Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to set header in JSP

Posted on 2009-04-06
Medium Priority
Last Modified: 2012-06-27
I have to set a value in the http header and I know how to do this in a servlet but I'm not sure how to do so in a JSP.   I am basically trying to implement Single Sign On within a product called Vignette.  I control what is passed to the Vignette proxy server (TAS) URL.  I have attached the TAS class that handles authentication into Vignette.  It is called HttpUserNameCallback.  Save the file as .java   Please just refer to the  getUserName() method in this class as it is called first.  I tried to post the variable sm_user within a form post in JSP (below).    This does not work.  I've been instructed that sm_user must be present in the HTTP REQUEST HEADER.    I'm not sure how to do so.  My JSP code is below.   Please help!!! I've been at this for 3 1/2 weeks and I'm finally at the end but need to cross the line here.
<form name="postform" method="post" action="">
<input type="hidden" value="<%=attVal%>" name="sm_user" />
	<SCRIPT type="text/javascript">

Open in new window

Question by:cmlane08
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083323

Author Comment

ID: 24083368
thanks for the response.   I am checking now.

Author Comment

ID: 24083420
I'm not sure how this example is helpful.  I understand what TAS (which interfaces with SiteMinder) is doing in the getUserName method.   My question is how to set a header name of "SM_USER" in the HTTP  REQUEST.     I would like to do so from my JSP but if this isn't possible, I need guidance on how to accomplish this in a Java Servlet that I can call from my JSP.    

I think I can use the response.setHeader("name", "value")

but I'm not sure if this will work.    I'm basically trying to simulate what SiteMinder would do if it was sending a request to TAS (Trusted Authentication Service) but again, I need to do so from a JSP page or a servlet.   My JSP is basically reading a cookie that was set by our SSO (Single Sign On) service.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083428
as far as i am concerned you cannot use "sm_user" header in HttpRequest. sm_user is a predefined header attribute in Siteminder request object and has nothing to do with HttpRequest headers.

You need to achieve this in alternate way like Webservice call....


Author Comment

ID: 24083605
I can call it anything I want.   It doesn't have to be "sm_user".   I was just doing this so I wouldn't have to write a new class that extends the current HttpUserNameCallback class and looks for my attribute name instead of "sm_user".   I can do this however.   It's no big deal.    

The question is whether or not it's possible to set a custom header in a JSP and then forward the Request object to a different page or URL.   I know that the HttpUserNameCallback class will be called when the TAS URL request is made and it's currently looking for a username value (below).   What can I do if I need to send the userName value in a header to the TAS URL?

 public String getUserName(HttpServletRequest request)
        throws RemoteDataException
            String identifierHeaderCheck = request.getHeader(identifierHeaderName);
            if(identifierHeaderCheck != null && identifierHeaderCheck.equals(identifierHeaderValue))
                LOG.debug("Identifier passed security check");
                throw new RemoteDataException("user_not_authenticated_error_label", "The user cannot be authenticated");
        String userName = request.getHeader(userNameHeader);
        if(userName == null)
            userName = request.getRemoteUser();
        LOG.debug("Getting " + userName + " from the request");
        return userName;

Author Comment

ID: 24083673
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083756
You cannot add attributes to  the HTTP headers in jsp or servlets. But filters could help to override it.

See this

Author Comment

ID: 24087211
So let me ensure I understand, within my JSP, I will still retrieve the cookie value I need but I will make a call to a filter class that will allow me to set a custom HTTP Header and then redirect to the TAS URL.  How will I obtain this value?

Please understand the flow.   Our SSO application will only redirect to a JSP page after authenticating a user and setting a cookie.  It will not pass anything or create a header.  It is up to me within the JSP to obtain the value I need from the cookie and then redirect to the TAS URL with the necessary variable in the HTTP REQUEST HEADER.  Since you're saying I can't do this directly within the JSP, it sounds like I need to create a filter class that is called from my JSP and within this class, I need to set a header and then redirect to the TAS URL.  

Does this sound correct?  

Accepted Solution

cmlane08 earned 0 total points
ID: 24087227
The following reference is essentially what I'm attempting to do:


Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question