I needed a piece of code that can access a siteminder SSO protected url/resource (something like this, http://xyz.abc.net/userList) . And I've heard quite a few times from other people that they wanted the same thing, so I've decided to write a piece of java code. Here are the basic steps to do it -
1. create a cookie store
2. create a httpclient with the cookie store
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCookieStore(cookieStore)
.build();
3. send a http post to the siteminder protected url
HttpPost httpPost = new HttpPost("http://xyz.abc.net/userList");
HttpResponse response = httpclient.execute(httpPost);
4. check that the http response code is 302
5. grab the "Location" (response.getFirstHeader("Location").getValue())
String location = response.getFirstHeader("Location").getValue();
6. create another httpPost using the Location url you get from step 5
7. set two form fields "USER" and "PASSWORD"
HttpUriRequest httpPost2 = RequestBuilder
.post()
.setUri(new URI(location))
.addParameter("USER", uid)
.addParameter("PASSWORD", pwd).build();
8. response = httpclient.execute(httpPost2)
9. Check the cookie store, there should be a SMSESSION cookie now
cookies = cookieStore.getCookies();
for (int i = 0; i < cookies.size(); i++) {
System.out.println("- " + cookies.get(i).toString());
}
10. new create a httpget with the siteminder protected url and send the httpget with the httpclient, and aha, I could see the proper content in the response and http code 200.
That's it! Hope this helps.