Solved

How to set header in JSP

Posted on 2009-04-06
9
10,533 Views
Last Modified: 2012-06-27
I have to set a value in the http header and I know how to do this in a servlet but I'm not sure how to do so in a JSP.   I am basically trying to implement Single Sign On within a product called Vignette.  I control what is passed to the Vignette proxy server (TAS) URL.  I have attached the TAS class that handles authentication into Vignette.  It is called HttpUserNameCallback.  Save the file as .java   Please just refer to the  getUserName() method in this class as it is called first.  I tried to post the variable sm_user within a form post in JSP (below).    This does not work.  I've been instructed that sm_user must be present in the HTTP REQUEST HEADER.    I'm not sure how to do so.  My JSP code is below.   Please help!!! I've been at this for 3 1/2 weeks and I'm finally at the end but need to cross the line here.
<form name="postform" method="post" action="http://q4csp1m3.tdc.cingular.net:8001/AppConsole/">

 

<input type="hidden" value="<%=attVal%>" name="sm_user" />

	<SCRIPT type="text/javascript">

	document.postform.submit();

</SCRIPT>

Open in new window

HttpUserNameCallback.txt
0
Comment
Question by:cmlane08
  • 6
  • 3
9 Comments
 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083323
0
 

Author Comment

by:cmlane08
ID: 24083368
thanks for the response.   I am checking now.
0
 

Author Comment

by:cmlane08
ID: 24083420
I'm not sure how this example is helpful.  I understand what TAS (which interfaces with SiteMinder) is doing in the getUserName method.   My question is how to set a header name of "SM_USER" in the HTTP  REQUEST.     I would like to do so from my JSP but if this isn't possible, I need guidance on how to accomplish this in a Java Servlet that I can call from my JSP.    

I think I can use the response.setHeader("name", "value")

but I'm not sure if this will work.    I'm basically trying to simulate what SiteMinder would do if it was sending a request to TAS (Trusted Authentication Service) but again, I need to do so from a JSP page or a servlet.   My JSP is basically reading a cookie that was set by our SSO (Single Sign On) service.
0
 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083428
as far as i am concerned you cannot use "sm_user" header in HttpRequest. sm_user is a predefined header attribute in Siteminder request object and has nothing to do with HttpRequest headers.

You need to achieve this in alternate way like Webservice call....

-Murali*
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:cmlane08
ID: 24083605
I can call it anything I want.   It doesn't have to be "sm_user".   I was just doing this so I wouldn't have to write a new class that extends the current HttpUserNameCallback class and looks for my attribute name instead of "sm_user".   I can do this however.   It's no big deal.    

The question is whether or not it's possible to set a custom header in a JSP and then forward the Request object to a different page or URL.   I know that the HttpUserNameCallback class will be called when the TAS URL request is made and it's currently looking for a username value (below).   What can I do if I need to send the userName value in a header to the TAS URL?

 public String getUserName(HttpServletRequest request)
        throws RemoteDataException
    {
        if(useIdentifier)
        {
            String identifierHeaderCheck = request.getHeader(identifierHeaderName);
            if(identifierHeaderCheck != null && identifierHeaderCheck.equals(identifierHeaderValue))
                LOG.debug("Identifier passed security check");
            else
                throw new RemoteDataException("user_not_authenticated_error_label", "The user cannot be authenticated");
        }
        String userName = request.getHeader(userNameHeader);
        if(userName == null)
            userName = request.getRemoteUser();
        LOG.debug("Getting " + userName + " from the request");
        return userName;
    }
0
 

Author Comment

by:cmlane08
ID: 24083673
0
 
LVL 13

Expert Comment

by:Murali Murugesan
ID: 24083756
You cannot add attributes to  the HTTP headers in jsp or servlets. But filters could help to override it.

See this http://www.theserverside.com/discussions/thread.tss?thread_id=41118
0
 

Author Comment

by:cmlane08
ID: 24087211
So let me ensure I understand, within my JSP, I will still retrieve the cookie value I need but I will make a call to a filter class that will allow me to set a custom HTTP Header and then redirect to the TAS URL.  How will I obtain this value?

Please understand the flow.   Our SSO application will only redirect to a JSP page after authenticating a user and setting a cookie.  It will not pass anything or create a header.  It is up to me within the JSP to obtain the value I need from the cookie and then redirect to the TAS URL with the necessary variable in the HTTP REQUEST HEADER.  Since you're saying I can't do this directly within the JSP, it sounds like I need to create a filter class that is called from my JSP and within this class, I need to set a header and then redirect to the TAS URL.  

Does this sound correct?  
0
 

Accepted Solution

by:
cmlane08 earned 0 total points
ID: 24087227
The following reference is essentially what I'm attempting to do:

http://www.coderanch.com/t/366278/Servlets/java/Adding-customized-header-HTTP-request

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now