We help IT Professionals succeed at work.

HTTP Response from Servlet to Application

I am trying to recreate an active directory authentication servlet. (Through change of company, we didn't get the source code for the servlet. But our apps still look for the servlet for user authentication.) The servlet is called from my application. According to the design doc, "the servlet will return the result as an HTTP response. The response will have up to 3 lines after the HTTP header. 1st line: numeric constant representing a customized return code. 2nd line: return message."  (3rd line is irrelevant). Another design doc refers to the returned data as "Lines Displayed by Servlet": Line 1 = Return code, Line 2 = Return message. "Value of Displayed Lines": Line 1= 0, Line 2 = Authentication Successful.

One of my apps is in Cold Fusion. Here is how it wants to see the servlet response:
<cftry>
      <cf_authenticate_admin userID="#userID#" userPassword="#userPassword#">
      <!--- Custom tag sets CALLER scope variables below --->
      <cfset returnCode=codeValue>
      <cfset returnMessage=messageValue>
      <cfif returnCode eq 13>
            <cfset isAdminAuthenticated=True>
        <cfelse>
           <cfset isAdminAuthenticated=False>
      </cfif>
      <cfcatch type="any">
            <cfoutput>#CFCATCH.message#</cfoutput>
      </cfcatch>
</cftry>

Can someone please help me match these two up? I have a servlet that performs the authentication, but can't figure out how to get my response in the right format. If someone could help wtih an example response, it would sure bail me out. Thank you!!!
Comment
Watch Question

Your CFML code calls a custom tag, cf_authenticate_admin.  You might want to take a look at that too (the file will be called authenticate_admin.cfm and will either be in the same folder as this file, or in your custom tags folder as specified in CF Administrator).  

Author

Commented:
Yes, the authenticate_admin code just has the links for the different environments, as follows:

<cfif application.hostEnv IS "PROD">
<cfhttp url="mySevletLink" method="POST">
      <cfhttpparam name="UID" value="#userID#" type="FORMFIELD">
      <cfhttpparam name="password" value="#userPassword#" type="FORMFIELD">
      <cfhttpparam name="group" value="myGroupName" type="FORMFIELD">
</cfhttp>

HOWEVER, I notice at the bottom these two lines. Maybe this is a clue to what the app is expecting from the servlet?

<cfset CALLER.codeValue=#listFirst(cfhttp.filecontent,"#chr(10)#")#>
<cfset CALLER.messageValue=#listLast(cfhttp.filecontent,"#chr(10)#")#>

Maybe I'm supposed to send a text file, with code/message pairs in it? How would I do that?
Well looking at your CFML, it's basically expecting a response that consists of 2 or more lines, delimited with character 10 (newline).  The first line will contain the codeValue.  The last line will contain the messageValue.  

From what you've shown us, the only other thing I can say is that if codeValue = 13 then you're authenticated.  

So I'd expect to see something like this for a successful authentication:

13
Authentication  Successful

99
Authentication Failed

Obviously your servlet might give several response types, depending on your requirements.  I can't tell you much about how to write the servlet, but I can advise on any ColdFusion parts.

Author

Commented:
OK, so I'm definitely looking for a text file response. But where I'm getting hung up is on the method of data transfer. From the Cold Fusion code, it looks like it's an http file of some sort, so it doesn't "reside" anywhere, I just send it.

Does anyone know how to send an http file from a servlet to an application?
Most Valuable Expert 2015
Commented:
> OK, so I'm definitely looking for a text file response.

No.  The response is literally just text generated by the servlet.  It receives the FORM variables sent (UID, password, etc...)  and returns some "content" (just like an html or cfm page). There's no file required. The server writes content directly to the response stream. That stream is then read by the client (ie cfhttp, a browser, etc...).  

Unless there are other requirements, it doesn't even have to be a servlet. A CFM page could generate the same type of response.  It needs work, but here's a really rough example:

<!---- test page. try it with UID="" to generate an error --->
<cfhttp url="http://127.0.0.1/SimulateServlet.cfm" method="POST">
      <cfhttpparam name="UID" value="123" type="FORMFIELD">
      <cfhttpparam name="password" value="secret" type="FORMFIELD">
      <cfhttpparam name="group" value="myGroupName" type="FORMFIELD">
</cfhttp>
<cfset codeValue      = listFirst(cfhttp.filecontent, chr(10))>
<cfset messageValue      = listLast(cfhttp.filecontent, chr(10))>
<cfdump var="#variables#">


<!---- SimulateServlet.cfm --->
<cfsetting enablecfoutputonly="true">
<cfparam name="FORM.UID"               default="">
<cfparam name="FORM.password"   default="">
<cfparam name="FORM.group"         default="">

<!--- Obviously the real code would do more than just verify *some* value was passed --->
<cfif len(trim(FORM.UID))>
      <cfoutput>13#chr(10)#Authentication Successful for UID= #FORM.UID#</cfoutput>
<cfelse>
      <cfoutput>-1#chr(10)#Error. Missing or invalid FORM.UID</cfoutput>
</cfif>
</cfsetting>




Author

Commented:
Thanks, you have helped me get a little further down the path. I am going to repost the question as a servlet- only question, to try to get specific coding advice. The function has to be a servlet, because there are several apps in different languages to which it needs to respond.
Most Valuable Expert 2015

Commented:
You're welcome. BTW I posted a small translation on the other thread.  Please _don't_ feel obligated to accept it!  I just thought it'd be helpful to look at the same example in CF and java form  ;-)

Author

Commented:
duncancumming,  Thanks for your help on this, and I'm sorry I didn't assign you points! I got in a hurry and didn't realize that I was dealing with 2 different people on here. I do appreciate your help and I have learned to be more careful when closing things out.
Most Valuable Expert 2015

Commented:
@oneDayAtaTime - My bad as well. I didn't notice it wasn't some sort of split.  If you want to reopen it, so you can reallocate points, it's fine with me.  Just use the "Request Attention" link in the original question.

Author

Commented:
aqx - thanks, I didn't realize I could reopen. I have requested to reopen so I can send some points toward duncancumming.