bvstone

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

Posted:

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

I was working on a project with a customer that was using a slimmed down version of OAuth 2.0 where in the HTTP headers containing an Authorization Token.

I know that most HTTP headers are available as environment variables (or using HTTP_<headername> as the environment variable to retrieve custom headers), but this was not.  A quick search brought me to this Stack Overflow question which explains that Apache strips out the Authentication header, but also giving a workaround.

Knowing that Apache on the IBM i isn't always the same as other versions, I decided to give it a whirl anyhow.  

Step 1:  Update my Apache Configuration File (httpd.conf)

The first thing I did was add the following line to my httpd.conf file for the web server in question:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Step 2:  Restart my Apache Server Instance

The next step, to make sure that the Apache server wouldn't puke on this new configuration was to restart my Apache server instance.  I did, and what do you know, it worked (or at least it didn't crash telling me that the SetEnvIf directive was invalid)

Step 3:  Test

My next step was to test, so I wrote a simple program named HDRTEST using the eRPG SDK that looks like the following:

H DFTACTGRP(*NO) BNDDIR('ERPGSDK')                                              
 ****************************************************************               
 * Prototypes                                                   *               
 ****************************************************************               
 /COPY QCOPYSRC,P.ERPGSDK                                                       
 /COPY QCOPYSRC,P.HTTPSTD                                                       
 ****************************************************************               
 * Data read in from web page                                                   
D header          S           1024    Varying                                   
 *                                                                   
 * Work Variables                                                    
D headerValue     S           1024    Varying                        
 ****************************************************************    
  #startup();                                                        
  #writeTemplate('stdhtmlheader.erpg');                              
  #loadTemplate('hdrtest.erpg');                                     

  header = #getData('header');                                      
  headerValue = #getEnv('HTTP_' + %trim(header));      

  #replaceData('/%header%/':header);                   
  #replaceData('/%value%/':headerValue);               
  #writeSection();                                     
                                                       
  #cleanup();                                          
                                                       
  *INLR = *on;                                                                                       

The template (hdrtest.erpg) used is VERY simple and looks like this:

/%header%/ = /%value%/

Next, I used GETURI to make a request with a custom Authorization header:

GETURI URI('bvstools.com/cgi-bin/hdrtest') DATA('header=AUTHORIZATION')
PORT(443) USRHDR((Authorization 'Bearer x8x8x8x9x9x9x9x9x9x'))
SSL(*YES)
         

To my joy the proper information was returned:

HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 15:55:51 GMT
Server: Apache
Content-Length: 42
Connection: close
Content-Type: text/html; 
charset=ISO-8859-1

AUTHORIZATION = Bearer x8x8x8x9x9x9x9x9x9x                                                         

So, again with just some simple RPG you are able to work with the rest of the world as OAuth and OAuth types of authentication become more popular.                                                  


Last edited 07/18/2017 at 11:01:16



Latest Posts:

Create QRCODE in DDS Create QRCODE in DDS
Posted by September 21, 2018
Programming >> RPG Programming
Base64 Encoding a File with RPG Base64 Encoding a File with RPG
Posted by September 6, 2018
Programming >> RPG Programming
Building JSON with RPG and YAJL and Writing to Standard Output Building JSON with RPG and YAJL and Writing to Standard Output
Posted by August 31, 2018
Programming >> Proof of Concept (POC)
How to Delete Files or Empty Trash From Your Google Drive with your IBM i and RPG/ILE How to Delete Files or Empty Trash From Your Google Drive with your IBM i and RPG/ILE
Posted by July 24, 2018
BVSTools >> BVSTools Software Discussion >> GreenTools for G Suite (Google Apps) (G4G) Specific Discussion
GreenTools for G Suite (G4G) Updated to Include Delete and Empty Trash Function GreenTools for G Suite (G4G) Updated to Include Delete and Empty Trash Function
Posted by July 24, 2018
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
What to Do If Your License Keys Don't Work What to Do If Your License Keys Don't Work
Posted by July 18, 2018
BVSTools >> BVSTools Software Discussion
MAILTOOL Updated to Allow Failed Message on Invalid Recipient MAILTOOL Updated to Allow Failed Message on Invalid Recipient
Posted by May 20, 2018
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
Non HTTPS Callbacks Removed from GreenTools for G Suite (G4G) Non HTTPS Callbacks Removed from GreenTools for G Suite (G4G)
Posted by April 15, 2018
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
IBM i Related Survey Available IBM i Related Survey Available
Posted by April 7, 2018
IBM Power Systems >> (QGPL) IBM i
BVSTools Releases Braintree Webhook Open Source Application - Node.js BVSTools Releases Braintree Webhook Open Source Application - Node.js
Posted by April 5, 2018
Programming >> Open Source
BVSTools Now Offering Web Services (BETA) BVSTools Now Offering Web Services (BETA)
Posted by April 3, 2018
BVSTools >> BVSTools Announcements
Creating a Reverse SSL Proxy Using RPG on the IBM i - Part 2 Creating a Reverse SSL Proxy Using RPG on the IBM i - Part 2
Posted by March 29, 2018
Programming >> Web Programming
Still on V7R1 or Earlier?  Here's Why You Should Upgrade NOW! Still on V7R1 or Earlier? Here's Why You Should Upgrade NOW!
Posted by February 21, 2018
IBM Power Systems >> (QGPL) IBM i
Converting a MMDDYY date format to YYMMDD for Sorting Using SQL Converting a MMDDYY date format to YYMMDD for Sorting Using SQL
Posted by February 16, 2018
Programming >> RPG Programming
Moving All Files from a Google Drive Folder to the Trash Using GreenTools for Google Apps (G4G) Moving All Files from a Google Drive Folder to the Trash Using GreenTools for Google Apps (G4G)
Posted by February 3, 2018
BVSTools >> BVSTools Software Discussion >> GreenTools for G Suite (Google Apps) (G4G) Specific Discussion

Reply




Copyright 1983-2018 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).