bvstone

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

Posted:

Retrieving Authorization or Other HTTP Headers With the Apache Server and RPG

I was working on a project with a customer that was using a slimmed down version of OAuth 2.0 where in the HTTP headers containing an Authorization Token.

I know that most HTTP headers are available as environment variables (or using HTTP_<headername> as the environment variable to retrieve custom headers), but this was not.  A quick search brought me to this Stack Overflow question which explains that Apache strips out the Authentication header, but also giving a workaround.

Knowing that Apache on the IBM i isn't always the same as other versions, I decided to give it a whirl anyhow.  

Step 1:  Update my Apache Configuration File (httpd.conf)

The first thing I did was add the following line to my httpd.conf file for the web server in question:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Step 2:  Restart my Apache Server Instance

The next step, to make sure that the Apache server wouldn't puke on this new configuration was to restart my Apache server instance.  I did, and what do you know, it worked (or at least it didn't crash telling me that the SetEnvIf directive was invalid)

Step 3:  Test

My next step was to test, so I wrote a simple program named HDRTEST using the eRPG SDK that looks like the following:

H DFTACTGRP(*NO) BNDDIR('ERPGSDK')                                              
 ****************************************************************               
 * Prototypes                                                   *               
 ****************************************************************               
 /COPY QCOPYSRC,P.ERPGSDK                                                       
 /COPY QCOPYSRC,P.HTTPSTD                                                       
 ****************************************************************               
 * Data read in from web page                                                   
D header          S           1024    Varying                                   
 *                                                                   
 * Work Variables                                                    
D headerValue     S           1024    Varying                        
 ****************************************************************    
  #startup();                                                        
  #writeTemplate('stdhtmlheader.erpg');                              
  #loadTemplate('hdrtest.erpg');                                     

  header = #getData('header');                                      
  headerValue = #getEnv('HTTP_' + %trim(header));      

  #replaceData('/%header%/':header);                   
  #replaceData('/%value%/':headerValue);               
  #writeSection();                                     
                                                       
  #cleanup();                                          
                                                       
  *INLR = *on;                                                                                       

The template (hdrtest.erpg) used is VERY simple and looks like this:

/%header%/ = /%value%/

Next, I used GETURI to make a request with a custom Authorization header:

GETURI URI('bvstools.com/cgi-bin/hdrtest') DATA('header=AUTHORIZATION')
PORT(443) USRHDR((Authorization 'Bearer x8x8x8x9x9x9x9x9x9x'))
SSL(*YES)
         

To my joy the proper information was returned:

HTTP/1.1 200 OK
Date: Tue, 18 Jul 2017 15:55:51 GMT
Server: Apache
Content-Length: 42
Connection: close
Content-Type: text/html; 
charset=ISO-8859-1

AUTHORIZATION = Bearer x8x8x8x9x9x9x9x9x9x                                                         

So, again with just some simple RPG you are able to work with the rest of the world as OAuth and OAuth types of authentication become more popular.                                                  


Last edited 07/18/2017 at 11:01:16



Latest Posts:

SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products
Posted by October 18, 2021
BVSTools >> BVSTools Software Discussion
MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered
Posted by August 19, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers
Posted by August 13, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
AWS signing process in as400 AWS signing process in as400
Posted by August 13, 2021
Programming >> Web Programming
2022 License Price Increase and Consulting Update for Non-Software Specific Assistance 2022 License Price Increase and Consulting Update for Non-Software Specific Assistance
Posted by August 9, 2021
BVSTools >> BVSTools Announcements
Journaling the IFS, SPLTOOL and Java Journaling the IFS, SPLTOOL and Java
Posted by August 4, 2021
BVSTools >> BVSTools Announcements >> Spooled File Tools (SPLTOOL) Specific Announcements
G4MSMAIL Now Allows Wildcard Attachments G4MSMAIL Now Allows Wildcard Attachments
Posted by June 10, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
G4G Update for Uploading Large Files G4G Update for Uploading Large Files
Posted by May 28, 2021
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Can We Purchase License Keys for More Than One Year at a Time? Can We Purchase License Keys for More Than One Year at a Time?
Posted by May 21, 2021
BVSTools >> BVSTools Announcements
JOBWATCH 5.10 Released with New Feature to Monitor CPU Percentages JOBWATCH 5.10 Released with New Feature to Monitor CPU Percentages
Posted by May 10, 2021
BVSTools >> BVSTools Announcements >> Job Watch (JOBWATCH) Specific Announcements
Iseries Access data transfer Iseries Access data transfer
Posted by April 29, 2021
IBM Power Systems >> (QGPL) IBM i
YAJL - Parsing YAJL - Parsing
Posted by April 4, 2021
Programming >> RPG Programming
Create LPAR partition and install OS Create LPAR partition and install OS
Posted by March 24, 2021
IBM Power Systems >> (QGPL) IBM i
G4MS Now Allows User/Password Authentication Option G4MS Now Allows User/Password Authentication Option
Posted by March 16, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
IPDS printer file using CHRSIZ IPDS printer file using CHRSIZ
Posted by February 25, 2021
Programming >> RPG Programming

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).