J2EE Basic Authentication 설정 방법(inbound)

Similar Messages

• In bound basic authentication

  I had no luck in something as simple as configuring basic authentication for inbound bpel messages. I have tried everything as per documentation, going through web.xml, orion-application.xml etc for the bpel web app startup. I am using an existing user in system-jazn-data.xml
  Inbound requests are always allowed and never challenged. I was evaluating oracle bpel for possible use in our enterprise product. Based on my painful experience, I am likely not to reccommend it.
  Pranab

  In ...\OracleAS_1\j2ee\home\applications\orabpel\startup\WEB-INF\web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>New Part Process</web-resource-name>
  <description>These pages are only accessible by authenticated users.</description>
  <url-pattern>/orabpel/default/NewPart/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>AgileAnalyst</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jazn.com</realm-name>
  </login-config>
  <security-role>
  <description>BPEL PM User</description>
  <role-name>AgileAnalyst</role-name>
  </security-role>
  In ..\OracleAS_1\j2ee\home\application-deployments\orabpel\startup\orion-application.xml
  <security-role-mapping name="AgileAnalyst">
  <group name="BPMAnalyst" />
  </security-role-mapping>
  Tried making this changes in orabpel.ear also and repackaging the ear
  BPMAnalyst is already defined in system-jazn-data.xml
  There is no error message. When I invoke the bpel process form a java axis client , it does not challenge the client for authentication. The whole process executes succesfully, as if basic authentication has not been configured
  Need help badly!! Has spent enough time on this already
  Pranab

• Problems with basic authentication example

  I am trying to run the basic authentication example from the Professional JSP book (Chapter 16) although for some reason I continue to get "AUTHENTICATION MECHANISM NULL" instead of "AUTHENTICATION MECHANISM BASIC". I do not even get the pop-up window with the prompt for Username and Password. I am running Tomcat 4.0-dev and have tried to access the login window by pointing the browser to the appropriate file:
  //localhost:8080/ch16-basic/index.jsp
  Still not login window???
  I have added the extra user and password to the tomcat-users.xml file (username="projsp" password="projsp" roles="superuser")
  Still no luck????
  Could someone please let me know what could possibly be going wrong.
  Thank you!!!!

  The index.jsp is:
  <html>
  <head>
  <title>Protected Area Page</title>
  </head>
  <body>
  <%
  out.println("<H2>Authentication Mechanism "+ request.getAuthType() +" </H2>" );
  %>
  </body>
  </html>
  The tomcat-users.xml is:
  <!--
  NOTE: By default, no user is included in the "manager" role required
  to operate the "/manager" web application. If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
  -->
  <tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1" password="tomcat" roles="role1" />
  <user name="both" password="tomcat" roles="tomcat,role1" />
  <user name="projsp" password="projsp" roles="superuser" />
  </tomcat-users>
  And the web.xml is:
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
  <web-app>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>ProJSP Authentication Example</realm-name>
  </login-config>
  </web-app>
  WHY ISN"T THIS WORKING!!!!

• BPEL to invoke Webservice secured with HTTP Basic authentication

  Hi All,
  Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
  1) Created Target Synchronous process ex : B
  2) Created Source Syncronous Process ex : A
  Iam trying to call B(Target) from A(source).
  3) Open Composite.xml of A(Source)
  4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
  5) Under Security tab attach oracle/wss_username_token_client_policy
  6) Login to em/console
  7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
  8) Enter username and password under HTTP Basic Authentication.
  9)Test from em.console(when we are testing under security tab I have checked None radio button)
  So this is the Error message which is throwing.
  ==================================
  The selected operation process could not be invoked.
  An exception occured while invoking the webservice operation. Please see logs for more details.
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
  =======================================
  Please let me know if Iam missing any steps.
  Thanks
  SSV

  Followed this post.......
  This is avery good question
  in 11g i have taken out the steps from my document which i created for one our customer
  go to composite
  Right click on the external reference service and select “Configure WS policies” :done
  Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
  6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
  7. Include the “oracle.webservices.auth.username--> :done
  value-->password :done
  8. Include the “oracle.webservices.auth.password”-->name :done
  value-->password :done
  Thanks
  SSV

• J2EE SOAP Authentication

  I have a SOAP sender channel with HTTPS without authentication, do not use SOAP envelope.  When typing the URL in the browser, I get a pop-up for user/password.  What is this?  Is this to authenticate against J2EE?  If so, is there a particular user configured in NWA for this?  I have read other blogs saying XIAPPLUSER, and I'm wondering if this user is configured in NWA somewhere to authenticate SOAP messages?

  Hi,
  The authentication is SAP standard basic authentication. You have to key in SAP login detail. You can disable this in visual admin, kindly search on sdn for the method. Pls take note that this will disable all the authentication for SOAP adapter.

• Add basic authentication like .httaccess in apache.

  Hi!,
  ¿how can I add basic authentication to servlet or Webservice in Weblogic like .httaccess (apache) protection?
  Thanks!!!!

  You need to configure your deployment descriptor for that.. here is an example..
  web.xml
  <?xml version='1.0' encoding='UTF-8'?>
  <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <welcome-file-list>
  <welcome-file>protected.jsp</welcome-file>
  </welcome-file-list>
  <security-constraint>
  <display-name>Constraint-0</display-name>
  <web-resource-collection>
  <web-resource-name>Constraint-0</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>admin</role-name>
  </security-role>
  </web-app>
  weblogic.xml
  <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <security-role-assignment>
  <role-name>admin</role-name>
  <principal-name>weblogic</principal-name>
  </security-role-assignment>
  </weblogic-web-app>

• Basic Authentication with IISProxy?

  hi,
  is the IISProxy the appropriate tool for tunneling http-requests to http-servers behind a firewall (reverse proxy)?
  i made it work with ep60. but accessing other http-servers with own mappings (for example <i>/tomcat/</i> directs to a tomcat server) fails.
  problems I'm facing:
  1. basic authentication is not transmitted to the http-server (e.g. tomcat). the logon-box pops up, but the data doesn't seem to be transmitted through IIsProxy.
  2. URLs created from other servers don't know that the IISProxy requires a special filter-string (again <i>/tomcat/</i>) when they create absolute links.
  are there other / better reverse proxys (apache?) that can handle these things?
  kr, achim
  ps: what about the filter-element attributes <i>authentication="normal" remote-address="skip"</i>?
  i haven't found any documentation about them, but they look like to be configured...
  Message was edited by: Achim Hauck

  After checking some more I was wrong (I got it confused with a Sap logon ticket plugin)
  But in note 480520 it is described how to setup reverse proxy with apache. There is an attached document to the note which explains it.
  Text of the note:
  Symptom
  How to integrate SAP J2EE Engine 6.20 with Apache Webserver
  Reason and Prerequisites
  SAP J2EE Engine 6.20  can be integrated with Apache Web Server,no plugin is needed. The same is valid for SAPJ2EE 610 or In-Q-My 427.
  Solution
  General Information on how to use the Apache Webserver in combination with the SAP J2EE Web Application Server :
  1. You are permitted to use the Apache Webserver together with the SAP J2EE Web Application Server. In this way SAP guarantees continued support for the SAP Application.
  2. Due to the high number of possible configurations and versions available, SAP can only provide some examples of possible configurations. These normally suffice to use the SAP Application.
  3. You might need to contact consultants specialized in this area for error analysis and further configurations.
  This consultation is not provided by SAP Support.SAP J2EE Engine (and its predecessor In-Q-My Application Server) can be integrated with Apache web server, no plugin is needed.
  Please review the attached Configuration Guide in order to get some configuration examples using Reverse Proxy and/or URL Rewriting.
  Btw, the major benefit of using IIS and IISproxy  is that Integrated windows authentication is possible (SSO from OS)
  Great idea to make a blog out of this.

• Interactive form using Basic Authentication

  Hi,
  I am getting the following problem when deploying the Adobe Interactive Form application developed using Basic Authentication onto the server.
  com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Error during call to AdobeDocumentServer: Processing exception during a "Render" operation.
  Request start time: Tue Jul 04 12:04:51 GMT+05:30 2006
       at com.sap.tc.webdynpro.clientserver.adobe.AdobeFormHelper.createPDFDocumentForUIElement(AdobeFormHelper.java:486)
       at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:185)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterHandleActionEvent(ClientApplication.java:1154)
       at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.handleActionEvent(WebDynproMainTask.java:402)
       at com.sap.tc.webdynpro.clientserver.task.WebDynproMainTask.execute(WebDynproMainTask.java:649)
       at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:59)
       at com.sap.tc.webdynpro.clientserver.cal.ClientManager.doProcessing(ClientManager.java:248)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doWebDynproProcessing(DispatcherServlet.java:154)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:116)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:48)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Please suggest me, how I can solve it.
  Also I have done only the Basic Authentication, so is there any need for SSL Configuration.
  Regards
  Tiffny

  Hi Krishanu,
     Thanks for your responseI have checked the url that I had put in Web Service as http://versa:80/AdobeDocumentServices/Config?style=document
  and when I run this url which seems to be working fine and on run it I test it, also it gives wsdl url which is
  http://versa:80/AdobeDocumentServices/Config?wsdl&style=document
  and on clicking this url it opens the xml document.
    I have also checked the Log, where I find that
  #1.5#00132120E8600063000000440000106C000417BF56A46124#1152010466682#com.adobe.AdobeDocumentServices#com.adobe/AdobeDocumentServices#com.adobe.AdobeDocumentServices#ADSUSER#8739#SAP J2EE Engine JTA Transaction : [038153a00111]###744037e00b4b11dbbc1700132120e860#SAPEngine_Application_Thread[impl:3]_32##0#0#Error#1#/System/Server#Plain###Processing exception during a "Render" operation.
  Request start time: Tue Jul 04 16:24:23 GMT+05:30 2006
  <b>com.adobe.ProcessingError: File not found error writing stream:</b> <Render><Template><Name> "http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true :
  java.io.FileNotFoundException: IO error detected while retrieving input stream for: http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true :
  java.io.IOException: Server returned HTTP response code: 503 for URL: http://versa:80/webdynpro/dispatcher/local/TravelRequest/TravelRequestApp/wd_keyHC0DDbOBtzpF0n9-a_pEPA==/sapwebdynpro.xft;jsessionid=(J2EE3675400)ID2045061650DB01945523008391574204End;saplb_*=(J2EE3675400)3675450?sap.session.download=4&sap-wd-cltwndid=7425f9200b4b11dbc43100132120e860&sap-wd-appwndid=Id7425f9200b4b11dbc43100132120e86011&sap-wd-norefresh=true
  Can you tell me which file it is looking for.
  Regards
  Tiffny

• Basic Authentication with Web Service

  Hello,
  I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
  Once I have deployed the war file and run the client, I got access denied exception.
  I have checked the s1as7 log and here is the details:
  FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
  FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
  Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
  so somehow the app server treats the two sample differently with the same user id (j2ee/password)
  any comments?
  thanks..

  Hello,
  I am running S1AS7 on window XP. I have deployed the
  sample/jaxrpc/simple with basic authentication
  enabled. I have also changed to Client.java to set
  the USERNAME and PASSWORD (ie:
  stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
  "j2ee");
  Once I have deployed the war file and run the client,
  I got access denied exception.
  I have checked the s1as7 log and here is the
  details:
  FINE: Logging in user [j2ee] into realm: file using
  JAAS module: fileRealm
  FINEST: Login module initialized: class
  com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated
  'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id
  '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling
  accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed
  accessControl() test
  Please notice that the authentication worked, but the
  PRINCIPAL TABLE is null!!!! If I run the basic
  authentication sample, i can see from the log the
  PRINCIPAL TABLE is (...staff=[staffmember],
  j2ee=[staffmember],.....)
  so somehow the app server treats the two sample
  differently with the same user id (j2ee/password)
  any comments?
  thanks..
  One more thing, here is my web.xml file:
  <web-app>
  <display-name>Hello World Application</display-name>
  <description>A web application containing a simple JAX-RPC endpoint</description>
  <session-config>
  <session-timeout>60</session-timeout>
  </session-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>basic secuity test</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>POST</http-method>
       <http-method>GET</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>staffmember</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>basic-file</realm-name>
  </login-config>
  </web-app>

• Basic Authentication username

  Hi
  I have an Application Module exposed as a web service.
  Basic authentication is required via web.xml and the users can be authenticated via jazn or principals or something :), but is there anyway to get to the username in the code?
  Thanx

  Hi, did you solve this.
  I'm trying to do the same.
  Using jdeveloper 9.0.5.2 I generate a j2ee webservice from a java class.
  I have set up basic authetication.
  And are trying to find out how to get the username (username of client calling webservice) into the implementing class.
  Thanks in advance
  Dag

• Basic authentication on standalone OC4J 9.0.4

  I am trying to configure basic authentication on standalone OC4J 9.0.4 (Jdev 10g) but nothing happens, I am still able to get to the page. My deployment descriptor files:
  * principals.xml
  <principals>
       <groups>
            <groups>
                 <description>AQ Demo Group</description>
                 <group name="aqgroup" />
            </groups>
       </groups>
       <users>
            <user username="foo" password="bar">
                 <description>no description</description>
                 <group-membership group="aqgroup" />
            </user>
       </users>
  </principals>
  * web.xml
  <security-constraint>
            <display-name>AQDemo Security Constraint</display-name>
            <web-resource-collection>
            <web-resource-name>MySecureArea</web-resource-name>
            <url-pattern>*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
            <role-name>role1</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
       </login-config>
       <security-role>
            <role-name>role1</role-name>
       </security-role>
  * orion-application.xml
  <?xml version = '1.0' encoding = 'windows-1250'?>
  <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application.dtd">
  <orion-application>
  <data-sources path="./data-sources.xml"/>
  <security-role-mapping name="role1">
       <group name="aqgroup" />
  </security-role-mapping>
  </orion-application>
  * application.xml
  <?xml version = '1.0' encoding = 'windows-1250'?>
  <!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
  <application>
  <display-name>aqdemo</display-name>
  <module>
  <web>
  <web-uri>aqdemo.war</web-uri>
  <context-root>aqdemoroot</context-root>
  </web>
  <security-role-mapping name="role1">
       <group name="aqgroup" />
  </security-role-mapping>
  </module>
  </application>

  I commented out the jazn element now and I am prompted for username and password, so that part works. However, it's still not recognizing my user and I am only able to get “Not authorized” message. I'm guessing it has something to do with the security role mapping. This is how my files look now:
  * principals.xml
  <?xml version="1.0"?>
  <!DOCTYPE principals PUBLIC "//ORACLE//DTD OC4J Principals 9.04//EN" "http://xmlns.oracle.com/ias/dtds/principals-9_04.dtd">
  <principals>
       <groups>
            <group name="administrators">
                 <description>administrators</description>
                 <permission name="administration" />
            </group>
            <group name="aqgroup">
                 <description>AQ Demo Group</description>
            </group>
            <group name="guests">
                 <description>guests</description>
            </group>
            <group name="users">
                 <description>users</description>
            </group>
       </groups>
       <users>
            <user username="jasmina" password="babu">
                 <description>no description</description>
                 <group-membership group="aqgroup" />
            </user>
            <user username="user" password="456" deactivated="true">
                 <description>The default user</description>
                 <group-membership group="guests" />
                 <group-membership group="users" />
            </user>
            <user username="pwForSSL" password="123456" deactivated="true">
                 <description>Password for database user Scott</description>
            </user>
            <user username="SCOTT" password="TIGER">
                 <description>no description</description>
                 <group-membership group="users" />
            </user>
            <user username="foo" password="bar">
                 <description>no description</description>
                 <group-membership group="aqgroup" />
            </user>
            <user username="pwForScott" password="TIGER" deactivated="true">
                 <description>Password for database user Scott</description>
            </user>
            <user username="anonymous" password="">
                 <description>The default guest/anonyomous user</description>
                 <group-membership group="guests" />
            </user>
            <user username="admin" password="admin">
                 <description>The default administrator</description>
                 <group-membership group="administrators" />
                 <group-membership group="guests" />
                 <group-membership group="users" />
            </user>
            <user username="pwForSystem" password="manager" deactivated="true">
                 <description>Password for database user Scott</description>
            </user>
       </users>
  </principals>
  * web.xml
  <web-app>
  <security-constraint>
  <display-name>AQDemo Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>MySecureArea</web-resource-name>
  <url-pattern>*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>role1</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>role1</role-name>
  </security-role>
  </web-app>
  * orion-application.xml
  <orion-application>
  <data-sources path="./data-sources.xml"/>
  <security-role-mapping name="role1">
  <group name="aqgroup"/>
  </security-role-mapping>
  </orion-application>
  * application.xml (location: OC4JHOME/applications/myapp/META-INF/)
  <application>
  <display-name>aqdemo</display-name>
  <module>
  <principals location="./principals.xml"/>
  <web>
  <web-uri>aqdemo.war</web-uri>
  <context-root>aqdemoroot</context-root>
  </web>
  </module>
  </application>

• How to access SOAP web service with authentication, HTTP basic Authentication

  Dear All
  i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
  http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
  http://forums.adobe.com/message/4262868
  private function authAndSend(service:HTTPService):void
          var encoder:Base64Encoder = new Base64Encoder();
          encoder.insertNewLines = false; // see below for why you need to do this
          encoder.encode("someusername:somepassword");
          service.headers = {Authorization:"Basic " +encoder.toString()};                                               
          service.send();
  Also i noticed in debug mode, always that WARNNING raised up
  Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.  The 'secure' attribute is only permitted in HTTPS and socket policy files.  See http://www.adobe.com/go/strict_policy_files for details.
  any idea ?

  Hello,
  I don't know if this could help.
  Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

• Help needed for using BASIC authentication through JDBCRealm

  Help needed.
  Hello,
  I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
  My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
  My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
  Thank you very much.

  You can set this up for your context using META-INF/context.xml instead of working with server.xml.
  Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
  <?xml version="1.0" encoding="UTF-8"?>
  <Context path="/myApp" reloadable="true">
      <Realm
          className="org.apache.catalina.realm.JDBCRealm"            
          driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"         
          connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
          connectionName="username" connectionPassword="password"
          digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
          userRoleTable="user_roles" roleNameCol="rolename"
      />
  </Context>Hope this helps.
  People on the forum help others voluntarily, it's not their job.
  Help them help you.
  Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
  ----------------------------------------------------------------

• Forms based authentication + Basic authentication = no way to use the basic auth!!!!

  Hi,
  I setup a test sharepoint site, claims mode, with both the forms and basic authentication  enabled.
  I expect to see the page asking me which authentication method I want to use, but I never see this page!!!
  I have to select the windows authentication (NTLM or Kerberos) to see this page!
  why using only the Basic authentication did not prompt the user?
  and how to be authenticated using the basic authentication rather than the forms auth when both are enable for the same site?
  >I do NOT want to extend my site to have 2 zones... my question is ONLY with 1 zone configured.

  What is the business purpose for using Basic Auth over NTLM/Kerberos?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Web Service Call with Basic Authentication does not work

  If I try to use Basic Authentication in my Web Service Client with the automatically created methods
  setUsername(inUserName)
  setPassword(inPassword)
  setAddress(inAddress)
  the application does not make a call. Did I forget something?
  Is it possible to use "Test Method" with Basic Authentication?
  Thank you.

  Thank you for your answer.
  But: I already read this article. And it doesn't help me.
  I use the following code:
              getMyServiceClient1().setUsername(inUserName);
              getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
  The methods setUsername and setPassword are definded as follows:
  public void setUsername(String inUserName) {
          myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
    public void setPassword(String inPassword) {
          myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
    }But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
  I also found this thread in your forum:
  http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773