• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to set custom HTTP REQUEST HEADER

 
Charisse Lane
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to set a custom header within my JSP based on value I retrieve from a cookie. This cookie is set by a Single Sign On (SSO) service but all it does is set a cookie once the user is authenticated and then it redirects back to a JSP (mine) or whatever URL I supply. It doesn't set anything in the HTTP HEADER so I have to do this somehow. It must be the the HEADER because that is the only way for the Trusted Authentication Service (TAS) URL that handles login to retrieve this value.

I thought I could simply use the response.setHeader method within my JSP and then redirect to the necessary URL for login. I thought this would mean that this custom header would now be part of the REQUEST. It sounds like this can't be done however. I've been told that I could create a Filter that wraps the HttpServletRequest in my own subclass of HttpServletRequestWrapper. Override the getHeader() method to return my custom header, or return the regular header. I really don't know what this means or how I can do this from my JSP.

Any help is GREATLY appreciated!

 
Charisse Lane
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found the following article but I'm not sure how to incorporate this into my framework:

http://www.theserverside.com/discussions/thread.tss?thread_id=41118

 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This may help: https://sourceforge.net/projects/rewriteheaders/
 
Charisse Lane
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
so let me see if I understand...

1) From my JSP, make a call to the RewriteRequestHeaderFilter

2) Set value of a custom header within the Filter class

3) Redirect to TAS URL with custom header and value in the REQUEST


If above is correct, where is the custom header set within the RewriteRequestHeaderFilter class? Is it the

myRequest.setAttribute("hello","Hello World! This was inserted by the RewriteRequestHeaderFilter.");

or

String newHeader = super.getHeader(name);

in the getHeader() method?


I'm not exactly sure how this class works but I really need to know where to set my custom header and how to redirect to the necessary URL.

Thanks!

 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) From my JSP, make a call to the RewriteRequestHeaderFilter

You don't call it - it's a servlet filter that is configured in web.xml. You may want to read an introduction to servlet filters (some links are in the Servlet FAQ).

3) Redirect to TAS URL with custom header and value in the REQUEST

You can't redirect, you need to forward or the request header will be lost.

Attributes are not headers, so all the interesting action is in the getHeaders method.
 
Charisse Lane
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I only have a modest understanding of filters. If however the filter is added to the deployment descriptor (web.xml), then its invoked based on a url pattern. Let's say I add my jsp to the url pattern so it gets invoked when someone hits my JSP, I'm not sure of the flow based on what I'm trying to do.

Part of the problem with this approach is that my JSP must be accessed because if the cookie isn't present, then I redirect to the SSO app. If a filter intercepts, then I can never redirect to SSO to have the cookie set once the user is authenticated.

Let's say that I create a second JSP that the filter will intercept based on the web.xml. Basically, I could do the following:

1) My globallogin.jsp (users go here first) will check for a cookie. If it is not present, JSP will redirect to SSO app. *This is already working
2) SSO app will redirect back to globallogin.jsp - *This time cookie is present
3) My globallogin.jsp does a check for the cookie. If it is present, it will forward to myfilter.jsp.
4) myfilter.jsp is intercepted by RewriteRequestHeaderFilter servlet filter based on web.xml
5) RewriteRequestHeaderFilter will read cookies and set value of cookie to a custom header in the getHeader method
6) RewriteRequestHeaderFilter will "forward" to TAS URL login with the appropriate custom header

I am going to try to implement this now.

Your statement that attributes aren't headers is confusing. Can I or can I not set a Header? The TAS method that handles authentication is below and it must have a header. This getUserName() method is called first and it must find a username value in the REQUEST object.

Do you think this will work or does the Request Header have to be set by the web server?

Here is the method that is called when the TAS login URL is requested. userNameHeader is a system property that I can set.


public String getUserName(HttpServletRequest request)
throws RemoteDataException
{
String userName = request.getHeader(userNameHeader);
if(userName == null)
userName = request.getRemoteUser();
LOG.debug("Getting " + userName + " from the request");
return userName;
}
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your statement that attributes aren't headers is confusing. Can I or can I not set a Header?

You *can* set headers in a filter. I mentioned that because in your previous post you were unsure whether attributes and headers were related.

Do you think this will work or does the Request Header have to be set by the web server?

It sounds workable, but I'm not sure what you're asking here - the header will be set by the servlet filter.
 
David Ziebol
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Charisse, did this solution work?

I have a simmilar situation.

Thanks!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!