Solved

How to set header in JSP

Posted on 2009-04-06
9
11,416 Views
Last Modified: 2012-06-27
I have to set a value in the http header and I know how to do this in a servlet but I'm not sure how to do so in a JSP.   I am basically trying to implement Single Sign On within a product called Vignette.  I control what is passed to the Vignette proxy server (TAS) URL.  I have attached the TAS class that handles authentication into Vignette.  It is called HttpUserNameCallback.  Save the file as .java   Please just refer to the  getUserName() method in this class as it is called first.  I tried to post the variable sm_user within a form post in JSP (below).    This does not work.  I've been instructed that sm_user must be present in the HTTP REQUEST HEADER.    I'm not sure how to do so.  My JSP code is below.   Please help!!! I've been at this for 3 1/2 weeks and I'm finally at the end but need to cross the line here.
<form name="postform" method="post" action="http://q4csp1m3.tdc.cingular.net:8001/AppConsole/">
 
<input type="hidden" value="<%=attVal%>" name="sm_user" />
	<SCRIPT type="text/javascript">
	document.postform.submit();
</SCRIPT>

Open in new window

HttpUserNameCallback.txt
0
Comment
Question by:cmlane08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083323
0
 

Author Comment

by:cmlane08
ID: 24083368
thanks for the response.   I am checking now.
0
 

Author Comment

by:cmlane08
ID: 24083420
I'm not sure how this example is helpful.  I understand what TAS (which interfaces with SiteMinder) is doing in the getUserName method.   My question is how to set a header name of "SM_USER" in the HTTP  REQUEST.     I would like to do so from my JSP but if this isn't possible, I need guidance on how to accomplish this in a Java Servlet that I can call from my JSP.    

I think I can use the response.setHeader("name", "value")

but I'm not sure if this will work.    I'm basically trying to simulate what SiteMinder would do if it was sending a request to TAS (Trusted Authentication Service) but again, I need to do so from a JSP page or a servlet.   My JSP is basically reading a cookie that was set by our SSO (Single Sign On) service.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083428
as far as i am concerned you cannot use "sm_user" header in HttpRequest. sm_user is a predefined header attribute in Siteminder request object and has nothing to do with HttpRequest headers.

You need to achieve this in alternate way like Webservice call....

-Murali*
0
 

Author Comment

by:cmlane08
ID: 24083605
I can call it anything I want.   It doesn't have to be "sm_user".   I was just doing this so I wouldn't have to write a new class that extends the current HttpUserNameCallback class and looks for my attribute name instead of "sm_user".   I can do this however.   It's no big deal.    

The question is whether or not it's possible to set a custom header in a JSP and then forward the Request object to a different page or URL.   I know that the HttpUserNameCallback class will be called when the TAS URL request is made and it's currently looking for a username value (below).   What can I do if I need to send the userName value in a header to the TAS URL?

 public String getUserName(HttpServletRequest request)
        throws RemoteDataException
    {
        if(useIdentifier)
        {
            String identifierHeaderCheck = request.getHeader(identifierHeaderName);
            if(identifierHeaderCheck != null && identifierHeaderCheck.equals(identifierHeaderValue))
                LOG.debug("Identifier passed security check");
            else
                throw new RemoteDataException("user_not_authenticated_error_label", "The user cannot be authenticated");
        }
        String userName = request.getHeader(userNameHeader);
        if(userName == null)
            userName = request.getRemoteUser();
        LOG.debug("Getting " + userName + " from the request");
        return userName;
    }
0
 

Author Comment

by:cmlane08
ID: 24083673
0
 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083756
You cannot add attributes to  the HTTP headers in jsp or servlets. But filters could help to override it.

See this http://www.theserverside.com/discussions/thread.tss?thread_id=41118
0
 

Author Comment

by:cmlane08
ID: 24087211
So let me ensure I understand, within my JSP, I will still retrieve the cookie value I need but I will make a call to a filter class that will allow me to set a custom HTTP Header and then redirect to the TAS URL.  How will I obtain this value?

Please understand the flow.   Our SSO application will only redirect to a JSP page after authenticating a user and setting a cookie.  It will not pass anything or create a header.  It is up to me within the JSP to obtain the value I need from the cookie and then redirect to the TAS URL with the necessary variable in the HTTP REQUEST HEADER.  Since you're saying I can't do this directly within the JSP, it sounds like I need to create a filter class that is called from my JSP and within this class, I need to set a header and then redirect to the TAS URL.  

Does this sound correct?  
0
 

Accepted Solution

by:
cmlane08 earned 0 total points
ID: 24087227
The following reference is essentially what I'm attempting to do:

http://www.coderanch.com/t/366278/Servlets/java/Adding-customized-header-HTTP-request

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question