我有一个将数据发布到Domino Java代理的外部应用程序(非Domino)。
I have an external application (non-Domino) that post data to a Domino Java agent.
我可以使用REQUEST_CONTENT CGI读取数据变量,一切都很好。
I'm able to read the data by using the REQUEST_CONTENT CGI variable, all is good.
但是,由于我想阻止任何人运行此代理,因此在HTTP标头中发送用户名/密码(Basic中的授权) Auth,base64编码)。现在,我想阅读它,解码它并手动验证提供的用户名/密码是否正常(来自包含所有访问,自定义数据库,而不是多米诺目录的数据库)。
However, since I want to prevent anybody from running this agent, a username/password is sent in the HTTP Header ("Authorization" in Basic Auth, base64 encoded). Now, I want to read this, decode it and validate manually if the username/password provided are OK (from a database containing all access, custom database, not a domino directory).
我的问题是,我如何访问Java代理中的HTTP标头,主要用于授权代码?
My question is, how can I access the HTTP Headers in a Java agent, mostly for the "Authorization" one?
顺便提一下,我们所有的Domino服务器正在使用表单身份验证(SSO),所以我想使用我的自定义解决方案伪造基本身份验证。
By the way, all our Domino servers are using "Form Authentication" (SSO), so I kind of want to fake a Basic Authentication using my custom solution.
是否可能? 感谢您的帮助!
Is it possible? Thanks for your help!
推荐答案如果您想在Java代理中访问HTTP标头,可以搜索它们在代理中的Document上下文对象上,不确定您是否专门获取Authorization头变量(如果它在那里,那么它是HTTP_AUTHORIZATION)。 Domino使用标准CGI变量但是如果你得到文档上下文文档,并循环遍历文档字段,您应该看到任何其他变量。
If you want to access HTTP headers within a Java Agent, you can search for them on the Document context object within the agent, not sure if you'll specifically get the "Authorization" header variable (if it's there, then it's "HTTP_AUTHORIZATION"). Domino uses a standard CGI Variables but if you get the Document Context document, and loop through the document fields, you should see any additional variables.
(您可能希望强制服务器上的HTTPS通过您正在使用的方法来加强安全性,因为BASE64数据转换不是一种安全的加密方法。)
(You may want to force HTTPS on the server to tighten up the security with the approach you're using, as BASE64 conversion of data is not a safe method of encryption.)
更多推荐
如何在Lotus Domino Java代理中获取HTTP标头(授权)?
发布评论