonz"  --post-file=somefile  http://myserver/MyApp/custom_sso.jsp

to completely simulate a regular browser, you will also want to add flags for the client, referer etc.

If you have a HTML form on your PHP page (it doesnt even need to be PHP, just standard HTML) that looks like the following:

<form method=POST action=http://myserver/MyApp/custom_sso.jsp>
<input type="text" name="iv-user">
<input type=submit>

then on your JSP page instead of:
String username = request.getHeader("iv-user");

String username = request.getParameter("iv-user")

This will read the username value from the posted data.

Hope this helps!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

mrgordonzAuthor Commented:
Sammo - unfortunately, using getParameter() is not an option because TAM only uses the http header, so it has to be getHeader().

ShalomC - I'll give the utilities you mentioned a go and see if they do what I need.  I assume with wget or curl I will actually see my application load in a browser and the username I specify in iv-user will get procesed by the login module?
Shalom CarmelCTOCommented:
No, wget and curl will give you a text file containing the actual response from the server, and it is up to you to see if the response is OK.
The advantage is that the test is easily scriptable and repeatable.

If you want to see the result in a browser, use paros or burp.

mrgordonzAuthor Commented:
Sammo - even though I still need to provide a solution which involves getHeader(), your suggestion gave me an idea that enabled me to at least test the login module end to end.
hi mrgordonz,
Did u get any solution to this problem?
i'm aslo facing similar situation, if u got the solution, please let me know.
i can give u more than 500 points.
please reply to below ID,

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.