问题
I have an external application (non-Domino) that post data to a Domino Java agent.
I'm able to read the data by using the REQUEST_CONTENT CGI variable, all is good.
However, since I want to prevent anybody from running this agent, a username/password is sent in the HTTP Header ("Authorization" in Basic Auth, base64 encoded). Now, I want to read this, decode it and validate manually if the username/password provided are OK (from a database containing all access, custom database, not a domino directory).
My question is, how can I access the HTTP Headers in a Java agent, mostly for the "Authorization" one?
By the way, all our Domino servers are using "Form Authentication" (SSO), so I kind of want to fake a Basic Authentication using my custom solution.
Is it possible? Thanks for your help!
回答1:
If you want to access HTTP headers within a Java Agent, you can search for them on the Document context object within the agent, not sure if you'll specifically get the "Authorization" header variable (if it's there, then it's "HTTP_AUTHORIZATION"). Domino uses a standard CGI Variables but if you get the Document Context document, and loop through the document fields, you should see any additional variables.
(You may want to force HTTPS on the server to tighten up the security with the approach you're using, as BASE64 conversion of data is not a safe method of encryption.)
来源:https://stackoverflow.com/questions/5186715/how-to-get-http-headers-authorization-in-a-lotus-domino-java-agent