I'm working on a project which has restful web services on the iSeries (the part I manage) and a Microsoft solution (our clients IT team manages). Using GET and POST we call the others system to get and update information on the other side. On the iSeries side I'm using HTTPAPI to send requests to our client and have an IBM HTTP server to process their requests to us. Recently as part of a security requirement they introduced the need for an Authorization header that would be required to help secure the endpoints. Easy enough to send them an Authorization header in HTTPAPI I used the following.
And added procedure
Now my issue is the reverse scenario. How can I get that Authorization header to validate it matches what they should be sending us? I'm using the IBM HTTP server with ScriptAlias to point to my RPG programs.
I have used "getenv" or QtmhGetEnv to get the variables REQUEST_METHOD or CONTENT_TYPE and have used the following to add headers to the response.
Any information on how to read the request headers or specifically the Authorization header from a request whether it is a GET or POST would be greatly appreciated.
Code:
rc = http_xproc( HTTP_POINT_ADDL_HEADER : %paddr(add_headers) );
Code:
P add_headers B D PI D headers 32767a varying D CRLF C x'0d25' D token s 1024a varying /free token = %trim(HeaderAuth); headers = 'Accept: application/json; charset=utf-8' + CRLF + 'Authorization: ' + token + CRLF; /end-free P E
Code:
ScriptAlias /vehicle /qsys.lib/mylib.lib/veh010r.pgm <Directory /qsys.lib/mylib.lib> SetEnv QIBM_CGI_LIBRARY_LIST "MYLIB;YAJLLIB;QGPL;QTEMP" Order Allow,Deny Allow from all </Directory>
Code:
QtmhWrStout(headers: %len(headers): err);
Comment