topic Re: SICF http Handler - Authorization Header not available in Application Development and Automation Discussions

SICF http Handler - Authorization Header not available

Former Member — Tue, 15 Oct 2013 08:52:20 GMT

Hi all

i am facing a problem with HTTP Basic Authentication Headers.

I have the requirement to implement Basic Authentication against a customer table. Therefore i have implemented a http handler where i want to check if the Authorization http header is set.

I have configured the sicf node to use an internet user an to user alternative login module sequence where i have removed the Basic Authentication module. The external breakpoint in the http handler is hit, but the authorization header is missing - even though it was set for the request.

can anybody tell me how i can configure the sicf/icm to pass through these http header ?

Thanks!

Martin

Re: SICF http Handler - Authorization Header not available

Former Member — Wed, 16 Oct 2013 01:19:58 GMT

First remove the Logon Data maintained for the ICF node. Have you tried the following:

      CALL METHOD server->request->get_authorization
        IMPORTING
          username = username_str
          password = password_str.

See method AUTHENTICATION of ABAP class CL_HTTP_SERVER_NET for details.

Re: SICF http Handler - Authorization Header not available

JackGraus — Thu, 10 Mar 2016 13:08:42 GMT

Good day Martin

I am experiencing exactly the same problem. We send a JSON JWT token in HTTP header field 'Authorization'. The token is handled by a HTTP handler class. But the 'Authorization' header field content is blanked out by SAP. When using a different name like 'AuthorizationBearer' than all works fine.

Did you find a solution for this ?

Regards Jack

Re: SICF http Handler - Authorization Header not available

martinkoch — Thu, 10 Mar 2016 14:26:32 GMT

HI Jack,

the kernel filters the security relevant headers.

I found a workaround by using X-Headers e.g. X-Username, X-Token...

BR,

Martin