AEM Servlet to get request header value

Question

I have created a servlet and registered the servlet with felix annotation as below

public class BundleServlet extends SlingAllMethodsServlet
{

    @Override
    protected final void doPost(final SlingHttpServletRequest request, final SlingHttpServletResponse response)
            throws ServletException
    {
        String valueFromQueryaram= request.getParameter("BundleId") //working 
        String valueFromHeader= request.getHeader("") // Not working
    }

I want to get the BundleId from other system. I can get the value easily by using getParameter if they send as query parameter. But due to security reason the value of BundleId should not be visible in the browser So need to get the value on other way. The problem is solved when they sent the BundleId in request header. But my aem servlet is not receiving the value by getHeader.

Is there any other way I can read the value for example, setAttribute?

Can anyone come across of this situation.

Answer 1

Not sure how sending a secret via header field opposed to query param is considered more secured. Both face equal security threat.

But to answer your question, your code is correct. To read any field you see in http header, request.getHeader() is right way. For example to read User-Agent from below header, request.getHeader("User-Agent")) will return 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36'

Possible failures:

• Check if you configured /clientheaders at dispatcher.any restricting the request headers
• Check if apache configuration is modifying the headers at httpd.conf