cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to set HTTP header in portalLogon.jsp

former_member185404
Explorer

on ‎02-25-2016 10:25 AM

0 Kudos

Hi everyone!

We implemented customized portal logon app, using this guide

No we want to implement NTLM authorisation, for this purpose I need to set HTTP header

I am trying to do it with such code in logonPage.jsp:

response.setHeader("WWW-Authenticate", "NTLM");


But server returns no WWW-Authenticate HTTP header to client, I guess becouse we have

some wrapper classe instead of HttpServletRequest and HttpServletResponse in our portal logon app.

This wrapper class erase any http header that I try to set I guess for security reasons.

So the question is how to configure portal logon app (or maybe some other portal environment)

to accept headers that we set at portal logon page jsp.

Thanks in advance!

Show replies
Show replies
Answer
View Entire Topic
LutzR
Active Contributor
‎02-25-2016 10:37 AM
0 Kudos

Hi Mikhail, a task like this is typically done with a JAAS login module I guess.

Do you really mean NTLM and not Kerberos/SPNego? There is a completely configurable solution for SPNego by calling the wizard https://portal.domain.com/spnego without any coding needed.

Regards,

Lutz

Show replies
Show replies
former_member185404
Explorer
‎02-25-2016 11:38 AM
0 Kudos

Hi Lutz!

There are some troubles with user domain name and portal user ID mapping, our basis team figured out that we have to implement NTLM by custom code like this Get username using NT Challenge (NTLM) - Real's Java How-to

So I have to set http header. Actually I tried to get original servlet response with this code

HttpServletResponse servletResponse = request.getServletResponse(false);

//gets the original servlet response

But this method also returns wrapper class and this class also erase header.

This code just do nothing (as far as I can see there are even no errors in log so cant figure out what is wrong)

HttpServletResponse servletResponse = request.getServletResponse(true);


I even tried to get original HttpServletrequest/response with reflection, but It is fragile attemp because

I have to call some non-pulic methods of wraper objects.

Regards,

Mikhail

saar_dagan
Employee
Employee
‎03-04-2016 7:58 PM
0 Kudos

Hi Mikhail,

Was your problem solved?

BR,

Saar

former_member185404
Explorer
‎03-09-2016 5:52 PM
0 Kudos

HI Saar,

No, I am currently busy with other task, but will return to this problem and update topic with a solution if find it. I hope that I can achieve my goal by implementing custom login module in sap as login stack

br,

MIke

Ask a Question