Basic Auth with WebView
Hello everyone,
we have integrated some JavaFX components within a swing application recently. One of the components that we have decided to add is a WebView component that should access an html page with the account settings of the logged in user.
However, this page has restricted access with HTTP Basic Auth type of authorization and for this reason the WebView gets the 401 HTTP error.
Is it possible to perform the HTTP Basic Auth programmatically (by setting username and password) with the WebView?
Thanks in advance for your help,
LM
I have solved by using java.net.Authenticator
Similar Messages
-
Basic auth with RESTful WEb service and Web Service reference
Hi, All,
We have made much progress on getting an application working wtih RESTful web services but now are trying to figure out how to lock down a RESTful Web service while making it available for a particular application.
We are using one of the sample 'emp' table web services that come with Apex 4.2 and are trying to apply Basic Auth to the WEb Service via Weblogic filter defined in the web.xml file. That works fine. I now get challenged when I try to go to :
https://wlogic.edu/apex/bnr/ace/hr/empinfo/
And when I authenticate to that challenge I am able to get the data. (we are usiing LDAP authentication at the Weblogic level)
However, I am not sure how to get same basic authentication to work with the Web Service reference in my application. I see the error message in the application when I try to call that Web Service:
401--Unauthorized<
And I see:
"The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials"
How do I provide the credentials in the Web REference or do I provide credentials in the Application?
Web service works fine if I remove the RESTful web service basic auth from the Web.xml file.
Should we NOT use Weblogic basic auth and instead use basic auth from Workspace RESTful web service definition. If so, how do we implement THAT basic auth in the Web Service definition and in the Web SErvice Reference on the application?
Thanks,
PatWhat I mean is diid you try to use the PL/SQL package for APEX webservice. Here is an example I use (modified and shortened, just to show how much better this is than to use it from the application).
CREATE OR REPLACE PACKAGE webservice_pkg
IS
PROCEDURE create_webservice (
p_id IN NUMBER,
p_message OUT VARCHAR2,
p_workspace IN VARCHAR2 DEFAULT 'MY_WORKSPACE',
p_app_id IN NUMBER DEFAULT v ('APP_ID'),
p_app_session IN VARCHAR2 DEFAULT v ('SESSION'),
p_app_user IN VARCHAR2 DEFAULT v ('APP_USER')
END webservice_pkg;
CREATE OR REPLACE PACKAGE BODY webservice_pkg
IS
PROCEDURE set_credentials (
p_workspace IN VARCHAR2,
p_app_id IN NUMBER,
p_app_session IN VARCHAR2,
p_app_user IN VARCHAR2
IS
v_workspace_id NUMBER;
BEGIN
SELECT workspace_id
INTO v_workspace_id
FROM apex_workspaces
WHERE workspace = p_workspace;
apex_util.set_security_group_id (v_workspace_id);
apex_application.g_flow_id := p_app_id;
apex_application.g_instance := p_app_session;
apex_application.g_user := p_app_user;
END set_credentials;
PROCEDURE create_webservice (
p_id IN NUMBER,
p_message OUT VARCHAR2,
p_workspace IN VARCHAR2 DEFAULT 'MY_WORKSPACE',
p_app_id IN NUMBER DEFAULT v ('APP_ID'),
p_app_session IN VARCHAR2 DEFAULT v ('SESSION'),
p_app_user IN VARCHAR2 DEFAULT v ('APP_USER')
IS
v_envelope VARCHAR2 (32000);
v_server VARCHAR2 (400);
v_url VARCHAR2 (4000);
v_result_url VARCHAR2 (1000);
v_collection_name VARCHAR2 (40) := 'PDF_CARD';
v_message VARCHAR2 (4000);
v_xmltype001 XMLTYPE;
BEGIN
v_url := v_server || '.myserver.net/services/VisitCardCreator?wsdl';
FOR c IN (SELECT *
FROM DUAL)
LOOP
v_envelope :=
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" '
|| 'xmlns:bran="http://www.myaddress.com">'
|| CHR (10)
|| '<soapenv:Header/><soapenv:Body>'
|| CHR (10)
|| '<parameter:'
|| 'some_value'
|| '>'
|| CHR (10)
|| '<bran:templateID>'
|| p_id
|| '</bran:templateID>'
|| '</soapenv:Body>'
|| CHR (10)
|| '</soapenv:Envelope>';
END LOOP;
set_credentials (p_workspace, p_app_id, p_app_session, p_app_user);
BEGIN
apex_web_service.make_request
(p_url => v_url,
p_collection_name => v_collection_name,
p_envelope => v_envelope
p_message := 'Some message.';
EXCEPTION
WHEN OTHERS
THEN
v_message :=
v_message
|| '</br>'
|| 'Error running Webservice Request. '
|| SQLERRM;
END;
BEGIN
SELECT v_result_url
|| EXTRACTVALUE (VALUE (t),
'/*/' || 'Return',
'xmlns="http://www.myaddress.com"'
xmltype001
INTO v_result_url,
v_xmltype001
FROM wwv_flow_collections c,
TABLE
(XMLSEQUENCE (EXTRACT (c.xmltype001,
'//' || 'Response',
'xmlns="http://www.myaddress.com"'
) t
WHERE c.collection_name = v_collection_name;
EXCEPTION
WHEN OTHERS
THEN
v_message := v_message || '</br>' || 'Error reading Collection.';
END;
EXCEPTION
WHEN OTHERS
THEN
p_message := v_message || '</br>' || SQLERRM;
END create_webservice;
END webservice_pkg;
/If you use it this way, you will find out what the problem is much faster.
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.apress.com/9781430235125
http://apex.oracle.com/pls/apex/f?p=31517:1
http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
------------------------------------------------------------------- -
LDAP Basic Auth with IAS6.0SP2
Hi, has anyone been able to get this working? I can't find much documentation on it.
My web.xml has:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>myresource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
but I don't know what (if anything) I should put in the ias-web.xml.
I've added my LDAP server to the configuration of the application server - but so far it doesn't even popup the authenication dialog box.
Any clues?Hi, has anyone been able to get this working? I can't find much documentation on it.
My web.xml has:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>myresource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
but I don't know what (if anything) I should put in the ias-web.xml.
I've added my LDAP server to the configuration of the application server - but so far it doesn't even popup the authenication dialog box.
Any clues? -
Web Services with HTTP Basic Auth
Hi,
I am having a problem connecting to web services which
require HTTP Basic Authentication from a Flex application. I have
useProxy set to true and call setRemoteCredentials prior to
attempting the call, but the credentials do not appear to be set on
the request (the request fails with fault.faultString = "HTTP
request error", faultCode = "Server.Error.Request". The messages on
the server indicate that the user name and password were not
specified.
I do have the proxy-config.xml file set up properly (I think
-- I followed the example in the mx.rpc.soap.mxml.WebService class
description, at least).
I can verify that the WSDL (which doesn't require BASIC auth
to access) is being loaded properly, but when I make the request,
it fails. Is this a known problem?
I am using Flex Builder 2.0.1 to build my SWF files.
Thanks,
BrendanThanks for the pointer, I did try it, but it didn't help.
As I said in the original post, the problem is with HTTP
Basic Authentication, so adding a header for WSSE to the service
request didn't help. It needs to be an HTTP Authorization header,
not a SOAP Security header.
Brnedan -
HTTP Basic Auth and Username Authentication with Symmetric Key
Hi,
I have a webservice happily running on tomcat 5.5 using "Username Authentication with Symmetric Key" I have certificates setup and everything works fine. I can even connect a .net client and use the service.
Now I have an additional requirement of authorization per operation basis so I'm planning on using the roles. My current setup uses tomcat-users.xml to configure users but I seem unable to identify the role of the user from within my code as wsContext.isUserInRole("briefing") always returns false even when it clearly isn't. Where wsContext = @Resource private WebServiceContext wsContext.
So I figure perhaps I need to add HTTP Basic Auth to tomcat for it to gather this information so I added security-constraints to the web.xml and this seems to do the trick: at least it does for my .net client.
If I do:
Service service = new Service();
Port client = service.getPort();
BindingProvider bp = (BindingProvider)client;
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "myusername");
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "mypassword");Then it all works fine. However, I'd like a little less transparency: I don't want to have to do this every time I make a call.
My question(s) is:
1) Am I going about this the right way (perhaps I am somehow getting the incorrect reference to the WebServiceContext)
2) If I am going about this the right way I imagine the whole BindingProvider code needs to be added to as a policy configuration but I'm really not sure where to start especially as I'm using wsimport to generate everything: I'm not even sure where to configure this so it will not get overwritter.
Thanks for any help.Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
All in all does this setup sound right? -
Hi,
I setup a test sharepoint site, claims mode, with both the forms and basic authentication enabled.
I expect to see the page asking me which authentication method I want to use, but I never see this page!!!
I have to select the windows authentication (NTLM or Kerberos) to see this page!
why using only the Basic authentication did not prompt the user?
and how to be authenticated using the basic authentication rather than the forms auth when both are enable for the same site?
>I do NOT want to extend my site to have 2 zones... my question is ONLY with 1 zone configured.What is the business purpose for using Basic Auth over NTLM/Kerberos?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Dynamic proxy invokes basic auth web service
My dynamic proxy client works fine with any web service except the basic auth secured one.
I know how to use stub client to work around this issue. But I haven't found a way to get around when dynamic proxy clients are used.
Any idea is appricated. ThanksPaula-
Given that you can work around this issue with the stub client,
you should be able to work around the issue in the dynamic proxy client
in the same way-
I am interested that you say workaround the issue with the stub client.
Is there a problem that you have noted?
If you can let me know how you worked this issue with the stub,
and what problems you have specifically had with the dynamic proxy client
I will look at the issue to see if it a bug.
Please let me know what environment you are working in, the version of jaxrpc 1.x,
what container, jdk or jre and a sample client program that would help me understand
the problem.
Thanks,
Kathy -
I've got a J2EE application running under WL6.1 and that uses BASIC Auth. Durring
development I need to test with various users. How do I log a user out so I can
run the app under a different user?
Thanks,
MattThe following should work :
a) use HttpSession.invalidate() to invalidate
the current user session , and
b) use HttpServletResponse.sendRedirect() to
redirect to the main page.
Let me know if it does not work.
jason
"Matt Connors" <[email protected]> wrote:
>
I've got a J2EE application running under WL6.1 and that uses BASIC Auth.
Durring
development I need to test with various users. How do I log a user out
so I can
run the app under a different user?
Thanks,
Matt -
Basic auth interop problem, servlet WS works, EJB WS not (Sun AS 8)
After spending some time I managed to add HTTP basic auth to a simple web service. I have implemented two variants, an JAX-RPC servlet web service and an EJB web service.
A (Sun) JAX-RPC client works pretty well against both web services. I do the required steps with the stub (set user/pwd) and things work. I do get the correct principal in the server side, fine.
When I do NOT set the authentication properties at the stub, the servlet based WS responds something like HTTP error 403 (?) or so, which leads to "authentication required". The EJB based response is not that adequate, it's something like "internal server error, EJBLocalAccessException or so" but from the given message you could get the idea what's wrong.
Anyway, I got the impression that this stuff
return HTTP error to flag "auth required"
is not happening for some reason in my EJB based web service. I found this problem in Sun AS 8 and I think it's the same problem when I test stuff with Oracle's OC4J ...
Some client implementations have obviously problems to get the idea that user authentication is required. In other words, the clients cannot invoke the EJB WS. I tried it with Perl Soap::Lite, MS SOAP Toolkit 3.0 and MS .Net 1.1 stuff. All this clients work well (with authentication) when I consume the servlet based web service. But the EJB based web service is not working at all. I do get there just "not allowed" and the SOAP client runtime is not handing over any user credentials (because it's obviously not correctly asked for it by an appropriate AS response).
Anyone else experienced this problems with EJB WS???
Interesting question: why is the JAX-RPC client working? Is it sending the properties set at the stub in any case? Or do they "handle" the internal error coming from Sun AS explicitly or so? Strange, in a way. :-)
Thanx for any help here!
MertenI guess the reason was that I wrote
<login-config>
<auth-method>Basic</auth-method>
</login-config>
instead of required
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
At deploy time, I got no error message. At usage time, I just got this AccessLocalException. That's not really nice ...
Merten -
Basic auth in proxy server breaks managed server form auth
Hi,
I have a proxy server configured in front of 2 managed servers.
The managed servers have secure pages and are using form auth and the
proxy server is working properly. In other words, I point my browser
at the proxy and I end up being services by one of the managed servers.
If I attempt to access a secure page via the proxy I am sent to the form
login page via the proxy.
Now for the problem:
If I configure the proxy server to use basic auth, and secure all
pages in the proxy, I must provide my userid/password to the proxy
server (this is working fine) before I can get to one of the managed
servers. I can get to the welcome page of the managed server (which is
not secure) There is a link to a secure page on the welcome page. When
I click on the link to the secure page, I am sent to the form auth by
the managed server. I authenticate, but I can never see the secure
page. I end up being redirected to the form login page endlessly.
Both the proxy server and the managed server are usign the default
JSESSIONID.
Here is a section of the web.xml for the proxy server:
<servlet>
<servlet-name>HttpClusterServlet</servlet-name>
<servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
<init-param>
<param-name>WebLogicCluster</param-name>
<param-value>${ProxyConfig}</param-value>
</init-param>
<init-param>
<param-name>SecureProxy</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>Debug</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>DebugConfigInfo</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>JSESSIONID</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>wlauthcookie_</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gcmgui/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>applauncher/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>ssoadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>default/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>domainadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gsc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>psr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>broadcastclient/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>nra/*</url-pattern>
</servlet-mapping>
Here is the proxy debug:
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/jsp/AppLaunche
r.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
ProxyConnection(isSec
ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Create connection:
ProxyConnection(isSecureProxy
=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:07 EDT 2003>: Cookie:
JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
<Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
<Fri Jul 11 14:40:07 EDT 2003>: Location:
https://localhost:18002/applauncher/un
restricted/jsp/FormLogin.jsp
<Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/unrestricted/j
sp/FormLogin.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:08 EDT 2003>: Cookie:
JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
<Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
<Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
<Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
ProxyConnecti
on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
Thanks,
RobI typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.
-
HTTP Basic Auth and Proxy Auth
Hi,
i have a problem with the authentication against a proxy server and against a content provider. At first I have to authenticate against the proxy to get "free internet". The next step is to authenticate against the content provider to get a html or xml file.
The following source code runs very good in Eclipse, i.e. as JUnitTest. But If I execute the same code within a weblogic server, I will get an error (not authenticated). I believe I get this message from the content provider and not from the proxy because If I test this code within the weblogic server and with no authentication (i.e. google needs no authentication), I will get a valide xml/html file.
StringBuffer sb = new StringBuffer();
SimpleAuthenticator simple = new SimpleAuthenticator("joeuser","a.b.C.D"); //from openbook
Authenticator.setDefault(simple);
String strUrl = "http://www.rahul.net/joeuser/";
URL url = null;
try {
url = new URL(strUrl);
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
URLConnection conn = null;
InetSocketAddress addr = new InetSocketAddress("proxy.domain",8080);
Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
try {
conn = url.openConnection(proxy);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
String proxyStr = "username" + ":" + "passwordl";
String encoded = new String(Base64.encodeBase64(proxyStr.getBytes()));
conn.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
// get http status code which is located in header field 0
String status = conn.getHeaderField(0);
if (status.contains("200")) {
BufferedReader in = null;
try {
in = new BufferedReader(new InputStreamReader(conn.getInputStream(),
"ISO-8859-1"));
String inputLine;
while ((inputLine = in.readLine()) != null) {
sb.append(inputLine);
in.close();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
else {
System.out.println("Error");
System.out.println(sb.toString());
public class SimpleAuthenticator
extends Authenticator
private String username,
password;
public SimpleAuthenticator(String username,String password)
this.username = username;
this.password = password;
protected PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(
username,password.toCharArray());
Does somebody know a solution? I need the authentication against proxy and content provider in "one application".
Thank you very much,
AndréI typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.
-
Hi,
I'm using basic auth and used to send username/password with
the URL to authenticate from another webserver (with some other
kind of authentication), but - as you know - Microsoft doesn't
support that any longer and so this works for some other
webclients but not for IE (or only with a patch, that isn't installed
everywhere).
Now I have seen that for Apache there is a module called
mod_auth_cookie to fake that kind of implicit authentification.
My Question: has anybody done this for SJWS or can't that
be done?
TIA
ReinfriedHi,
Please check the below link
Re: Accessing Portal component without login screen
hope is solve your problem.
Raghu -
Basic Authentication with Web Service
Hello,
I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
Once I have deployed the war file and run the client, I got access denied exception.
I have checked the s1as7 log and here is the details:
FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
so somehow the app server treats the two sample differently with the same user id (j2ee/password)
any comments?
thanks..Hello,
I am running S1AS7 on window XP. I have deployed the
sample/jaxrpc/simple with basic authentication
enabled. I have also changed to Client.java to set
the USERNAME and PASSWORD (ie:
stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
"j2ee");
Once I have deployed the war file and run the client,
I got access denied exception.
I have checked the s1as7 log and here is the
details:
FINE: Logging in user [j2ee] into realm: file using
JAAS module: fileRealm
FINEST: Login module initialized: class
com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated
'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id
'193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling
accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed
accessControl() test
Please notice that the authentication worked, but the
PRINCIPAL TABLE is null!!!! If I run the basic
authentication sample, i can see from the log the
PRINCIPAL TABLE is (...staff=[staffmember],
j2ee=[staffmember],.....)
so somehow the app server treats the two sample
differently with the same user id (j2ee/password)
any comments?
thanks..
One more thing, here is my web.xml file:
<web-app>
<display-name>Hello World Application</display-name>
<description>A web application containing a simple JAX-RPC endpoint</description>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>basic secuity test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>staffmember</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>basic-file</realm-name>
</login-config>
</web-app> -
BPEL not passing HTTP basic auth info
The BPEL control does not seem to pass the HTTP basic auth data correctly.
I placed the right credentials in the httpUsername and httpPassword properties for the partner link.
I patched SOA Suite to 10.1.3.3.1 to try to solve this problem. But it still comes up with the same result.
Any help would be greatly appreciated!Steps for invoking secure web services from BPEL================================================
Add following lines in target wsdl(webservice)
Add xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" in the namespaces section (ensure that "ns4" is not already being used!)
Add xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" in the "schema" element
Import the namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and provide a schemaLocation (physical file in the current directory)
Add the following in the "message" element for the input message type:
<s1:part name="secHeader" element="ns4:Security"/>
Add <s3:header message="__relevant_message_name__" part="secHeader" use="literal"/> within <input> element (<binding>..<operation>)
then in BPEL before invoke activity take one assign activity
in assain activity xml expression to securerity variable in target variable
<oas:Security xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<oas:UsernameToken wsu:Id="UsernameToken-15799662" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<oas:Username>username</oas:Username>
<oas:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</oas:Password>
</oas:UsernameToken>
</oas:Security>
import xsds into local workspace
oasis-200401-wss-wssecurity-secext-1.0.xsd
oasis-200401-wss-wssecurity-utility-1.0.xsd
xml.xsd
xmldsig-core-schema.xsd -
Generating fault detail; basic auth over SSL
2 questions.
1) We are running GLUE in WL5.1 and are investigating porting the app to WL6.1.
In GLUE we can control the content of the SOAP fault detail generated on the server
through a SOAPException class. Is there any way to do this in WL6.1 SOAP?
2) Does the WL6.1 SOAP client support basic auth over SSL? If so, do I specify
an https URL and set the user/pwd in the context properties?
Thanks,
-rgBeta 1 does not support custom soap fault. it puts name of the
exception class as faultstring and the exception message + stack
trace as the details.
We understand that users may want to customize the soap fault
and we are planning to support it by allowing user to configure
error pages. ie, user can specify the servlet/jsp to use in case
foo exception occured while processing soap request.
An example of the error handling servlet is attached.
regards,
manoj
public class FaultHandler extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException
res.setContentType("text/xml; charset=UTF-8");
String eType;
String eMessage;
Exception e = (Exception)req.getAttribute("javax.servlet.error.exception");
eType = e.getClass().getName();
eMessage = e.getMessage();
PrintWriter w = res.getWriter();
w.println("<?xml version=\"1.0\" ?>");
w.println("<soap:Envelope
xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">");
w.println("<soap:Body>");
w.println("<soap:Fault>");
w.println("<faultcode>");
w.println(eType);
w.println("</faultcode>");
w.println("<faultstring>");
w.println(eMessage);
w.println("</faultstring>");
if (e != null) {
w.println("<detail>");
e.printStackTrace(w);
w.println("</detail");
w.println("</soap:Fault>");
w.println("</soap:Body>");
w.println("</soap:Envelope>");
Rhett Guthrie wrote:
If it is the conent of the soap:fault/detail you want
to modify, you can do it by simply throwing the
exception with right message.Thanks for the reply Manoj, but are you sure that the exception message maps to
the fault detail? The fault detail is supposed to be XML. It would be more natural
to map the exception message to the fault message. But we need to specify both.
We send a human readable message in the fault message and a complex XML structure
(describing ways in which the fault can be fixed) in the fault detail.
Thanks for any clarification you can give.
-rg
Maybe you are looking for
-
How can I make a "Keyboard Lock" while iTunes is playing?
How can I make a "Keyboard Lock" while iTunes or other apps are playing? They should work/play on, screen should still be on, only keyboard is (maybe Password-) locked. Thanx in adv, tttimo
-
Ipod 2G speaker doesn't work after iOS 4 update
I've just posted a message with the music that "lags" with the new software update and on top of that I now found out the the build in speaker of the Ipod stopped working to! Please help! Message was edited by: Paulf88
-
I just recently got a Think Pad X131e and enjoy it but have one rather annoying issue. Randomly for no reason at all the mouse pad on it will no longer allow me to scroll, both with the one finger and two finger options. The clicker will show it resp
-
Hi All, We would like to use sapevt to raise an event to trigger our process chains in BI from a remote system. We only want our process chains triggered once we know the remote system has completed it's load so the above program was chosen. My ques
-
How can I modify File Explorer to open This PC by default, instead of the new Home view?
The methods that worked in Windows 8.1 no longer work. I tried this method but all that did was mess-up the Home view... http://superuser.com/questions/819521/how-to-make-windows-10-file-explorer-open-this-pc-by-default