Re: SICF http Handler - Authorization Header not a...

Former Member · ‎2013 Oct 15

Hi all

i am facing a problem with HTTP Basic Authentication Headers.

I have the requirement to implement Basic Authentication against a customer table. Therefore i have implemented a http handler where i want to check if the Authorization http header is set.

I have configured the sicf node to use an internet user an to user alternative login module sequence where i have removed the Basic Authentication module. The external breakpoint in the http handler is hit, but the authorization header is missing - even though it was set for the request.

can anybody tell me how i can configure the sicf/icm to pass through these http header ?

Thanks!

BR

Martin

Former Member · ‎2013 Oct 16

First remove the Logon Data maintained for the ICF node. Have you tried the following:

      CALL METHOD server->request->get_authorization
        IMPORTING
          username = username_str
          password = password_str.

See method AUTHENTICATION of ABAP class CL_HTTP_SERVER_NET for details.

JackGraus · ‎2016 Mar 10

Good day Martin

I am experiencing exactly the same problem. We send a JSON JWT token in HTTP header field 'Authorization'. The token is handled by a HTTP handler class. But the 'Authorization' header field content is blanked out by SAP. When using a different name like 'AuthorizationBearer' than all works fine.

Did you find a solution for this ?

Regards Jack

martinkoch · ‎2016 Mar 10

HI Jack,

the kernel filters the security relevant headers.

I found a workaround by using X-Headers e.g. X-Username, X-Token...

BR,

Martin

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

SICF http Handler - Authorization Header not available