Y
Yuri Mikhel
I am writing a servlet to perform single signon to an application
that uses Basic Authetication. This 3rd party application is running
on a different server (may not be Java based). I have stored the
usernames and passwords for this app in an external LDAP server. So, I
can retrieve them, encode them in Base64 and send the header via a URL
Connection. Here's my code:
URL url = new URL("http://some.external.server/loginpage");
URLConnection postUrlConnection = url.openConnection();
postUrlConnection.setDoOutput(true);
postUrlConnection.setUseCaches(false);
postUrlConnection.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
postUrlConnection.setRequestProperty("Authorization", "Basic
c3lSTdGVduwWlYmwvZ2xj");
//I cannot call connect() if I need to read the stream - WHY?
//postUrlConnection.connect();
InputStream postInputStream = postUrlConnection.getInputStream();
BufferedReader postBufferedReader = new BufferedReader(new
InputStreamReader(postInputStream));
String postline = null;
while((postline = postBufferedReader.readLine()) != null) {
out.println(postline);
}
The servlet is able to login to the application, and it is returning
the page that I am suppose to see as if I log in directly thru the
URL.
I have 2 problems:
1. The returned page has images, files, and URL links that is relative
to the server I am connecting to. But, the client is actually
connected to my servlet on my machine. So, all the links are broken
and I can't get the images. Do I need to do URL re-writing for the
images/links to work? Can I do a sendRedirect() on the response and
yet still authenticated to the server?
2. I copied an URL that I know exist on the application to the
browser. Since my servlet (not the browser) was sending the auth
header, I was not able to go to that page on that application. The
application is asking me to login again with the Basic Auth dialog.
This tells me that the browser did not send the authorization header
on my next request. How do I store the authorization header created by
the servlet INTO THE BROWSER, so that it will be sent on all
subsequent requests?
Please help. Thanks.
that uses Basic Authetication. This 3rd party application is running
on a different server (may not be Java based). I have stored the
usernames and passwords for this app in an external LDAP server. So, I
can retrieve them, encode them in Base64 and send the header via a URL
Connection. Here's my code:
URL url = new URL("http://some.external.server/loginpage");
URLConnection postUrlConnection = url.openConnection();
postUrlConnection.setDoOutput(true);
postUrlConnection.setUseCaches(false);
postUrlConnection.setRequestProperty("Content-Type",
"application/x-www-form-urlencoded");
postUrlConnection.setRequestProperty("Authorization", "Basic
c3lSTdGVduwWlYmwvZ2xj");
//I cannot call connect() if I need to read the stream - WHY?
//postUrlConnection.connect();
InputStream postInputStream = postUrlConnection.getInputStream();
BufferedReader postBufferedReader = new BufferedReader(new
InputStreamReader(postInputStream));
String postline = null;
while((postline = postBufferedReader.readLine()) != null) {
out.println(postline);
}
The servlet is able to login to the application, and it is returning
the page that I am suppose to see as if I log in directly thru the
URL.
I have 2 problems:
1. The returned page has images, files, and URL links that is relative
to the server I am connecting to. But, the client is actually
connected to my servlet on my machine. So, all the links are broken
and I can't get the images. Do I need to do URL re-writing for the
images/links to work? Can I do a sendRedirect() on the response and
yet still authenticated to the server?
2. I copied an URL that I know exist on the application to the
browser. Since my servlet (not the browser) was sending the auth
header, I was not able to go to that page on that application. The
application is asking me to login again with the Basic Auth dialog.
This tells me that the browser did not send the authorization header
on my next request. How do I store the authorization header created by
the servlet INTO THE BROWSER, so that it will be sent on all
subsequent requests?
Please help. Thanks.