Wednesday, March 28, 2007

Request header rewrites with Java servlet filters

A collegue and I have been looking at a setup with completely separate Oracle Portal (with SSO) and Oracle Collabsuite installations, and we wanted a simple way to have users automatically logged into Collabsuite after logging into Portal. If you are not familiar with Collabsuite, just think "J2EE" application.

Normally you would deploy a consolidated infrastructure, which makes this a no-brainer, but for various reasons we wanted to keep these two environments quite separate.

The details of how we did this are not really pertinent, but the bottom line is that we had everything sorted with one exception: the LDAP realm on Portal did not match Collabsuite. Everything was nicely working except the Collabsuite web applications keeled over, because the "osso-user-dn" request header set by the Portal SSO did not match Collabsuite.

If only we could hack/rewrite the osso-user-dn to fixup the realm part!

Now with Apache 2.0, this is probably quite easy by using the RequestHeaders directive in httpd.conf. That didn't exist in Apache 1.3, which unfortunately is what we are using.

This lead me to investigate what could be done at the J2EE level, and I discovered for the first time the servlet filter features in the Servlet API 2.3.

There are a few good tutorials floating around the web, such as Jason Hunter's JavaWorld article, but nothing I've found yet specifically demonstrates header rewrite.

Its pretty simple though. I've put together a demo RewriteRequestHeaderFilter with sources (download: RewriteRequestHeaderFilter-1.0-src.zip). It contains a complete demo site, but is also packaged and ready to insert into any arbitrary web application (just deploy the jar and fiddle the site's web.xml).

So, if you ever find yourself wanting to fiddle request headers in the J2EE environment and don't have "external" options, the RewriteRequestHeaderFilter could be just the ticket.

Postscript 2008-06-02: I've moved this to its own sourceforge project now.

Sunday, March 25, 2007

Who's bound to that port?

Recently wanted to track down the details of the process that had a specific port open. I checked out the O'Reilly Linux Server Hacks book, and hack #56 was pretty much what I wanted. I scriptified it somewhat as follows. Note that this only looks at tcp:
#!/bin/bash
port=$1
procinfo=$(netstat --numeric-ports -nlp 2> /dev/null | grep ^tcp | grep -w ${port} | tail -n 1 | awk '{print $7}')

case "${procinfo}" in
"")
echo "No process listening on port ${port}"
;;
"-")
echo "Process is running on ${port}, but current user does not have rights to see process information."
;;
*)
echo "${procinfo} is running on port ${port}"
ps -uwep ${procinfo%/*}
;;
esac

As you can see, this works by getting a little bit of process info from netstat, then using ps to get the full details. Download the script here: whosOnPort.sh