PASOE: access to the HTTP Authorization header from web handler - Forum - OpenEdge Development - Progress Community

PASOE: access to the HTTP Authorization header from web handler


PASOE: access to the HTTP Authorization header from web handler

This question is not answered


We are switching the implementation of our REST web services from REST handler to Web handlers (PASOE 11.6.3).

We used to get the Authorization HTTP header in the REST web services.

We tested that the Web handler has access to any header except the Authorization one. How can we get this information back?

We need this in order to pass on to a .Net component in which performs a custom LDAP authentication.



All Replies
  • We intentionally blocked the authorization headers to PASOE, but we return them back from the WebHandler to the client. Which one are you trying ?



  • I’m trying to get the Authorization header I’m receiving in the query. I need at least the user id usually extracted from the header, and it would be nice to have the complete header to get the password also.

  • In my WebHandler, I am able to return Authorization header.

    This is the code in my Webhandler where I am trying to return a JWT token

    oHeader = NEW OpenEdge.Net.HTTP.HttpHeader('Authorization','eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ').


               oResponse:Entity        = oBody

               /* HTTP messages require a content type */

               oResponse:ContentType   = 'text/plain':u

               /* ContentLength is good too */

               oResponse:ContentLength = oBody:Size



    I get that back when I invoke the WebHandler

    curl http://localhost:3940/web/test -v

    * About to connect() to localhost port 3940

    *   Trying connected

    * Connected to localhost ( port 3940

    > GET /web/test HTTP/1.1

    > User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

    > Host: localhost:3940

    > Accept: */*


    < HTTP/1.1 200 OK

    < Server: Apache-Coyote/1.1

    < Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

    < Content-Type: text/plain

    < Content-Length: 4

    < Date: Tue, 26 Sep 2017 21:23:53 GMT

    Connection #0 to host localhost left intact

    * Closing connection #0

    In-case you want to pass the Authorization header to WebHandler so that you can invoke a HTTP request, then I would suggest using some other header name and you should be able to get the header in the WebHandler using poRequest:GetHeader(<your header name>) whose value can be passed in the Authorization header for the HTTP request.



  • Hi Irfan,

    You said you intentionally blocked authorization headers to PASOE, which explains why we can't access "Authorization" header from WebHandler. In our case we would like to use the received JWT tokens on the calls that are made from PASOE to other services. We were going to keep Authorization header in session and then set it to web request right before making call to another service. Since it's not available, how can we do it?

    Thank you