to Cheddar

Home Problems

Authenticating Service Hook calls in Java webapps

kevin.glynn's Avatar

kevin.glynn

27 Jul, 2012 12:04 PM

I might be missing something but I don't see an easy way to authenticate service hook posts in Java webapps. The servlet presents the post body as a (read once) input stream. This input stream is used by the servlet's getParameters() methods to pass the post contents to our code. If we read the input stream to authenticate it then the input stream is consumed and getParameters() calls won't work.

The only way I can see to make it work is to grab the input stream contents and override servlet methods to take from a copy, but I really don't want to go to all that complexity to authenticate.

We are using Struts2 if that helps/hinders.

Please advise.

Kevin

  1. Support Staff 1 Posted by Marc Guyer on 27 Jul, 2012 02:49 PM

    Marc Guyer's Avatar

    That's an interesting problem. I'm not specifically familiar with Struts2 but I wouldn't be surprised if the "read once" behavior could be disabled.

  2. 2 Posted by kevin.glynn on 27 Jul, 2012 03:14 PM

    kevin.glynn's Avatar

    I don't think its struts2, I think its the Java servlet model. See the first reply to this: http://stackoverflow.com/questions/5023718/how-to-retreive-raw-post... which jives with my understanding.

  3. Support Staff 3 Posted by Marc Guyer on 27 Jul, 2012 03:30 PM

    Marc Guyer's Avatar

    I see. Can the return from getParameterMap() be reliably used to reconstruct the raw body? I suppose that the main concern would be whether or not the order of the arguments is maintained in the map.

  4. 4 Posted by kevin.glynn on 27 Jul, 2012 04:24 PM

    kevin.glynn's Avatar

    Yes, that's right. We can reconstruct by cycling through the parameters but would need to know the order. Could you send the ordered parameter names in a header? Also, there will be an additional step because the parameters will have been url-unencoded from what was in the raw body.

  5. Support Staff 5 Posted by Marc Guyer on 27 Jul, 2012 06:20 PM

    Marc Guyer's Avatar

    have you confirmed that getParameterMap puts them in a different order?

  6. Dean closed this discussion on 23 Jan, 2013 03:21 PM.

Discussions are closed to public comments.
If you need help with Cheddar please start a new discussion.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from Cheddar or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and Cheddar support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

28 Mar, 2024 10:45 PM PDF Invoices
24 Jan, 2024 08:33 AM Cancel Account
11 Jan, 2024 07:13 AM Users in my Cheddar account?
30 Nov, 2023 02:07 AM churn amount
22 Nov, 2023 08:41 AM testing

Recent Articles

RBI regulations - context, FAQs, & next steps
Configuring Stripe
Configuring AuthorizeNet
Pricing Plan Basics
Marketing Metrics Cookie Best Practices