Custom Http header in remote object

Similar Messages

• SOAP Sender Adatper - Read custom http header field

  Hello,
  i try to read a custom http header into the dynamic configuration of a message - but it is not working as expected - in ASMA i configured to get the value of MYHEADER1 into XHEADERNAME1 - when testing with a MYHEADER1 value, the value is not put into XHEADERNAME1.
  Is it possible to get custom HTTP Headers in the message?
  bf
  franz

  I have quite the same problem!
  I try to make the receiver determination based on the content of XHeaderName1, but none of the Dynamic Configuration parameters is shown in the sxi_monitor.
  I've described my scenario in more detail in this thread
  http://scn.sap.com/message/13586532#13586532
  Does anyone have an idea?

• Custom HTTP Header

  Is there any way to add custom http header (not soap header) into Soap request sending by BPEL server to soap server
  Regards
  J

  Looks like it possible via the Partner Link properties: httpUsername and httpPassword
  Check http://www.oracle.com/technology/pub/articles/bpel_cookbook/chandran.html
  Under step 4.
  Regards Pete

• How to set custom HTTP header for single sign on

  Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
  It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
  I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
  Thanks in advance for your help.

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• Http Header for SOAP message.

  Hello,
  I need to set some custom HTTP Header when i send the SOAP message to an endpoint.
  I tried this..but doesn't solve my requirement.
  SOAPMessage soapmsg = messageFactory.createMessage();
  MimeHeaders mime = soapmsg.getMimeHeaders();
  mime.addHeader("SOAPAction", "xxxx");
  mime.addHeader("Sender", "yyy");
  SOAPMessage reply = connection.call(soapmsg, destination);
  Can anyone please guide me how to set HTTP headers for SOAP?
  Thanks,

  The following snippet is some code froma stand-alone web service client that I use for testing. It picks up an XML as the payload of the web service, wraps it in a SOAP message and fires it at the web service endpoint.
       System.out.println("Create the SOAP message.\n"); 
       MessageFactory messageFactory = MessageFactory.newInstance();
       SOAPMessage message = messageFactory.createMessage();
       System.out.println("Creating a DOM object from the JAXB payload.");
       DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(false);
               factory.setNamespaceAware(true);
       DocumentBuilder parser = factory.newDocumentBuilder();
       Document doc = parser.parse("file:payload.xml");
       //  Add the HTTP headers.
       message.getMimeHeaders().addHeader("User-Agent", "Mozilla/4.0 [en] (WinNT; I)");
       message.getMimeHeaders().addHeader("Host", "localhost:9080");
       message.getMimeHeaders().addHeader("Content-type", "text/xml");
       message.getMimeHeaders().addHeader("SOAPAction", "http://www.xxx.com.au/wsdl/someWebService");
       message.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, "utf-8");
       SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
       envelope.addNamespaceDeclaration("n", "http://xxx/webService");
       envelope.addNamespaceDeclaration("xsd", "http://www.w3.org/2001/XMLSchema");
       envelope.addNamespaceDeclaration("xsi", "http://www.w3.org/2001/XMLSchema-instance");
       System.out.println("Adding the payload to the SOAP body.\n");
       SOAPBody body = message.getSOAPBody();
       SOAPBodyElement docElement = body.addDocument(doc);
       System.out.println("This is the SOAP message.\n");
       message.writeTo(System.out);
       System.out.println("\nPutting the payload on the wire.\n");
       SOAPConnectionFactory conFactry = SOAPConnectionFactory.newInstance();
       SOAPConnection connection = conFactry.createConnection();          
       URL endpoint = new URL("http://localhost:9080/xxx/services/yyy-webservices");
       SOAPMessage response = connection.call(message, endpoint);
       System.out.println("Payload sent. Closing the connection.\n");
       connection.close();

• Make process manger send additional http header when querying WSDL ?

  Hello,
  is there a possibility to send an additional, custom http header when
  process manager reads WSDL from a webserver.
  Backgrund info: all our WSDLs are hosted on a special webserver which
  needs this field. Changing to another kind of repository is not an option.
  It would be nice if we could add some parameter to the appserver or domain
  configuration to add this field as a default for each request.
  Note that we don´t need the http field if we call partnerLinks. It´s only required for
  WSDL-query (= the URLs given in bpel.xml / </partnerLinkBinding> )
  Thanks in advance
  Bernd

  Hi,
  It is a memory or buffer related problem. Contact your BASIS.
  Looks like there is a shortage of space. Analyse the dump in ST22 and look for its proposals.
  OSS note 965351 might be applicable (if you are on 640/ unix).
  regards,
  NR

• Problem adding HTTP header to request

  Hi all,
  My company is wanting to access our Adobe Connect through our
  SAP portal without requiring the user to stop and enter their Adobe
  Connect password.
  The documentation available says that this should be possible
  using a combination of SAPSSOEXT (to interrogate the SAP ticket and
  authenticate the user coming from the SAP portal) and HTTP header
  authentication within Adobe Connect (by inserting the authenticated
  username into a custom HTTP header).
  However the problem is that I'm intending to use Java, but I
  can't find any Java functionality that will allow me to add a
  header into an HTTP request.
  Has anyone done anything like this before? Any ideas on how
  to go about it?
  Thanks in advance,
  David

  In 10.1.3.5, there were several examples or samples in the Oracle BPEL folder. I think there were ones called HTTPGetService and HTTPPostService. You might check to see if they are still around.

• No "Remote-User" in HTTP header when HTTP request gets to WLS

  Hello Exprers,
  I have a customer, using 10.3.3 on Linux machine. Web server as Apache.
  He wants Remote-User in HTTP header, he used to get it when he used Tomcat. But when he transffered to Apache and 10.3.3, he is not getting the Remote-User in header, instead he is getting proxy-remote-user.
  He wants the Remote-user in HTTP header.
  Any clue, on why he is not getting it.

  Hi,
  We are facing error while doing openConnection
  When I tried with simple java file it worked as shown below
  import java.io.*;
  import javax.net.ssl.HttpsURLConnection;
  public class test
  public static void main(String[] args) throws Exception
  String httpsURL = "https://rcfe.aspac.citicorp.com:40054/servlet/Verify";
  URL myurl = new URL(httpsURL);
  HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
  InputStream ins = con.getInputStream();
  InputStreamReader isr = new InputStreamReader(ins);
  BufferedReader in = new BufferedReader(isr);
  if (con!=null)
  System.out.println("con="+con);
  System.out.println(ins);
  Output*
  [rcrrgbg2@kauh0079:/rcrmap2/weblogic/bea/ORA_PFRD/forms/j2ee] java test
  con=com.ibm.net.ssl.www2.protocol.https.e:https://rcfe.aspac.citicorp.com:40054/servlet/Verify
  sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@5f6c5f6c
  However when I tried with below program I am able to write upto Web CL URL but after that no log is written when it tries to do openConnection() for this line csConn=(HttpsURLConnection)new URL(webclURL).openConnection(); in the below code
  Some part of the code:_
  =======================================================================
  import java.io.*;
  import javax.servlet.http.*;
  import javax.servlet.*;
  import java.util.Hashtable;
  import java.io.File;
  import java.io.FileInputStream;
  import javax.servlet.ServletException;
  import javax.servlet.ServletOutputStream;
  import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.net.ssl.HttpsURLConnection;
  import java.net.URL;
  public class CRMSLogin extends HttpServlet
  private static final long serialVersionUID=-6294676216324813290L;
  public void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
  String iniFile=request.getParameter("CRMS_INI_FILE_PATH");
  String sessionId=request.getParameter("SessionId");
  String applId=request.getParameter("apl_id");
  String userId=request.getParameter("userId");
  String clientIp=request.getRemoteAddr();
  Properties iniProp=this.getProperties(iniFile);
  String crmsAppServerContext=iniProp.getProperty("CRMS_APP_SERVER_CONTEXT");
  String appModule=iniProp.getProperty("CRMS_MODULE");
  String webclURL=iniProp.getProperty("WEBCL_URL");
  // HttpsURLConnection csConn=null;
  String crmsFormsTerm=null;
  crmsFormsTerm=getEntitlements(iniFile.trim(),sessionId,applId.trim(),clientIp.trim(),webclURL.trim());
  String baseContent=this.getBaseContent(iniProp);
  ServletOutputStream out=response.getOutputStream();
  baseContent=baseContent.replaceAll("<!APP_TITLE!>","Credit Risk Management System");
  baseContent=baseContent.replaceAll("<!APP_CONTEXT!>",crmsAppServerContext);
  baseContent=baseContent.replaceAll("<!APP_MODULE!>",appModule);
  baseContent=baseContent.replaceAll("<!APP_TRACE!>",crmsFormsTerm.replaceAll(" ", ""));
  baseContent=baseContent.replaceAll("<!USER_ID!>",userId);
  baseContent=baseContent.replaceAll("<!SESSION_ID!>",sessionId);
  baseContent=baseContent.replaceAll("<!APPL_ID!>",applId.trim());
  baseContent=baseContent.replaceAll("<!CLIENT_IP!>",clientIp.trim());
  baseContent=baseContent.replaceAll("<!INI_FILE!>",iniFile.trim());
  out.println(baseContent);
  out.flush();
  out.close();
  private synchronized Properties getProperties(String inifile)
  Properties iniProp=new Properties();
  FileInputStream iniFileStream=null;
  try
  iniFileStream=new FileInputStream(inifile);
  iniProp.load(iniFileStream);
  iniFileStream.close();
  catch(Exception e)
  finally
  try
  if(iniFileStream!=null)
  iniFileStream.close();
  catch(Exception e)
  return iniProp;
  public static synchronized String getEntitlements(String inifile,String sessionId,String applId,String clientIp,String webclURL)
       HttpsURLConnection csConn=null;
       OutputStreamWriter requestStream=null;
       BufferedReader responseStream=null;
       StringBuffer responseData=new StringBuffer();
       String csReturnString=null;
       //String webclURL=null;
       BufferedWriter traceLog=null;
       int csCount=6;
       Properties iniProp=new Properties();
       String traceFile=null;
       String entitlementData=null;
       try
       readIniProperties(inifile,iniProp);
       traceFile=getTraceFile(iniProp);
       traceLog=new BufferedWriter(new FileWriter(traceFile,true));
       if(traceFile!=null)
       traceLog.write("###########################");
       traceLog.write("P A R A M E T E R S");
       traceLog.write("###########################");
       traceLog.newLine();
       traceLog.write("INI_FILE:"+inifile);
       traceLog.newLine();
       traceLog.write("SESSION_ID:"+sessionId);
       traceLog.newLine();
       traceLog.write("APPL_ID:"+applId);
       traceLog.newLine();
       traceLog.write("CLIENT_IP:"+clientIp);
       traceLog.newLine();
       traceLog.write("count:"+csCount);
       traceLog.newLine();
       traceLog.write("###########################");
       traceLog.newLine();
       //webclURL=getWebclURL(traceLog,iniProp);
       if(webclURL!=null)
       traceLog.write("Web CL URL:"+webclURL);
            traceLog.newLine();
       csConn=(HttpsURLConnection)new URL(webclURL).openConnection();     
  traceLog.write("Open Connection - Completed!");
       traceLog.newLine();
       csConn.setRequestMethod("POST");
       csConn.setDoInput(true);
       csConn.setDoOutput(true);
       requestStream=new OutputStreamWriter(csConn.getOutputStream());
       traceLog.write("Open Request Stream - Completed!");
       traceLog.newLine();
       requestStream.write("SessionId="+sessionId+"&ClientIP="+clientIp+"&apl_id="+applId+"&count="+csCount);
       requestStream.flush();
       requestStream.close();
       traceLog.write("Write Params to Request Stream - Completed!");
       traceLog.newLine();
       responseStream=new BufferedReader(new InputStreamReader(csConn.getInputStream()));
       traceLog.write("Open Response Stream - Completed!");
       traceLog.newLine();
       while((csReturnString=responseStream.readLine())!=null)
       responseData.append(csReturnString);
       traceLog.write("Response Stream Reading - Completed!");
       traceLog.newLine();
       responseStream.close();
       csConn.disconnect();
       entitlementData=getEntitlementData(traceLog,responseData.toString(),iniProp);
       traceLog.write("responseData::"+responseData);
       traceLog.newLine();
       traceLog.newLine();
       traceLog.write("entitlementData::"+entitlementData);
       traceLog.newLine();
       traceLog.flush();
       traceLog.close();
       catch(Exception e)
       e.printStackTrace();
       finally
       try
       if(requestStream!=null)
       requestStream.close();
  =======================================================================
  output_
  ###########################P A R A M E T E R S###########################
  INI_FILE:/rcrmap1/rcrrgbg2/crms.ini
  SESSION_ID:%2526%253ASIGNED_TICKET%253D%2526PROVIDER_TICKET%253D002c6e4cH0tZy2Gj4JBCOiSL7uSlKisfsqgwP9KoRRn7e%252BY%253D%253AKRSERVER0006%252BA9A52AAE%252B4D1DC7AA%252B14400
  APPL_ID:RCRMKR
  CLIENT_IP:169.165.42.174
  count:6
  Web CL URL:https://rcfe.aspac.citicorp.com:40054/servlet/Verify
  Please help to guide us.
  Regards,
  Harish

• OSB Http Transport Custom Authenticatiion (X509 in Http header)

  Hello!
  I'm trying to solve this case. We have F5 Load balancer that terminates SSL Connections From client to the OSB. When terminating the SSL, the LB adds the clients certificate into headers of the Http request going to OSB.
  OSb proxy service is configured to use custom authentication with token type X509 (only choice in the OSB console).
  What happens when I send the request to OSB, is that I get http code 401 (unauthorized) this error on server log:
  ####<Sep 27, 2011 3:08:05 PM EEST> <Error> <WliSbTransports> <appserver02> <MANSERV02> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1317125285598> <BEA-381327> <Transport-level custom token identity assertion failed
  java.lang.ClassCastException: java.lang.String cannot be cast to [Ljava.security.cert.X509Certificate;
  The HTTP header sent to OSB is in the messages below.
  It has also been wihotu the BEGIN CERTIFICATE and END CERTIFICATE lines with same results.
  Can somebody help me in:
  a) Should the certificate be sent in what form from LB to OSB.
  b) How should the OSB/WLS be configured for this to work?
  OSB version is 10.3.1.
  Request to the server is:
  POST /prjTemplateService/ProxyServices/psvcHelloWolrdWSSSLInterface HTTP/1.1
  Accept-Encoding: gzip,deflate
  Content-Type: text/xml;charset=UTF-8
  SOAPAction: "urn:#HelloWorldOperation"
  User-Agent: Jakarta Commons-HttpClient/3.1
  Host: <ip_here>
  Content-Length: 459
  SSLClientCertStatus: ok
  SSLClientCertb64: -----BEGIN CERTIFICATE-----
  MIICHDCCAYUCBE2sABcwDQYJKoZIhvcNAQEEBQAwVTELMAkGA1UEBhMCRkkxCzAJ
  BgNVBAgTAkZJMQ4wDAYDVQQHEwVFc3BvbzEMMAoGA1UEChMDRVpaMQswCQYDVQQL
  EwJUQzEOMAwGA1UEAxMFSnVzc2kwHhcNMTEwNDE4MDkxMDQ3WhcNMTEwNzI3MDkx
  MDQ3WjBVMQswCQYDVQQGEwJGSTELMAkGA1UECBMCRkkxDjAMBgNVBAcTBUVzcG9v
  MQwwCgYDVQQKEwNFWloxCzAJBgNVBAsTAlRDMQ4wDAYDVQQDEwVKdXNzaTCBnzAN
  BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvEPjEn3tvG3YuXlsLZnE7ZOKUJIF0Foy
  c1hp+k7dyGUoHu3Phva7eVOO1cmHaGkFHkg+EnnK3+/Y58EMQAEwPOfQTj0/vSSk
  cEx2X/2p2W7ACldJlYMxx2ZdFa1qaKTXtoieLy23/kJI+ZTfIoB+nmZiPRE9Hq8p
  LTPlcMWVFnkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQC3EZMQieOy4PFh+95R6W7/
  3xaaRm/BzmEU/Wf9JweEwrnttdSmRKsxx9vSkADnD0J7jGO+koym5CWvJHbox4Sk
  QMRPFaTOBRD4hzZeJMidds1LSzUm/QE9PXzjS/HLSjBBs5DmZfdR+uXPSFqTROkd
  87R5veuPX5KeKQHs8iesTw==
  -----END CERTIFICATE-----
  SSLClientCertSN: 4d:ac:00:17
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Hello:client">
  <soapenv:Body>
  <urn:HelloWorldRequest>
  <urn:FirstName>Jolly</urn:FirstName>
  <urn:Surname>Roger</urn:Surname>
  </urn:HelloWorldRequest>
  </soapenv:Body>
  </soapenv:Envelope>
  Response from OSB:
  HTTP/1.1 401 Unauthorized
  Connection: close
  Date: Fri, 30 Sep 2011 08:32:33 GMT
  Content-Length: 1518
  Content-Type: text/html
  X-Powered-By: Servlet/2.5 JSP/2.1
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
  <HTML>
  <HEAD>
  <TITLE>Error 401--Unauthorized</TITLE>
  <META NAME="GENERATOR" CONTENT="WebLogic Server">
  </HEAD>
  <BODY bgcolor="white">
  <FONT FACE=Helvetica><BR CLEAR=all>
  <TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
  <FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 401--Unauthorized</H2>
  </FONT></TD></TR>
  </TABLE>
  <TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
  </FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.2 401 Unauthorized</H4>
  </FONT><P><FONT FACE="Courier New">The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.</FONT></P>
  </FONT></TD></TR>
  </TABLE>
  </BODY>
  </HTML>

  >
  by using Client Cert authentication I have to set HTTPS required to true.
  >
  Yes.
  >
  When I try to invoke this service with http request, it redirects to https service.
  This actually just trashes the entire idea of terminating SSL in the load balancer.
  >
  Not necessarily. Although direct HTTP request to WebLogic is redirected to HTTPS enabled port, you can still use this settings with WebLogic plugin. I'm not aware of your deployment, but I use Apache plugin for WebLogic, terminate SSL on Apache and I'm still able to send requests authenticated by certificate from client through HTTPS.
  I don't know about F5, but I guess there should be similar feature as well.
  http://download.oracle.com/docs/cd/E12840_01/wls/docs103/cluster/load_balancing.html

• Adding custom information in HTTP Header in an outgoing request from GWWS

  Is there a way to send custom header information with the a webservice request (HTTP post) that happens via GWWS server?
  All the methods I read about deal with managing the soap envelop that gets sent.
  We are looking for ways which will allow us to put custom information in the headers.
  I am aware there is something we can do using the Salt Plugins.
  For example, we can write a Out bound plugin which has a capability of putting the "Authentication:Basic..." in the header.
  Then there is message conversion plugin which deals with transformation of message, which gives us control over the soap body.
  Is it possible to put information in the header for outgoing request (from GWWS) to a specific web service?
  Thanks and Sincere Regards,
  Mrugendra

  Maurice,
  Thanks for confirming this.
  It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
  Yes, we need to add HTTP Headers (not SOAP header).
  For now we just need to add Basic Authentication HTTP Header for outbound service calls.
  We have developed a plugin to do that for now.
  And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
  At-least, not unless we request that enhancement.
  Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
  Which, in turn, makes it imperative to change the endpoint clients of our application.
  In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
  With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
  As you say, Maurice, it seems it is not possible yet.
  Thank you again for your replies.
  Sincere Regards,
  Mrugendra

• Custom information in HTTP Header in an outgoing GWWS Request

  Hello Xu,
  Hello Everyone,
  With reference to the recent post activity in the post:
  [Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0]
  We are looking for an option to send custom header information with the a webservice request (HTTP post) that happens via GWWS server.
  I prematurely marked that post as answered since we got a link to documentation in one of the answers, which suggests that problem has been taken care in TUXEDO11gR1.
  However, it would be difficult (almost impossible) for us to move to 11gR1 immediately.
  Since I marked that post as "answered" and I did not know if replies in that post will get any attention, I opened up this post.
  Xu (He) suggested (in reply to my previous post) that there might be a patch for our problem.
  It would be wonderful/perfect if we can get a patch for 10gR3!
  We are using the following:
  TUXEDO10gR3 PATCH LEV=44
  SALT Patch Lev = 15
  Please do let us know.
  Thank you again
  Sincere Regards,
  Mrugendra

  Maurice,
  Thanks for confirming this. (in the post: [Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0] )
  It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
  Yes, we need to add HTTP Headers (not SOAP header).
  For now we just need to add Basic Authentication HTTP Header for outbound service calls.
  We have developed a plugin to do that for now.
  And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
  At-least, not unless we request that enhancement.
  Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
  Which, in turn, makes it imperative to change the endpoint clients of our application.
  In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
  With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
  As you say, Maurice, it seems it is not possible yet.
  Thank you again for your replies.
  Sincere Regards,
  Mrugendra

• Simultaneous remote object calls in one http request?

  I am noticing when I have two remote object calls happen at the same time they are being bundled into one http request.  This is causing problems in my application becuase the result is not coming back until both have finished.
  So basically I have to calls that happen at the sametime.  One does not take anytime and the other is a long running task.  I will not get the result for the first until the long running task completes.
  Has anyone else seen this?
  Any help would be appreciated.

  "suspend the main thread, pending a remote call.." No. Can't
  be done.
  ..."pass arguments into the resultHandler..." Yes, this is
  done using the AsyncToken. (ACT pattern)
  The send() methods returns an AsyncToken object. You can use
  this dynamic object to add almost anything you want to the token,
  including strings, and functions (google the term "closure").
  As I am still not comfortable with anonymous functions, I
  like to pass strings. I pass an identifier, which I can use in a
  switch statement to determine the next step. Sometimes I pass a
  "nextStep" string to define finer grain conditionality.
  I use a single dataService object and result handler function
  for all calls.
  Tracy

• Custom Inserted HTTP Header not showing up in Iplanet Logs

  ALL:
  I have some iPlanet Enterprise/6.0 web servers sitting behind a LoadBalancer. The LoadBalancer is setup in an 'one-armed mode', and takes a client HTTP request passes it onto the server, but during this process, changes the client source IP to that of local static IP that the LoadBalancer has. Due to our setup we cannot change this.
  By changing the client source IP to a local address, we have lost any useful user session tracking that was done by source IP.
  To get around this, I have the LoadBalancer inserting an HTTP header with the client real source IP. Reading the NSAPI Programmer's Guide (Table 7-1 "http://docs.sun.com/source/816-5686-10/07_magnu.htm"), there is an option "%Req->headers.headername%" that can be used with 'flex-int' to log any header value.
  My output from snoop looks as follows:
  HTTP: ----- HyperText Transfer Protocol -----
  HTTP:
  HTTP: GET /plugin.do HTTP/1.1
  HTTP: OrigClientAddr:10.5.4.28
  HTTP: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  HTTP: Accept-Language: en-us
  HTTP: Accept-Encoding: gzip, deflate
  HTTP: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
  HTTP:
  I have set the value to "%Req->headers.OrigClientAddr%" and it still does not show up in the log file. Any clues?
  Works fine in Apache with:
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{OrigClientAddr}i\" \"%{User-Agent}i\"" headerinsert
  CustomLog logs/access_log headerinsert

  Always nice to find resolution to one's own question.
  Fix was to change the header value to all lower case.
  From:
  "%Req->headers.OrigClientAddr%"
  To:
  "%Req->headers.origclientaddr%"

• File upload through BlazeDS remote object?

  Hi,
  After researching file upload options in flex, it seems like the only option is through HTTP service requests, such as:
  private var fileRef:FileReference;
  fileRef.upload(new URLRequest(FILE_UPLOAD_URL));
  Is there any way to use BlazeDS remote objects to upload a file from Flex interface? Perhaps passing in a FileReference object and marshalling it into an equivalent Java object?
  Thanks!

  I know there is a workaround like this. It uses a servlet to upload a file and returns a url. The uploaded file is either stored in session or server file system until the session expires. Use the PropertyProxy to register a custom class which contains this url and convert to java.io.File. It is the limitation of the player. It cannot read the local file system for security reason. There is a sample in blazeds/trunk/qa/apps/qa-regress/WEB-INF/src/blazeds/qa/remotingService/Echo.java
  static
  PropertyProxyRegistry registry = PropertyProxyRegistry.getRegistry();
  PropertyProxy proxy = registry.getProxy(java.io.File.class);
  if (proxy == null)
  registry.register(java.io.File.class, new FileProxy());
  proxy = registry.getProxy(FileReference.class);
  if (proxy == null)
  registry.register(FileReference.class, new FileReferenceProxy());
  Hope it can help

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers