Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to set custom HTTP header for single sign on

Status
Not open for further replies.

sharon3874

Programmer
Oct 27, 2006
24
US
my company is a financial sector. Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.

It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.

I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.

My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?

Thanks in advance for your help.
 
Thank you for your responses.

I am sorry that I double post it since I am not sure which forum this question should go to.

I tried redirect in servlet, it didn't work. I was able to set the header on the response object, but when it goes to the redirecting jsp page (I created one jsp to test), I was not able to get the header from the request object (it was null).

I also tried XMLHTTPRequest in javascript, it did not work either. some people told me that it is due to security constraints in web browsers. web browser will not allow an XMLHTTPRequest to send to a different domain.

I don't want to use cookie if I have other choices.

I don't want to use URL rewriting due to security reasons.

any idea?




 
That should work, I remember doing it in the past. Maybe if you post the relevant code we can take a look

Cheers,
Dian
 
Thank you for your replies.

I tried to set the header in the response object like the following in my servlet (struts action):
response.setHeader("Authorization", "test");

i did something like the following in my jsp page to see the result:
<%
System.out.println("test " + request.getHeader("Authorization"));
%>

the result is "null".

any idea?
 
That might be because you are not setting the Authorization header properly.

Instead of "test", try: "user fred:mypassword".

If not, I will be more than happy to keep digging into this.
 
Hang on a mo. Sharon3874, in your servlet you're setting the http header in the response. But in the jsp you are querying the http header for the request. So the jsp will show null since it hasn't been set in the request, it's been set in the response. If the servlet delegates to the jsp to render the page (it's been I while since I did any Struts) then the jsp would need to look at the response object too, would it not?

I may be wrong here, but that would explain the null you are seeing.

Tim
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top