The AS Java defines proprietary callbacks as a means of communicating authentication data from and to the Web application. The com.sap.engine.lib.security.http.HttpGetterCallback is used by the HTTP Callback Handler to obtain information from the HTTP request and to pass it to the corresponding login module. The com.sap.engine.lib.security.http.HttpSetterCallback is used to set such information to the response that is generated to the client (irrespective of whether or not it is an error response).
The SAP-specific callbacks are designed in a way that enables developers to use a wide range of data that can be sent as part of the HTTP request. This includes:
● Get/set information contained in a header with a specified name
● Get/set a cookie with a specified name
● Get a specific request parameter
● Get the client certificate (or certificate chain)
● Get the client IP address
● Get the HTTP method performed with the request
● Get/set the type of the transport mechanism (secure or not)
● Set the response code
● Get the request body and set response body
● Get a specific session attribute, or all session attributes
● Set/remove a specific session attribute.
J2EE Web application developers can use these callbacks to retrieve specific data sent with the request, and to use it to provide more robust authentication.
For more information about the fields and methods of the HttpGetterCallback and HttpSetterCallback classes, see Using the HTTP Callback Classes.