Invalid Http header request

Similar Messages

• Http head request?

  I have a flash application that needs to validate a url
  entered by a user. Is there a way to do a simple head request using
  actionscript to verify that the url entered returns a 200 http code
  and not a 404 (file not found)?
  Thanks.

  "borfgordon" <[email protected]> wrote in
  message
  news:gbhdh7$jak$[email protected]..
  > Because I don't want to download the entire file unless
  I need to, and
  > http
  > head method request lets me check the size before
  downloading. Regardless,
  > for
  > puposes of this forum post it does not matter what I am
  doing with the
  > file.
  >
  > Point is that I need to do an HTTP HEAD method request
  as I am only
  > interested
  > in some resource info. If anyone here knows how to do an
  HTTP HEAD request
  > via
  > Flex 3 any assistance would be appreciated.
  I don't think HTTPService actually allows anything but GET
  and POST under
  normal circumstances. I think it possibly allows other
  methods if you set
  useProxy to true, but I don't know what's involved in using a
  proxy.
  HTH;
  Amy

• How to solve the error message Podcast cover art must be at least 1400 X 1400 pixel JPG or PNG, in RGB color space, and hosted on a server that allows HTTP head requests."

  please help!! I've been trying to solve this error message for hours
  the feed url is http://feeds.feedburner.com/goodstewards
  the artwork url is http://www.goodstewards.com/wp-content/uploads/2014/11/logo.jpg
  this is a wordpress domain that i am using with feedburner

  "Your Blogger feed has no 'itunes' tags and is lacking the 'iTunes declaration' in the second line, so you have no image as far as the Store is concerned. You need to set Blogger to provide an itunes-compliant feed."
  So, how do I set Blogger to do that? I was Googling for the answer, but nothing. I have "Allow Blog Feed" set to full and Title Links and Enclosure Links enabled.
  "Your Feedburner feed link goes to a text page containing the code of a feed - this feed does have the 'itunes:...' tags. However in both feeds you are using Google Drive as a server for the image and media files and the URLs are prefaced with https (encrypted connection) - this may work in the Store but it is inadvisable and your URLs should begin with http."
  Yeah, I couldn't think of another way to get you straight to the actual XML file. I guess what you are saying is that Google Drive does not have an appropriate server, which is why it gives https instead of http as a head.

• Adding custom information in HTTP Header in an outgoing request from GWWS

  Is there a way to send custom header information with the a webservice request (HTTP post) that happens via GWWS server?
  All the methods I read about deal with managing the soap envelop that gets sent.
  We are looking for ways which will allow us to put custom information in the headers.
  I am aware there is something we can do using the Salt Plugins.
  For example, we can write a Out bound plugin which has a capability of putting the "Authentication:Basic..." in the header.
  Then there is message conversion plugin which deals with transformation of message, which gives us control over the soap body.
  Is it possible to put information in the header for outgoing request (from GWWS) to a specific web service?
  Thanks and Sincere Regards,
  Mrugendra

  Maurice,
  Thanks for confirming this.
  It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
  Yes, we need to add HTTP Headers (not SOAP header).
  For now we just need to add Basic Authentication HTTP Header for outbound service calls.
  We have developed a plugin to do that for now.
  And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
  At-least, not unless we request that enhancement.
  Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
  Which, in turn, makes it imperative to change the endpoint clients of our application.
  In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
  With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
  As you say, Maurice, it seems it is not possible yet.
  Thank you again for your replies.
  Sincere Regards,
  Mrugendra

• No "Remote-User" in HTTP header when HTTP request gets to WLS

  Hello Exprers,
  I have a customer, using 10.3.3 on Linux machine. Web server as Apache.
  He wants Remote-User in HTTP header, he used to get it when he used Tomcat. But when he transffered to Apache and 10.3.3, he is not getting the Remote-User in header, instead he is getting proxy-remote-user.
  He wants the Remote-user in HTTP header.
  Any clue, on why he is not getting it.

  Hi,
  We are facing error while doing openConnection
  When I tried with simple java file it worked as shown below
  import java.io.*;
  import javax.net.ssl.HttpsURLConnection;
  public class test
  public static void main(String[] args) throws Exception
  String httpsURL = "https://rcfe.aspac.citicorp.com:40054/servlet/Verify";
  URL myurl = new URL(httpsURL);
  HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
  InputStream ins = con.getInputStream();
  InputStreamReader isr = new InputStreamReader(ins);
  BufferedReader in = new BufferedReader(isr);
  if (con!=null)
  System.out.println("con="+con);
  System.out.println(ins);
  Output*
  [rcrrgbg2@kauh0079:/rcrmap2/weblogic/bea/ORA_PFRD/forms/j2ee] java test
  con=com.ibm.net.ssl.www2.protocol.https.e:https://rcfe.aspac.citicorp.com:40054/servlet/Verify
  sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@5f6c5f6c
  However when I tried with below program I am able to write upto Web CL URL but after that no log is written when it tries to do openConnection() for this line csConn=(HttpsURLConnection)new URL(webclURL).openConnection(); in the below code
  Some part of the code:_
  =======================================================================
  import java.io.*;
  import javax.servlet.http.*;
  import javax.servlet.*;
  import java.util.Hashtable;
  import java.io.File;
  import java.io.FileInputStream;
  import javax.servlet.ServletException;
  import javax.servlet.ServletOutputStream;
  import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.net.ssl.HttpsURLConnection;
  import java.net.URL;
  public class CRMSLogin extends HttpServlet
  private static final long serialVersionUID=-6294676216324813290L;
  public void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
  String iniFile=request.getParameter("CRMS_INI_FILE_PATH");
  String sessionId=request.getParameter("SessionId");
  String applId=request.getParameter("apl_id");
  String userId=request.getParameter("userId");
  String clientIp=request.getRemoteAddr();
  Properties iniProp=this.getProperties(iniFile);
  String crmsAppServerContext=iniProp.getProperty("CRMS_APP_SERVER_CONTEXT");
  String appModule=iniProp.getProperty("CRMS_MODULE");
  String webclURL=iniProp.getProperty("WEBCL_URL");
  // HttpsURLConnection csConn=null;
  String crmsFormsTerm=null;
  crmsFormsTerm=getEntitlements(iniFile.trim(),sessionId,applId.trim(),clientIp.trim(),webclURL.trim());
  String baseContent=this.getBaseContent(iniProp);
  ServletOutputStream out=response.getOutputStream();
  baseContent=baseContent.replaceAll("<!APP_TITLE!>","Credit Risk Management System");
  baseContent=baseContent.replaceAll("<!APP_CONTEXT!>",crmsAppServerContext);
  baseContent=baseContent.replaceAll("<!APP_MODULE!>",appModule);
  baseContent=baseContent.replaceAll("<!APP_TRACE!>",crmsFormsTerm.replaceAll(" ", ""));
  baseContent=baseContent.replaceAll("<!USER_ID!>",userId);
  baseContent=baseContent.replaceAll("<!SESSION_ID!>",sessionId);
  baseContent=baseContent.replaceAll("<!APPL_ID!>",applId.trim());
  baseContent=baseContent.replaceAll("<!CLIENT_IP!>",clientIp.trim());
  baseContent=baseContent.replaceAll("<!INI_FILE!>",iniFile.trim());
  out.println(baseContent);
  out.flush();
  out.close();
  private synchronized Properties getProperties(String inifile)
  Properties iniProp=new Properties();
  FileInputStream iniFileStream=null;
  try
  iniFileStream=new FileInputStream(inifile);
  iniProp.load(iniFileStream);
  iniFileStream.close();
  catch(Exception e)
  finally
  try
  if(iniFileStream!=null)
  iniFileStream.close();
  catch(Exception e)
  return iniProp;
  public static synchronized String getEntitlements(String inifile,String sessionId,String applId,String clientIp,String webclURL)
       HttpsURLConnection csConn=null;
       OutputStreamWriter requestStream=null;
       BufferedReader responseStream=null;
       StringBuffer responseData=new StringBuffer();
       String csReturnString=null;
       //String webclURL=null;
       BufferedWriter traceLog=null;
       int csCount=6;
       Properties iniProp=new Properties();
       String traceFile=null;
       String entitlementData=null;
       try
       readIniProperties(inifile,iniProp);
       traceFile=getTraceFile(iniProp);
       traceLog=new BufferedWriter(new FileWriter(traceFile,true));
       if(traceFile!=null)
       traceLog.write("###########################");
       traceLog.write("P A R A M E T E R S");
       traceLog.write("###########################");
       traceLog.newLine();
       traceLog.write("INI_FILE:"+inifile);
       traceLog.newLine();
       traceLog.write("SESSION_ID:"+sessionId);
       traceLog.newLine();
       traceLog.write("APPL_ID:"+applId);
       traceLog.newLine();
       traceLog.write("CLIENT_IP:"+clientIp);
       traceLog.newLine();
       traceLog.write("count:"+csCount);
       traceLog.newLine();
       traceLog.write("###########################");
       traceLog.newLine();
       //webclURL=getWebclURL(traceLog,iniProp);
       if(webclURL!=null)
       traceLog.write("Web CL URL:"+webclURL);
            traceLog.newLine();
       csConn=(HttpsURLConnection)new URL(webclURL).openConnection();     
  traceLog.write("Open Connection - Completed!");
       traceLog.newLine();
       csConn.setRequestMethod("POST");
       csConn.setDoInput(true);
       csConn.setDoOutput(true);
       requestStream=new OutputStreamWriter(csConn.getOutputStream());
       traceLog.write("Open Request Stream - Completed!");
       traceLog.newLine();
       requestStream.write("SessionId="+sessionId+"&ClientIP="+clientIp+"&apl_id="+applId+"&count="+csCount);
       requestStream.flush();
       requestStream.close();
       traceLog.write("Write Params to Request Stream - Completed!");
       traceLog.newLine();
       responseStream=new BufferedReader(new InputStreamReader(csConn.getInputStream()));
       traceLog.write("Open Response Stream - Completed!");
       traceLog.newLine();
       while((csReturnString=responseStream.readLine())!=null)
       responseData.append(csReturnString);
       traceLog.write("Response Stream Reading - Completed!");
       traceLog.newLine();
       responseStream.close();
       csConn.disconnect();
       entitlementData=getEntitlementData(traceLog,responseData.toString(),iniProp);
       traceLog.write("responseData::"+responseData);
       traceLog.newLine();
       traceLog.newLine();
       traceLog.write("entitlementData::"+entitlementData);
       traceLog.newLine();
       traceLog.flush();
       traceLog.close();
       catch(Exception e)
       e.printStackTrace();
       finally
       try
       if(requestStream!=null)
       requestStream.close();
  =======================================================================
  output_
  ###########################P A R A M E T E R S###########################
  INI_FILE:/rcrmap1/rcrrgbg2/crms.ini
  SESSION_ID:%2526%253ASIGNED_TICKET%253D%2526PROVIDER_TICKET%253D002c6e4cH0tZy2Gj4JBCOiSL7uSlKisfsqgwP9KoRRn7e%252BY%253D%253AKRSERVER0006%252BA9A52AAE%252B4D1DC7AA%252B14400
  APPL_ID:RCRMKR
  CLIENT_IP:169.165.42.174
  count:6
  Web CL URL:https://rcfe.aspac.citicorp.com:40054/servlet/Verify
  Please help to guide us.
  Regards,
  Harish

• Custom information in HTTP Header in an outgoing GWWS Request

  Hello Xu,
  Hello Everyone,
  With reference to the recent post activity in the post:
  [Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0]
  We are looking for an option to send custom header information with the a webservice request (HTTP post) that happens via GWWS server.
  I prematurely marked that post as answered since we got a link to documentation in one of the answers, which suggests that problem has been taken care in TUXEDO11gR1.
  However, it would be difficult (almost impossible) for us to move to 11gR1 immediately.
  Since I marked that post as "answered" and I did not know if replies in that post will get any attention, I opened up this post.
  Xu (He) suggested (in reply to my previous post) that there might be a patch for our problem.
  It would be wonderful/perfect if we can get a patch for 10gR3!
  We are using the following:
  TUXEDO10gR3 PATCH LEV=44
  SALT Patch Lev = 15
  Please do let us know.
  Thank you again
  Sincere Regards,
  Mrugendra

  Maurice,
  Thanks for confirming this. (in the post: [Adding custom information in HTTP Header in an outgoing request from GWWS|https://forums.oracle.com/forums/thread.jspa?threadID=2366358&tstart=0] )
  It clarifies the doubts that I was having while reading through the documentation Xu pointed to.
  Yes, we need to add HTTP Headers (not SOAP header).
  For now we just need to add Basic Authentication HTTP Header for outbound service calls.
  We have developed a plugin to do that for now.
  And even if the salt plugin takes care of adding the Basic Authentication in the HTTP Header for outgoing calls, I guess we do not have any option to include some custom information in the HTTP Header which might be required in the future.
  At-least, not unless we request that enhancement.
  Bringing the plugin into our mix requires a lot of changes to our architecture including inclusion of AUTHSVR in the UBB,
  Which, in turn, makes it imperative to change the endpoint clients of our application.
  In addition to that, the incoming web service calls also need to include TUXEDO authentication information, which would again require either communicating the authentication information to the consumers of our service or device some kind of a proxy which would add the authentication information for all the incoming requests!
  With these facts in mind, we were wondering if we have an easier way to include the HTTP header information.
  As you say, Maurice, it seems it is not possible yet.
  Thank you again for your replies.
  Sincere Regards,
  Mrugendra

• Get a specific Http header field from an http request in a component

  Hello,
  In a custom component that I've created ( which extends ServiceHandler), I'd like to access a specific http header field from the http requests that this component receives.
  I assume this could be accessible through m_binder or m_service, but I didn't find any solution so far.
  Any Idea?
  Thanks in advance,
  Leo

  As it may help others, I answer what I figured out.
  Every details of the http request is put into the m_binder.
  So a specific field can be accessed with m_binder.getEnvironmentValue("My_data")
  You can also list all the available data as it is a standard properties set.

• Problem adding HTTP header to request

  Hi all,
  My company is wanting to access our Adobe Connect through our
  SAP portal without requiring the user to stop and enter their Adobe
  Connect password.
  The documentation available says that this should be possible
  using a combination of SAPSSOEXT (to interrogate the SAP ticket and
  authenticate the user coming from the SAP portal) and HTTP header
  authentication within Adobe Connect (by inserting the authenticated
  username into a custom HTTP header).
  However the problem is that I'm intending to use Java, but I
  can't find any Java functionality that will allow me to add a
  header into an HTTP request.
  Has anyone done anything like this before? Any ideas on how
  to go about it?
  Thanks in advance,
  David

  In 10.1.3.5, there were several examples or samples in the Oracle BPEL folder. I think there were ones called HTTPGetService and HTTPPostService. You might check to see if they are still around.

• SOAP HTTP header in SOAP request

  Hi,
  How to add the soap HTTP additional header in the SOAP request?
  I want to add the headers not through coding. I want to add it manually.
  I can able to add the HTTP headers through SOAPUI. But i need to add the same inside the request.
  Could someone please help me?

  I am sending the SOAP request through SoapUI.
  Here is the sample request which i have used.
  <?xml version="1.0"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:req="http://requisition.api.newscale.com">
  <soapenv:Header>
  <req:AuthenticationToken>
  <req:Username>***</req:Username>
  <req:Password>***</req:Password>
  </req:AuthenticationToken>
  </soapenv:Header>
  <soapenv:Body>
  <req:getRequisitionStatus>
  <req:loginUserName>***</req:loginUserName>
  <req:requisitionId>123456</req:requisitionId>
  </req:getRequisitionStatus>
  </soapenv:Body>
  </soapenv:Envelope>
  Here i have to add the additional HTTP header with this request.

• HTTP PUT Request for File Uploads is returning a response header with content-length = 0

  After upgrading from CF9 to Coldfusion 10, I'm running into an odd issue, with `cURL` calls to a webservice that used to work.
  We are using an HTTP PUT Request with multipart="no" so that the request header content is the file itself, now the data is being sent properly in the content but it has a ~8k limit. This is fine for smaller files but some files are 60kb etc.
  Errors are odd too, near the 8KB limit we get a bad gateway error 502, and above that the webpage errors with a connection reset.
  It works fine with multipart="yes", but in a PUT request the file's data isn't even sent since it's looking for `httpparam formField` , the content-length from the target page's Headers show a content-length of 0 which causes `cURL` to fail with an error (56): http://curl.haxx.se/docs/manpage.html
  Here's example code to reproduce:
  <cfset sFilename = "C:\999\test4.txt">
  <cffile action="readBinary" file="#sFilename#" variable="fileRead">
  <cfset oFileInfo = GetFileInfo("#sFilename#")>
  <cfhttp           url="localhost/Clarence/diff_elt_test_output.cfm"
                                method="PUT"
                                username="******"
                                password="******"
                                multipart="yes"
                                result="oHttp">
            <cfhttpparam type="header" name="Content-Type" value="text/plain" />
            <cfhttpparam type="header" name="Content-Length" value="#oFileInfo.Size#" />
            <cfhttpparam type="body" value="#fileRead#"/>
  </cfhttp>
  <cfdump var="#oHttp#">
  Dumping the response via GetHttpRequestData() shows that the header's content-length = 0 and content is blank.
  Whereas POST requests work fine, cURL has a -F form option which is our fallback but a solution to this would be great.
  Here's what I've tried:
  1. Changing CF post request limit sizes (64MB+)
  2. Changing IIS config web/webserver http runtime and security.request filtering request limits to much higher values
  3. AJP Connector between IIS and Tomcat has a default 8KB header limit, I changed that to 64k on both sides, still nothing
  Also am I missing something fundamental here? I thought at the network layer a packet is split up and rejoined, so large content in a http request body should work, what's wrong with Coldfusion 10?

  I am familiar with java.net package and know how to
  Read and Write Streams.
  However, what I do not know is what string
  represntation of PUT or POST resquests is?It's HttpURLConnection.setRequestMethod("PUT") or ("POST").
  Also you have to setDoOutput(true).
  Then you set the content type, possibly encode the input, set the content length, and write the file data to the stream.
  Using a Jakarta package may be easier, however.

• Disabling logging of HEAD request in HTTP web server logs

  Hi,
  I would like to stop the logging of HEAD requests in my HTTP server logs. I was thinking of using the Rewrite rule, however, there may be a more direct way of doing this. Is there a configuration setting within HTTP Server to do this?
  I'm using WebTier component of Weblogic 10.3.2.
  Thanks,

  I found the solution to disable HEAD requests.
  Edited by: WallyP on Mar 11, 2010 12:24 PM

• Set token attribute to HTTP(s) request header

  Hi,
  in order to meet security requirements we need to put a token attribute to the HTTP(s) requests header. The data connection is setup as "WSDL data connection".
  How can we set this header information in Adobe Designer by scripting that Adobe Reader (with ARES) includes the token to the HTTP(s) header request?
  Many thanks for your help,
  Daniel

  Task is solved. First of all I updated PowerQuery since previous version does not support Headers option for Web.Contents function. Here is a correct syntax:
  =Xml.Document(Web.Contents("https://api.ebay.com/ws/api.dll",[Headers=[#"X-EBAY-API-COMPATIBILITY-LEVEL"= "871",#"X-EBAY-API-SITEID"="0",#"X-EBAY-API-CALL-NAME"="GetMyeBaySelling",#"CONTENT-TYPE"="text/xml"], Content=Text.ToBinary("<?xml version="&Character.FromNumber(34)&"1.0"&Character.FromNumber(34)&" encoding="&Character.FromNumber(34)&"utf-8"&Character.FromNumber(34)&"?>
  <GetMyeBaySellingRequest xmlns="&Character.FromNumber(34)&"urn:ebay:apis:eBLBaseComponents"&Character.FromNumber(34)&">
  <RequesterCredentials><eBayAuthToken>***</eBayAuthToken></RequesterCredentials><SoldList><DurationInDays>60</DurationInDays><Pagination><EntriesPerPage>100</EntriesPerPage><PageNumber>1</PageNumber></Pagination></SoldList></GetMyeBaySellingRequest>")]))

• Invalid http response: HTTP/1.1 200

  Hi gurus!
  I have a problem with an asynchronous interface.
  We are calling a Webservice which we don't need any response. In sxmb_moni it's OK, but in our RWB we see it as failed, with this entry:  invalid http response: HTTP/1.1 200.
  I have search in logs, and in defaultTrace_00.0.trc we can see the following entry:
  Marked transaction for rollback for meesage 4b4ed19f-bbe6-0062-e100-8000ac1f041d(INBOUND). Reason: java.io.IOException: invalid http response: HTTP/1.1 200
  We have captured the HTTP header response, and is:
  HTTP/1.1 200
  Date: Thu, 14 Jan 2010 10:26:03 CET
  Server: Mule/1.2
  Connection: close
  Expires: Thu, 14 Jan 2010 10:26:03 CET
  Content-Type: text/xml
  Content-Length: 508
  X-MULE_CORRELATION_ID: d595447a-00ee-11df-a6a5-becd407b7daa
  X-MULE_CORRELATION_GROUP_SIZE: 3
  X-MULE_CORRELATION_SEQUENCE: -1
  Could it be problem of the X-MULE_CORRELATION headers? Or Maybe PI needs an HTTP/1.1 200 OK?
  Thak you!!!!

  Hi Ignasi,
  I personally donu2019t think you will have much luck getting XI to accept this response since itu2019s not an XI issue.  Itu2019s true that the client (XI in this case) is not required to examine or display the reason-phrase, but that statement doesnu2019t negate the requirement on the server to provide it.  The client has the option to look at it or not, but the server must still provide it either way.
  I didn't notice the http header before, but the server you are connecting to is actually Mule version 1.2.  This release dates back to 2005.  I ran a quick test and reproduced the issue using Mule 1.2 (hello-http sample).  This may not be the same exact issue, but I did observe the same issue with the missing reason-phrase.  The issue is fixed in the Mule 1.3 release.
  Perhaps they can request a patch for 1.2.  This may not be possible since they are working on the Mule 3.0 version now, but I really donu2019t know.  Itu2019s literally one line of code.   I made one small change and was able to get the hello-http sample working (code is open source):
  Class: org.mule.providers.http.transformers.UMOMessageToHttpResponse
  From this:
  httpMessage.append(status).append(HttpConstants.CRLF);
  To this:
  httpMessage.append(status).append(" ").append(org.apache.commons.httpclient.HttpStatus.getStatusText(status)).append(HttpConstants.CRLF);
  org.apache.commons.httpclient.HttpStatus.getStatusText is the method they are using in 1.3 to resolve the reason-phrase using the status code.
  Thanks,
  -Russ

• Problem with StreamCorruptedException: invalid stream header: 3C68746D

  Hi
  I am attempting to code a project in Java which involves the user of object serialization to send a String via serialization from an applet embedded in a JSP tp a servlet all files are running on the same machine for testing purposes.
  However I seem to be getting StreamCorruptedException: invalid stream header: 3C68746D whenever I attempt to read the inputstream once I have written to it.
  My code is as follows below (I apologise for the lack of details I have attempted to comment and simplify my code as much as possible for improved readability)
  ////////////////////////APPLET CODE////////////////
  import java.io.*;
  import java.io.Serializable;
  import javax.servlet.http.*;
  import java.applet.*;
  import javax.swing.*;
  import java.net.*;
  *Compiled using netbeans 5.1
  *Uses Apache server embedded with netbeans
  *JSP address http://localhost:8084/TestServ
  *Applet is embedded within this page
  *Servlet address http://localhost:8084/TestServ/TServ
  public class Main extends javax.swing.JApplet {
  JFrame jf;//frame for the test applet
  JTextArea jt;//result text box
  public Main() {
  jt=new JTextArea();//set up applet
  this.add(jt);
  URL servletURL;
  HttpURLConnection servletConnection;
  InputStream iStream=null;
  try
  {   //this address as far as is known is correct
  servletURL = new URL( "http://localhost:8084/TestServ/TServ" );
  //open connection to servlet
  servletConnection = (HttpURLConnection)servletURL.openConnection();
  //set up connection
  servletConnection.setDoInput(true);
  servletConnection.setDoOutput(true);
  servletConnection.setUseCaches(false);
  servletConnection.setDefaultUseCaches(false);
  //have tried "GET" and "POST" and "PUT"(PUT not directly compatible with apache servers)
  servletConnection.setRequestMethod("POST");
  servletConnection.setRequestProperty("Content-type","application/octet-stream");
  /*Have also tried application/x-java-serialized-object*/
  //set object output stream
  ObjectOutputStream outStream =
  new ObjectOutputStream(servletConnection.getOutputStream());
  //write a string for test purposes (As far as I am aware String implements Serializable)
  outStream.writeObject("h");
  //flush and close connection
  //have tried a combination of flush and/or close
  outStream.flush();
  outStream.close();
  //get input stream rdy for objectinput stream
  iStream = servletConnection.getInputStream();
  catch(IOException e)
  jt.setText("Error in output "+e);
  ObjectInputStream oInStream=null;
  String str = iStream.toString();
  //iStream at this point equals ""sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@6754d6
  try
  //this is where the error occurs
  //upon even trying to create a objectinputstream using iStream IOException occurs
  oInStream = new ObjectInputStream(iStream);
  //program does not get any further
  oInStream.close();
  catch(IOException e)
  //this error has been driving me crazy :(
  jt.setText("Error in input "+e);
  Servlet code is below however it does not even reach this point
  (If reading input stream is removed from the applet the servlet provides the same error message)
  /////////////////////Servlet code (however does not reach this point)///////////////
  import java.io.*;
  import java.net.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class TServ extends HttpServlet {
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  ObjectInputStream inputFromApplet = null;
  InputStream in = request.getInputStream();
  BufferedReader inTest = null;
  out.println("<html>");
  out.println("<head>");
  out.println("<title>Servlet TServ</title>");
  out.println("</head>");
  out.println("<body>");
  try
  inputFromApplet = new ObjectInputStream(in);
  out.println("<h2>Sucess </h1>");
  catch(EOFException e)
  out.println("<h3>ERROR: " e " Error</h3>");
  out.println("<h3>End Servlet</h3>");
  out.println("</body>");
  out.println("</html>");
  out.close();
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  public String getServletInfo() {
  return "Short description";
  Thank you for your time I have searched for an answer for some time now and how found people in similar situations however no solution has been found
  Any help is appreciated
  Az

  The servlet isn't writing any objects back in reply. It is writing text. Not the same thing. If you want to read using an ObjectInputStream you have to write using an ObjectOutputStream.

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers