Http header setting in servlet

Similar Messages

• HTTP header setting withing XSQL

  Is there a simple way to set an HTTP response header within an
  XSQL or XSL file? Specifically, I would like to set the "Content-
  disposition" header.
  At the end of the day, I would like to have the results of an
  XSQL query, after being formatted into a comma delimited format
  by an XSL, be opened by an IE5 web browser according to the
  associations of the filename suffix (eg: *.csv be opened
  directly by MS Excel spreadsheet).
  If I write my own servlet and use tomcat, I can accomplish this
  by conditionally calling
  response.setHeader("Content-disposition",
  "filename=queryresults.csv");
  if a particular parameter is present in the request, followed by
  forwarding the request to the XSQL servlet.
  a) This custom servlet solution is more complicated than I'd
  like it to be.
  b) I would prefer to use the apache/jserv combination but am
  having no joy figuring out how to forward a request to the XSQL
  servlet after configuring it to service all *.xsql files with my
  custom servlet (it's complaining that there's no method
  getNamedDispatcher method in the servletContext object).
  Any ideas appreciated.
  Cheers,
  Matt

  See the online XSQL documentation at:
  http://download.oracle.com/otndoc/oracle9i/901_doc/appdev.901/a88
  894/adx10xsq.htm
  and search for the words "then you can get access to the HTTP
  Servlet's request, response"
  there is a code example there of how to get access to the
  response object that you need.

• How to Set UserId in Http Header for SSO?

  Hello All,
  I have a requirement to set the userid into the HTTP Header so that i can use the "Header Variables for User Authentication" module provided by SAP to achieve the SSO .
  Could some 1 let me know how can I achieve this? I know abt the HTTPServlet.setheader() method, But i need to set it using my JAVA application. Is there any way to set the HTTP Header using Java. I have already done a lot of googling, but havent got any results.
  I am sure that, there must definitely be a way in which we can add the user id into the HTTP header, in all the results, they tell abt adding it using the HTTP Servlet or PHP and so on, but i need to add it from JAVA.(setting REMOTE_USER as "mysapuserid")
  I have already added the "HeaderVariableLoginModule" in my login stack in the 2nd position, as per
  http://help.sap.com/saphelp_nw04/helpdata/en/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Any pointers will be helpful,
  Meghana
  Edited by: Meghana Phadke on Apr 14, 2008 2:49 PM

  Hi
  As I understand, your java application is an EP client, check framework HttpClient :
  http://hc.apache.org/httpclient-3.x/
  http://hc.apache.org/httpclient-3.x/tutorial.html
  Hope this help
  Jakub Krecicki

• Error in setting up HTTP Header Variable Authentication

  Hi,
  I am trying to set-up SSO for SAP Biller Direct aplication (deployed on SAP J2EE 7.0) using HTTP Header variable authentication.
  As per SAP documentation I have created a new login module "HeaderVariableLoginModule" pointing to class "com.sap.security.core.server.jaas.HeaderVariableLoginModule".
  Then I have added this new login module to Statck "Ticket" and the new config looks as below. HTTP header when UID is passed is USI_LOP.
  Name                                                                                Flag                                            Options
  com.sap.security.core.server.jaas.HeaderVariableLoginModule    Sufficient                                    ume.configuration.active= tue,
                                                                                  Header=USI_LOP
  BasicPasswordLoginModule                                                           Optional
  CreateTicketLoginModule                                                                 Optional                                         ume.configuration.active= tue
  EvaluateTicketLoginModule                                                              Sufficient                                      ume.configuration.active= tue
  The problem I am now having is that the authentication through HTTP_HEADEr does not work. Even though I ahve increased the trace level for JAAS module to debug, there is not any type of information generated in the log.
  Each time I call the Biller Direct URL from the extrenal web server which also passes the HEADER variable for Authntication, the authrisation just fails and I am being shown a Logon Screen to pust UID/PASSWORD.
  Can someone please guide me, how I can debug this? There is very no information whether anyone tried to login with HEADER varibale and that has failed...
  Also, I am not pretty sure whether I am using the right Authentication Stack, which is is Ticket in my case..
  But when I enter the application without any URL redirects and enter UID and password directly for Biller Direct, I get the following in log file, which makes me believe that I am using the right stack.
  LOGIN.OK
  User: CONDLG
  Authentication Stack: ticket
  Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
  1. com.sap.security.core.server.jaas.HeaderVariableLoginModule             SUFFICIENT  ok          false      false                
  2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   OPTIONAL    ok          true       true                 
  3. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true                 
  4. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false      false                
  Central Checks                                                                                true                 
  Any help will be very much apprecated..
  Thanks,
  Vikrant Sud

  Vikrant,
  The reason why it is not working is because your login modules in ticket stack are in wrong order and with wrong flags. The first one should be EvaluateTicketLoginModule with flag=SUFFICIENT, then the Header Variable login module, with flag=OPTIONAL, then CreateTicketLoginModule with flag=SUFFICIENT, then BasicPasswordLoginModule with flag=REQUISITE, and lastly CreateTicektLoginModule with flag=OPTIONAL
  Thanks,
  Tim

• Which OAM setting for passing values in HTTP header to application

  Experts, what is the setting in OAM 11gR2 that is set to pass a userid pulled from a LDAP directory (which is already configured with OAM) as a HTTP Header to an application.
  This is typically in cases where OAM is protecting or providing to protected resources on a Web Server or application.
  Is this setting (in OAM) by default set to userid? I wanted to know exactly where and how to set this value in OAM Console settings.

  In the protected resource policy and protected authorization policy in the responses tab set parameters to return headers for example if you want to return userid under name set header name like user_name, type header and the value as $user.userid. By default I guess OAM_REMOTE_USER is set in the http headers which contains the user id.

• ESB requires "SOAPAction" to be set in HTTP header?

  I'm trying to insert an ESB flow between an existing web service and client. The service and client were previously built with Apache Axis.
  By generating an appropriate WSDL (doc/wrapped rather than Axis' default RPC style) for the existing service, I'm able to connect the ESB to the service.
  The problem is that the existing client (built using Axis) sets the SOAPAction in the HTTP header to empty (SOAPAction: ""), and the ESB appears to require this to be set to the desired operation. If this is a hard requirement, then I can't directly connect the existing client to the ESB flow.
  So, the question is whether it's possible to have the ESB relax the requirement for the SOAPAction header. And if so, how?
  If I can't get the ESB to accept SOAP requests with an empty SOAPAction, then I'll have to create a custom adapter or insert an additional proxy layer (yuk). Anyone else have any suggestions?

  This is all done automatically by FB.
  Just to try something out I just now made a simple app with a label only and tried to upload to Google... FAILED!!!!
  "Market requires versionCode to be set to a positive 32-bit integer in AndroidManifest.xml"
  LOL, FB can't even create this. :-/
  <?xml version="1.0" encoding="utf-8" standalone="no"?>
  <application xmlns="http://ns.adobe.com/air/application/3.1">
  <!-- Adobe AIR Application Descriptor File Template.
            Specifies parameters for identifying, installing, and launching AIR applications.
            xmlns - The Adobe AIR namespace: http://ns.adobe.com/air/application/3.1
                                The last segment of the namespace specifies the version
                                of the AIR runtime required for this application to run.
            minimumPatchLevel - The minimum patch level of the AIR runtime required to run
                                the application. Optional.
  -->
  Message was edited by: KesherMedia.Com

• Problem setting Unicode (utf-8) in http header using tomcat

  Hi:
  I am trying to set a file name in utf-8 to http header using the following code:
  response.setContentType("text/html; charset=utf-8");
  response.setHeader("Content-disposition", "attachment; filename=&#35299;&#27770;.zip");
  // I actually has file name in utf-8 here to set to the header, and I know that the name is correctly
  // and I also looked into the response object MimeHeaders object and saw the head is correctly there
  then write the content of zip file using ServletOutputStream.
  The problem I have is that the file name is not displayed correctly when prompted to save or open in the pop up window next. I found out using Fiddler that the request header is wrong:
  Content-disposition: attachment; filename=&#65533;zn&#65533;�.zip
  I am using Tomcat 5.0.28. Any idea how to get this working?
  Thanks in advance!

  You are setting the charset for the content to be UTF-8. (That is why the method is called setContentType.) But HTTP headers are not part of the content and so that has no effect on the header.
  The original specification for HTTP only allowed US-ASCII characters in headers. It is possible that more recent versions have features that allow for non-ASCII header data, but I don't know if that is the case or how you would use those features if they exist.

• How to deal with the "Set-Cookie" field in HTTP header??

  I follow the RFC-2616 specification to write a socket program to fetch web pages.
  I have to deal with all the fields included in the HTTP header.
  But the RFC-2616 doesn't talk anything about the "Set-Cookie" field.
  Does anyone know how to handle this field or provide me any useful documentation.
  Any help is appreciated.

  A cookie is set with the "Set-Cookie: "-field in the http header, like this:
  Set-Cookie: mycookie=someValue
  This cookie should only be returned to the same host as it came from, like this in the http header of a request:
  Cookie: mycookie=someValue
  If the parameter looks like this:
  Set-Cookie: mycookie=someValue; path=/cgi-bin
  , the cookie should only be returned to the host if the request path starts with /cgi-bin
  If the parameter looks liek this:
  Set-Cookie: mycookie=someValue; domain=.mydomain.com
  , the cooke should be returned to all hosts in the .mydomain.com-domain
  There is also a "expires="-field, which works as expected and a "secure"-field, which I'm not sure how to handle. Maybe the cookie should only be sent to an SSL-enabled host?
  Hope this helps you. Bye,
  Dag W.

• How to set HTTP header field "cookie" with http receiver adapter?

  Hi,
  I am using http receiver adapter (not axis) in a scenario. I could not set a parameter with key cookie in http header. Is there some kind of restriction to set it? I am able to set others like connection and create custom fields using ASMA and dynamic key configuration via UDF on mapping.
  Could you please comment on, is cookie http parameter special or noneditable by PI's http adapter? I am looking for a solution without editing any abap code...
  Regards,

  I believe it is possible since axis adapter provides very same functionality. Let me summarize my scenario may be it helps:
  I am trying to call series of webservice lets say in a BPM. First service (login service) will provide me with a session id (in http header with key Set-Cookie) then I will call another service which has that session id in its http header with key cookie then I am going to logout. So I am testing the second part now, but it doest let me send cookie http header parameter.
  I hope I clarified a bit more my problem.
  Regards,

• How to set custom HTTP header for single sign on

  Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
  It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
  I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
  Thanks in advance for your help.

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• JEditorPane - set http header

  hi
  how to set (or is it even possible) to set http header (in http request) in JEditorPane (to set referrer, user agent, etc.)
  thanks a lot

  Thanks Raja,
  I am not an ITS expert by any means. I need help to work out how use the information in OSS Note 494984 to solve my problem.
  The note seems to be about setting headers on all incoming requests to ITS.
  I need to set the content-type header on an outgoing response generated using a specific (XML) template.
  I did the BC440 course back in 2000 but after 2000 I never did another ITS project, focusing on Java and J2EE instead. So I am not sure how to apply what the OSS Note says. Do I need to assign the content type to a Business HTML parameter in the template? The documentation I have with SAP@Web Studio is not helpful.

• Setting HTTP header in soapMessage

  Hi,
  How can i set an specific HTTP header when using a SOAPConnection to send a SOAPMessage ?
  Please help,
  Pieter
  ps: it the Authorization header, so without it the other part won't accept my post !

  Pieterrr/ddossot
  I need to do the same thing. I have the code in place but it is still not adding the MimeHeaders to HTTPRequest object. I have the jxm-api.jar, and saaj-api.jar in my classpath.
  What am i doing wrong?
  This is my code
            try{
            // Create SOAP message
            MessageFactory factory = MessageFactory.newInstance();
            SOAPMessage message = factory.createMessage();
            // Create SOAP envelope
            SOAPPart soapPart = message.getSOAPPart();
            SOAPEnvelope envelope = soapPart.getEnvelope();
            SOAPHeader hh = envelope.getHeader();
            MimeHeaders headers = message.getMimeHeaders();
                      SOAPHeader     soapHeader = message.getSOAPHeader();
                      //headers.removeHeader("soapaction");
            headers.setHeader("soapction", "http://tempuri.org/GetData");
            String Hdr_Version_Name = "Version";
            String Hdr_Version_Value = "1.0";
            String Hdr_OnBehalfOf_Name = "OnBehalfOf";
            String Hdr_OnBehalfOf_Value = "";
            String Hdr_Role_Name = "Role";
            String Hdr_Role_Value = "1";
            String Hdr_EndPoint_Name = "EndPoint";
            String Hdr_EndPoint_Value = "001";
            String Hdr_ServiceId_Name = "ServiceId";
            String Hdr_ServiceId_Value = "001";
            String Hdr_DateTime_Name = "DateTime";
            String Hdr_DateTime_Value = "10/22/02";
            String Hdr_ClientApplication_Name = "ClientApplication";
            String Hdr_ClientApplication_Value = "APP001";
            String Hdr_TraceWebMethod_Name = "TraceWebMethod";
            String Hdr_TraceWebMethod_Value = "false";
            String Hdr_ClientTouchPoint_Name = "ClientTouchPoint";
            String Hdr_ClientTouchPoint_Value = "ClientTouchPoint";
            String Hdr_ChannelInfo_Name = "ChannelInfo";
            String Hdr_ChannelInfo_Value = "ChannelInfo";
            String Hdr_Environment_Name = "Environment";
            String Hdr_Environment_Value = "WINOS";
            String Hdr_USER_Name = "MUSER";
            String Hdr_USER_Value ="";
            String Hdr_SESSIONID_Name = "SESSIONID";
            String Hdr_SESSIONID_Value ="";
            String SAML_ASSERTION_Cookie_Name = "SAML_ASSERTION";
            String SAML_ASSERTION_Cookie_Value ="";
            String Hdr_tmsasessionticket_Name = "http_tmsamlsessionticket";
            String Hdr_tmsasessionticket_Value = token;
            headers.setHeader(Hdr_Version_Name,Hdr_Version_Value);
            headers.setHeader(Hdr_OnBehalfOf_Name,Hdr_OnBehalfOf_Value);
            headers.setHeader(Hdr_Role_Name,Hdr_Role_Value);
            headers.setHeader(Hdr_EndPoint_Name,Hdr_EndPoint_Value);
            headers.setHeader(Hdr_ServiceId_Name,Hdr_ServiceId_Value);
            headers.setHeader(Hdr_DateTime_Name,Hdr_DateTime_Value);
            headers.setHeader(Hdr_ClientApplication_Name,Hdr_ClientApplication_Value);
            headers.setHeader(Hdr_TraceWebMethod_Name,Hdr_TraceWebMethod_Value);
            headers.setHeader(Hdr_ClientTouchPoint_Name,Hdr_ClientTouchPoint_Value);
            headers.setHeader(Hdr_ChannelInfo_Name,Hdr_ChannelInfo_Value);
            headers.setHeader(Hdr_Environment_Name,Hdr_Environment_Value);
            headers.setHeader(Hdr_USER_Name,Hdr_USER_Value);
            headers.setHeader(Hdr_SESSIONID_Name,Hdr_SESSIONID_Value);
            // Necessary For Secure method
            headers.addHeader(Hdr_tmsasessionticket_Name, Hdr_tmsasessionticket_Value);
                 headers.addHeader("otc_header", "otcderiv");
            envelope.addNamespaceDeclaration("xsi","http://www.w3.org/2001/XMLSchema-instance");
            envelope.addNamespaceDeclaration("xsd","http://www.w3.org/2001/XMLSchema");
            envelope.addNamespaceDeclaration("soap","http://schemas.xmlsoap.org/soap/envelope/");
            boolean rem = envelope.removeNamespaceDeclaration("soapenv");
            SOAPBody body = envelope.getBody();
            soapPart.setContentId("");
            Name bodyName = envelope.createName("GetData", "", "http://tempuri.org/");
            SOAPBodyElement createuser = body.addBodyElement(bodyName);
            SOAPConnectionFactory scFactory = SOAPConnectionFactory.newInstance();
            message.saveChanges();
            SOAPConnection con = scFactory.createConnection();
            URL endpoint = new URL("http://abc.xyz.com/securitymanager.asmx");
            System.out.println("INPUT=" + envelope.toString());
            SOAPMessage responsex = con.call(message, endpoint);
            // print the response message
            ByteArrayOutputStream soapResponseStream = new ByteArrayOutputStream();
            responsex.writeTo(soapResponseStream);
            String sOutput = soapResponseStream.toString();
            //System.out.println("OUTPUT=" + sOutput);
            System.out.println(sOutput);
            }catch(Exception e)
            e.printStackTrace();
            }

• How do I set the Http Header POST URL in SAAJ?

  Hi ,
  I am a newbie in the field of web services. I was trying to create a SOAP request with Http Header POST information having a POST url like
  the following:
  POST /OMASTI.xml HTTP/1.1
  Content-Type: multipart/related; boundary="eladeladeladeladeladeladeladeladelad"; type=text/xml; start=11814460
  Content-Length: 54596
  Host: unspecified
  SOAPAction: ""
  to that effect I did the following in the SAAJ client:
  MimeHeaders md = message.getMimeHeaders();
            md.setHeader("SOAPAction" ,"\"\"");
            md.setHeader("POST" ,"/OMASTI.xml");
  However what I got was :
  POST / HTTP/1.1
  Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  SOAPAction: ""
  POST: /OMASTI.xml
  Content-Type: multipart/related; type="text/xml"; boundary="----=_Part_2_32124414.1153146262750"
  Content-Length: 3352
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_07
  Host: www.google.com
  Connection: keep-alive
  I have two POSTs in the header. How do I fix it? Please Help ASAP.
  Regards,
  Zeus

  Hi,
  Please forgive my ignorance. I did the same as you said. and then checked the Http request being sent out using ethreal software... it was the same as I had told earlier. Is only POST supported by the connection object? And the does the URL that comes in the Mime header as POST refer to the URL to which the request was sent? what I mean is that if the mime header says
  POST /OMASTI.xml HTTP 1.1, does it mean that the URL that was passed to the connection object was "/OMASTI.xml" ? I had given the url as http://www.google.com to test the request being sent.. I only have a sample SOAP request which shows a HTTP header with the post url as I said before. I need to create a SOAP request with the same sort of Http header and the body needs to follow a certain OMA-STI protocol. My experience in the SOAP domain is almost nil. So please enlighten me.
  Thanks in advance,
  zeus

• How can I set "SOAPAction" http header using SAAJ

  When I send soap request, http header's like below
  SOAPAction: ""
  But, I'd like to send like this
  SOAPAction: "http://tempuri.org/HelloWorld"
  How can I that using SAAJ ?
  My code is
  String xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
  "<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n" +
  " <soap:Body>\n" +
  " <HelloWorld xmlns=\"http://tempuri.org/\" />\n" +
  " </soap:Body>\n" +
  "</soap:Envelope>";
  Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(xml.getBytes()));
  DOMSource domSource = new DOMSource(doc);
  SOAPMessage message = MessageFactory.newInstance().createMessage();
  message.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, "utf-8");
  message.setProperty(SOAPMessage.WRITE_XML_DECLARATION, "true");
  message.getSOAPPart().setContent(domSource);
  message.writeTo(System.out);
  SOAPConnection connection = SOAPConnectionFactory.newInstance().createConnection();
  SOAPMessage response = connection.call(message, helloURL);
  connection.close();
  SOAPBody body = response.getSOAPBody();
  if ( body.hasFault() )
  SOAPFault newFault = body.getFault();
  System.out.println("SoapBody has fault.");
  System.out.println("code=" + newFault.getFaultCodeAsName());
  System.out.println("message=" + newFault.getFaultString());
  System.out.println("actor=" + newFault.getFaultActor());
  else
  System.out.println("Call Successed.");
  System.out.println(body);
  }

  message.getMimeHeaders().addHeader("SOAPAction", "http://tempuri.org/HelloWorld");

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers