Tuesday, September 25, 2007

Calling Java servlet from another Servlet/Jsp behind SSO

The issue can be viewed by breaking the problem into two parts.
1) How to make a call to a servlet from another servlet?
2) What if the servlet is SSO protected?

To understand the answer to the first question, we have to be aware that we are trying to call a servlet and not any Java API or a stand-alone class having main method. Ok, there is a way to call another servlet using Request Dispatcher, but what if you don't want to lose the control.

For eg:
1st Scenario: Servlet1 wants the service of Servlet2, and then use the results from Servlet2 for further processing.
2nd Scenario: Servlet1 wants to initialize an asynchronous service exposed as a servlet, Servlet2.

So, to call another servlet we will make use of java.net.* package. The concept is simple, create a new HTTP request in Servlet1 and send this HTTP request to Servlet2. So, to create this HTTP request we can use the java.net.* package.

The other aspect of the problem is how to call the servlet, if it is SSO protected. To bypass the SSO authentication while calling Servlet2 we can extract the authentication information from the Servlet1 request. Since all the authentication information is passed from client-side to the servlets in the form of cookies, we can extract these cookies from the Servlet1 request and include them in the new HTTP request that we are creating for Servlet2.

So, that is all about how and why. Now, check the code below which is calling a servlet from another servlet, without transferring the control and are SSO protected.

    String cookieStr = "";
    javax.servlet.http.Cookie cookies[] = request.getCookies();
    for( int i=0; i<cookies.length; i++) {
     javax.servlet.http.Cookie cookie = cookies[i];
     String name = cookie.getName();
     String value = cookie.getValue();
     if(!"JSESSIONID".equals(name)) {
      cookieStr += name;
      cookieStr += "=";
      cookieStr += value;
      if(i != cookies.length -1) {
       cookieStr += "; ";
      }
     }
    }
    
    StringBuffer mesg = new StringBuffer();
    java.net.URL url = new java.net.URL("http://localhost:8080/App1/Servlet2"); 
    
    java.net.URLConnection urlCon = url.openConnection();
    urlCon.setRequestProperty("Cookie", cookieStr);
    urlCon.connect();
    java.io.InputStream is = urlCon.getInputStream();
    int b;
    while( (b = is.read() ) != -1) {
     out.write(b);
    }
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)