HTTP Header in Client Application

Hi All,
I have developed a small web app (client), running under tomcat. I have configured access manager with ldap repository. my client webapp has been configured with tomcat policy agent to communicate with Access manager. This client app will be a SSO login page for manu apps. I would like to know how to set up header values for the logged in user using policy agent configuration / by some other means.
I will pass this header value to other application, so that it can obtain authentication info's from the header.
Thanks
Bharat

Hi,
Try to find the configuration file of the policy agent, its name should be "AMAgent.properties".
Put HTTP_HEADER in the following property: com.sun.am.policy.agents.config.profile.attribute.fetch.mode
Then in the property com.sun.am.policy.agents.config.profile.attribute.map list the user attributes you want to retrieve in the application side, for example (cn|common-name,mail|email).
Restart tomcat and that should be ok
Best regards.

Similar Messages

How to get and put data in HTTP header in Client Side

One JSP's function is to display data records page by page. Client users could click "First page" or "Previous Page" or "Next Page" or "Last Page" button to let the JSP to show the corresponding page. So the JSP must remember the current page number. Due to there are a number of client users maybe access the JSP at the same time, keep the current page number in session, there will be a lot of session is created at the same time, this will impact system's performance. So using session to keep data method is not used. I plan to use request header and response header to pass the current page number. I know use the response.addHeader to put data in response header and also know use request.getHeader to get data in request header in server side, but I donot know how to put data in request header and how to get data in response header in client side. Could you please give me a help? If donot use these method, are there any other method? Thanks a lot.

Why not pass it as a parameter with the URL?
at the beginning of the page..
<%
int pageNumber = Integer.parseInt(request.getParameter("page"));
%>
then when defining your links
<a href="thisPage.jsp?page=<%= (pageNumber-1)%>">Previous</a>
<a href="thisPage.jsp?page=<%= (pageNumber+1)%>">Next</a>

Which OAM setting for passing values in HTTP header to application

Experts, what is the setting in OAM 11gR2 that is set to pass a userid pulled from a LDAP directory (which is already configured with OAM) as a HTTP Header to an application.
This is typically in cases where OAM is protecting or providing to protected resources on a Web Server or application.
Is this setting (in OAM) by default set to userid? I wanted to know exactly where and how to set this value in OAM Console settings.

In the protected resource policy and protected authorization policy in the responses tab set parameters to return headers for example if you want to return userid under name set header name like user_name, type header and the value as $user.userid. By default I guess OAM_REMOTE_USER is set in the http headers which contains the user id.

How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

Hi,
I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
Please suggest how to pass both the certs from client Application..

Hi,
This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
And for more information, you could refer to:
http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
Regards

How to extract client source ip, which has been embedded in http header?

Can someone please tell me how to extract the client source ip which has been embedded in http header?
the web server is running SunOS 5.8 and iPlanet6.0sp6
Thanks.

Clear the cache and cookies.
"Clear the Cache":
*Firefox/Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies":
*Firefox/Tools > Options > Privacy > Cookies: "Show Cookies"
Create a new profile as a test to check if your current profile is causing the problem.
See "Creating a profile":
*https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
*http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
If the new profile works then you can transfer some files from an existing profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over the problem
*http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox
*https://itunes.apple.com/us/app/bitdefender-virus-scanner/id500154009?mt=12

Cannot see HTTP Header in Browser and in application trying to intergrate

I cannot see the HTTP header in browser using Fiddler and Liver Http Header add on in web browser. I tried with both IE and Firefox.
I can see the header value get set in OAM Diagnostics log.
We are using OAM 11gR2 with OAM 11G webgate for OHS 11g.
i have set response in authentication policies as OAM_REMOTE_USER Header and Value as $user.userid
Please let me know.
Akshay
Edited by: 993160 on Mar 12, 2013 1:07 PM

Hello,
ODATA is case sensitive, try:
https://mycompany.sharepoint.com/sites/pwa/_api/projectData/Projects/
Capital P on Projects
Paul
Paul Mather | Twitter |
http://pwmather.wordpress.com | CPS

Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

Hello SDN community,
in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
Is there an application to be built on the java stack to deal with the authentication, modify http header?
What will the Java stack return? a sap long ticket? a token?
How will the redirect work (to by example a BSP which is in the ABAP stack)?
SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
A lot of questions about how this SSO http header should work,
I would be very greatful for any help, or info,
Kind regards,
Tanguy Mezzano

Hi Tanguy,
to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
Here are some answers to your question:
in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
So everything's is in a Java Client application without using any redirection.
If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
So my problem now, is how to call the servlet from the client browser:
I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
<FORM method="POST" action="SSORedirect2" >
A JSP is a servlet too. There is just no JAVA Class involved!
You do not need any POST Request to invoke a Servlet.
I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app (View Source for full doctype...)>
- <web-app>
<display-name>WEB APP</display-name>
<description>WEB APP description</description>
- <servlet>
<servlet-name>SSOredirect2</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
- <servlet>
<servlet-name>SSORedirect2.jsp</servlet-name>
<jsp-file>/SSORedirect2.jsp</jsp-file>
</servlet>
- <security-constraint>
<display-name>SecurityConstraint</display-name>
- <web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>DefaultSecurityRole</role-name>
</auth-constraint>
</security-constraint>
- <security-role>
<role-name>DefaultSecurityRole</role-name>
</security-role>
</web-app>
If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
e.g.
<servlet>
<description>
</description>
<display-name>AuthenticatorServlet</display-name>
<servlet-name>AuthenticatorServlet</servlet-name>
<servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthenticatorServlet</servlet-name>
<url-pattern>/AuthenticatorServlet</url-pattern>
</servlet-mapping>
You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
I have also to pass my http header and the redirectUrl in the GET request.
If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
Thx for your input very helpful,
But again 0 points
Cheers

How to Set UserId in Http Header for SSO?

Hello All,
I have a requirement to set the userid into the HTTP Header so that i can use the "Header Variables for User Authentication" module provided by SAP to achieve the SSO .
Could some 1 let me know how can I achieve this? I know abt the HTTPServlet.setheader() method, But i need to set it using my JAVA application. Is there any way to set the HTTP Header using Java. I have already done a lot of googling, but havent got any results.
I am sure that, there must definitely be a way in which we can add the user id into the HTTP header, in all the results, they tell abt adding it using the HTTP Servlet or PHP and so on, but i need to add it from JAVA.(setting REMOTE_USER as "mysapuserid")
I have already added the "HeaderVariableLoginModule" in my login stack in the 2nd position, as per
http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
Any pointers will be helpful,
Meghana
Edited by: Meghana Phadke on Apr 14, 2008 2:49 PM

Hi
As I understand, your java application is an EP client, check framework HttpClient :
http://hc.apache.org/httpclient-3.x/
http://hc.apache.org/httpclient-3.x/tutorial.html
Hope this help
Jakub Krecicki

ESB requires "SOAPAction" to be set in HTTP header?

I'm trying to insert an ESB flow between an existing web service and client. The service and client were previously built with Apache Axis.
By generating an appropriate WSDL (doc/wrapped rather than Axis' default RPC style) for the existing service, I'm able to connect the ESB to the service.
The problem is that the existing client (built using Axis) sets the SOAPAction in the HTTP header to empty (SOAPAction: ""), and the ESB appears to require this to be set to the desired operation. If this is a hard requirement, then I can't directly connect the existing client to the ESB flow.
So, the question is whether it's possible to have the ESB relax the requirement for the SOAPAction header. And if so, how?
If I can't get the ESB to accept SOAP requests with an empty SOAPAction, then I'll have to create a custom adapter or insert an additional proxy layer (yuk). Anyone else have any suggestions?

This is all done automatically by FB.
Just to try something out I just now made a simple app with a label only and tried to upload to Google... FAILED!!!!
"Market requires versionCode to be set to a positive 32-bit integer in AndroidManifest.xml"
LOL, FB can't even create this. :-/
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<application xmlns="http://ns.adobe.com/air/application/3.1">

Message was edited by: KesherMedia.Com

External Web Service - User and password in HTTP header

Hi!
How is it possible to add user and password in the HTTP header in a external web service call?
I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio. I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>. I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
Cheers
Asle

Hello All,
I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
Sorry for the long post. Hope someone can help. Thanks.

Adding custom information in HTTP Header in an outgoing request from GWWS

Is there a way to send custom header information with the a webservice request (HTTP post) that happens via GWWS server?
All the methods I read about deal with managing the soap envelop that gets sent.
We are looking for ways which will allow us to put custom information in the headers.
I am aware there is something we can do using the Salt Plugins.
For example, we can write a Out bound plugin which has a capability of putting the "Authentication:Basic..." in the header.
Then there is message conversion plugin which deals with transformation of message, which gives us control over the soap body.
Is it possible to put information in the header for outgoing request (from GWWS) to a specific web service?
Thanks and Sincere Regards,
Mrugendra

Maurice,
Thanks for confirming this.
It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
Yes, we need to add HTTP Headers (not SOAP header).
For now we just need to add Basic Authentication HTTP Header for outbound service calls.
We have developed a plugin to do that for now.
And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
At-least, not unless we request that enhancement.
Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
Which, in turn, makes it imperative to change the endpoint clients of our application.
In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
As you say, Maurice, it seems it is not possible yet.
Thank you again for your replies.
Sincere Regards,
Mrugendra

Custom information in HTTP Header in an outgoing GWWS Request

Hello Xu,
Hello Everyone,
With reference to the recent post activity in the post:
[Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0]
We are looking for an option to send custom header information with the a webservice request (HTTP post) that happens via GWWS server.
I prematurely marked that post as answered since we got a link to documentation in one of the answers, which suggests that problem has been taken care in TUXEDO11gR1.
However, it would be difficult (almost impossible) for us to move to 11gR1 immediately.
Since I marked that post as "answered" and I did not know if replies in that post will get any attention, I opened up this post.
Xu (He) suggested (in reply to my previous post) that there might be a patch for our problem.
It would be wonderful/perfect if we can get a patch for 10gR3!
We are using the following:
TUXEDO10gR3 PATCH LEV=44
SALT Patch Lev = 15
Please do let us know.
Thank you again
Sincere Regards,
Mrugendra

Maurice,
Thanks for confirming this. (in the post: [Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0] )
It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
Yes, we need to add HTTP Headers (not SOAP header).
For now we just need to add Basic Authentication HTTP Header for outbound service calls.
We have developed a plugin to do that for now.
And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
At-least, not unless we request that enhancement.
Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
Which, in turn, makes it imperative to change the endpoint clients of our application.
In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
As you say, Maurice, it seems it is not possible yet.
Thank you again for your replies.
Sincere Regards,
Mrugendra

ContentType in HTTP Header issue while sending webservice request

I have a client application deployed on weblogic10.3.4 which access a remote web application (on websphere5.1).
The soap request fails because WebSphere5.1 does not accept double quote around utf-8 in ContentType header of HTTP.
e.g:
Content-Type: text/xml;charset=utf-8 is valid
Content-Type: text/xml;charset="utf-8" is not valid
This can be fixed on glassfish by upgrading metro library.
But how can I fix this problems on weblogic server?
I found weblogic8.1 doc which says this issue has been fixed (CR198996), but why does it still exist on 10.3.4?
Any suggestions would be appreciate.

Hi _MiRichter,
Well Done!
Thank you very much for sharing the solution to us.
Best Regards,
Amy Peng
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Make http header available webservice layer

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2627" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>Hello
All:</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>Platform Windows
XP/Solaris.<BR>Weblogic version 8.1 SP4</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>Our webservice client
sends a request to the weservice we have written.<BR>It goes thru Netigrity's
siteminder gateway. Once it passes thru the gateway<BR>a token is stuck
into the HTTP HEADER and sent thru to the Weblogic
Webservices<BR>servlet.</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>I am aware of the SOAP
handlers to look at the message and retrieve the necessary<BR>headers
(both SOAP and HTTP). However the Webservices code (in my case a POJO)
does<BR>not know anything about the HTTP header.</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>How can I make the HTTP
header piece of data (in this case the TOKEN that Netigrity put<BR>into the HTTP
header) available to my POJO ? My POJO does not have any arguments to
<BR>its method, but I need the TOKEN to do some validation inside my POJO.
Without making use<BR>of a persistent storage how can my pojo get this token
?</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>Can I instantiate the
POJO object (aka my web service provider class) inside the SOAP handler
?</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>If I do this, how do I
know that particular instance of POJO will be invoked by the
Webservice<BR>handler (aka servlet) ?</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>SOAPHandler1
<BR>{<BR>
Websericecontext wc = (Webservicecontext)
mc;<BR>
Headers h =
wc.getSession().getHeaders();<BR>
token =
h.get(token);<BR>
<BR>
PojoWS pojoWs = new
PojoWS();<BR>
<BR>
pojoWS.setToken(token);<BR>}</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS size=4><STRONG>Thanks for your
time.</STRONG></FONT></DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG></STRONG></FONT> </DIV>
<DIV align=justify><FONT face=CourierPS
size=4><STRONG>-Narahari</STRONG></FONT></DIV></BODY></HTML>

Hello Aartjan,
About the tool:
You could use wireshark (just an example).
About the header part:
Can you share your code or a simplification of it (Project and files [vi's..]) that allows me to test/reproduce/see what's going on?
To know what causes the issue we need to see your code.
Kind Regards,
Thierry C - Applications Engineering Specialist Northern European Region - National Instruments
CLD, CTA
If someone helped you, let them know. Mark as solved and/or give a kudo.

Custom Inserted HTTP Header not showing up in Iplanet Logs

ALL:
I have some iPlanet Enterprise/6.0 web servers sitting behind a LoadBalancer. The LoadBalancer is setup in an 'one-armed mode', and takes a client HTTP request passes it onto the server, but during this process, changes the client source IP to that of local static IP that the LoadBalancer has. Due to our setup we cannot change this.
By changing the client source IP to a local address, we have lost any useful user session tracking that was done by source IP.
To get around this, I have the LoadBalancer inserting an HTTP header with the client real source IP. Reading the NSAPI Programmer's Guide (Table 7-1 "http://docs.sun.com/source/816-5686-10/07_magnu.htm"), there is an option "%Req->headers.headername%" that can be used with 'flex-int' to log any header value.
My output from snoop looks as follows:
HTTP: ----- HyperText Transfer Protocol -----
HTTP:
HTTP: GET /plugin.do HTTP/1.1
HTTP: OrigClientAddr:10.5.4.28
HTTP: Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
HTTP: Accept-Language: en-us
HTTP: Accept-Encoding: gzip, deflate
HTTP: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP:
I have set the value to "%Req->headers.OrigClientAddr%" and it still does not show up in the log file. Any clues?
Works fine in Apache with:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{OrigClientAddr}i\" \"%{User-Agent}i\"" headerinsert
CustomLog logs/access_log headerinsert

Always nice to find resolution to one's own question.
Fix was to change the header value to all lower case.
From:
"%Req->headers.OrigClientAddr%"
To:
"%Req->headers.origclientaddr%"

HTTP Header in Client Application

Similar Messages

Maybe you are looking for