Wednesday, March 28, 2007

Request header rewrites with Java servlet filters

A collegue and I have been looking at a setup with completely separate Oracle Portal (with SSO) and Oracle Collabsuite installations, and we wanted a simple way to have users automatically logged into Collabsuite after logging into Portal. If you are not familiar with Collabsuite, just think "J2EE" application.

Normally you would deploy a consolidated infrastructure, which makes this a no-brainer, but for various reasons we wanted to keep these two environments quite separate.

The details of how we did this are not really pertinent, but the bottom line is that we had everything sorted with one exception: the LDAP realm on Portal did not match Collabsuite. Everything was nicely working except the Collabsuite web applications keeled over, because the "osso-user-dn" request header set by the Portal SSO did not match Collabsuite.

If only we could hack/rewrite the osso-user-dn to fixup the realm part!

Now with Apache 2.0, this is probably quite easy by using the RequestHeaders directive in httpd.conf. That didn't exist in Apache 1.3, which unfortunately is what we are using.

This lead me to investigate what could be done at the J2EE level, and I discovered for the first time the servlet filter features in the Servlet API 2.3.

There are a few good tutorials floating around the web, such as Jason Hunter's JavaWorld article, but nothing I've found yet specifically demonstrates header rewrite.

Its pretty simple though. I've put together a demo RewriteRequestHeaderFilter with sources (download: RewriteRequestHeaderFilter-1.0-src.zip). It contains a complete demo site, but is also packaged and ready to insert into any arbitrary web application (just deploy the jar and fiddle the site's web.xml).

So, if you ever find yourself wanting to fiddle request headers in the J2EE environment and don't have "external" options, the RewriteRequestHeaderFilter could be just the ticket.

Postscript 2008-06-02: I've moved this to its own sourceforge project now.

4 comments:

Ankur said...

I didn't quite follow your code - looks like it simply adds a request attribute, not a header as you claim...

Paul said...

Hi Ankur,
I think I might have mislead you by leaving some "test" code in place (myRequest.setAttribute).

Look instead at MyRequestWrapper where getHeader is over-ridden to do the rewrite. Incoming requests are wrapped as MyRequestWrapper so that the new getHeader function takes effect.

Maybe I should blog an explanation of the code in more detail. The code is very "terse" right now.

Ankur said...

Ah - got it now. I should have looked more closely...thanks Paul. This really helped...about the beer I owe you - whereabouts are you located? :)

Paul said...

No problem, hth! You can see in my profile - Singapore!