Basic authentication call webservice

Hey,
I'm making a Flex webshop and uses a webservice on XI as datasource. Now, each time I start the webshop, I need to login on this webservice. I want to hard code the credentials or another solution so I don't reveive the authentication screen anymore.
Anyone an idea how I can do this?
Thanks in advance!
Brecht Bauwens
Edited by: Brecht Bauwens on Mar 27, 2008 10:32 AM

hi
check the below links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a4433436-0301-0010-f2a9-9281ad574054
www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/591c31cf-0d01-0010-8ab7-a1f7d032a66c
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/244e7923-0a01-0010-5887-fe0b0c6dbb8d
www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/dab85be0-0601-0010-c6aa-b20626aa3cd5
note:reward points if solution found helpfull.....
regards
chandrakanth.k

Similar Messages

Basic Authentication in WebService

Hi,
   I am trying to authenticate in web service with basic authentication but I can not.
   The code:
   var w:WebService = new WebService();
   var encoder:Base64Encoder = new Base64Encoder();
   encoder.insertNewLines = false;
   encoder.encode("teste:teste");
   w.httpHeaders = {Authorization:"Basic " + encoder.toString()};
   w.loadWSDL("http://192.168.0.205:8080/jasperserver-pro/services/repository?wsdl");
   When I run the browser always asks for username and password and in a sniffer, for example firebug, I do not see the authentication header in HTTP package.
   Can anyone help me?
Thank you.

var enc:Base64Encoder = new Base64Encoder();
                enc.encode("test:supp0rt");
                web_Service_id.httpHeaders= {Authorization:"Basic " + enc.toString()};

Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Currently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Calling web service with basic authentication from EP "unauthorized"

Hello,
I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
Problem in server response: [Unauthorized].
I'm using the following code for calling the .NET web service:
...Licence_GetList lParameter = new Licence_GetList();
lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);...
I've also configured a http system in the portal system landscape using the following parameters:
Authentication Method : Basic Authentication
Authentication Type : Server
User Mapping Type : admin,user
The user mapping is also personalized for this system!
What's wrong? Please help! This is really urgent!
Kind Regards
Joerg Loechner

Hello Renjith,
here is a small cutout of my "portapp.xml";
<services>
<service alias="LicenceManager" name="LicenceManager">
 <service-config>
 <property name="className" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager"/>
 <property name="startup" value="false"/>
 <property name="WebEnable" value="false"/>
 <property name="WebProxy" value="true"/>
 <property name="SecurityZone" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager/
 DefaultSecurity"/>
 </service-config>
 <service-profile>
 <property name="SystemAlias" value="LicMan_NET"/
 </service-profile>
</service>
</services>
I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
Regards
Joerg Loechner

Calling Web Service with Http Basic authentication in SOA 11g

I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
Ayush

Hi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

Basic authentication only works for some webservices?

I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
http://host:6405/infostore/16422
This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
http://host:6405/biprws/raylight/v1/documents/16422/parameters
error_code: "1"
message: "No session found in HTTP header X-SAP-LogonToken"
Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
I also found the a problem with the raylight logontoken described here: RESTful Raylight Error Incorrect session
Apparently, there needs to be double quotes around the logontoken for it to work. Could this "bug" be the reason why basic authentication doesn't work? I already tfried to put double quotes around and inside my base-encoded value but it still gives the same error.

Hello,
Raylight doesn't support basic authentication because it required a permanent session to work. Internally, we have to manage a "cache" to support subsequent REST calls and this is not possible using basic authentication.
Regards,
Anthony

Basic authentication when calling a web service

I am attempting to call a web service using ActionScript. The
web service provider requires that I use HTTP Basic Authentication
to communicate my SOAP requests. I cannot seem to get this done in
ActionScript. If I instantiate a WebService object and call its
SetCredentials method, I get an error "Authentication not supported
on DirectHTTPChannel (no proxy)". I have the WebService object's
useProxy property set to true. HELP!

I know this is five years later on this forum but there's no solution here or on any other forum. So after two day's of hammering this out I was able to produce a workable solution. Create a new user account for testing.
Wu_Xiao's explanation of the issue was dead on. The WebService does a GET then a POST and for the GET we are unable to supply the Authorization in the header and this is why we get the popup. The POST has the Authorization but it already to late.
Take these actions
1 Create a new user on the machine with the web services. Start with a simple name and password (text only) I had issues with different users. Start clean and simple.
2 Copy your web services a second usable service. You'll see in my example below i have Ive copied ServicesSECURE/Services1.asmx?WSDL to ServicesDEFINITION/Services1.asmx?WSDL
3 Remove all of the code inside of your services making the new set of service like a definition service. Make sure all of the inputs and outputs are the same. ServicesDEFINITION will have no coding and empty returns.
Example
[WebMethod]
        public String CountUsers(string group)
            return "";
4 Implement the code below. Call the init() right away to instantiate the web service and wait until it loads to use any of the services. I use a button event to test.
private var testws:WebService = new WebService;
private function init():void
testws.wsdl="http://test.com/ServicesDEFINITION/Services1.asmx?WSDL";
var encoder:Base64Encoder= new Base64Encoder();
encoder.insertNewLines = false; // see below for why you need to do this
encoder.encode("USERNAME:PASSWORD");
testws.httpHeaders = {Authorization:" Basic " + encoder.toString()};
testws.loadWSDL();
testws.addEventListener("load", wsdlLoadHandler);
protected function test_clickHandler(event:MouseEvent):void
testws["CountUsers"].addEventListener(mx.rpc.events.FaultEvent.FAULT,testFaultHandler);
testws["CountUsers"].addEventListener(mx.rpc.events.ResultEvent.RESULT,testResultHandler) ;
testws.endpointURI="http://test.com/ServicesSECURE/Services1.asmx?WSDL";
testws.getOperation("CountUsers").send("Test");
protected function wsdlLoadHandler (event:LoadEvent) : void
//the service has to load before using the getOperation function
//you could try using mx.core.UIComponent.callLater from
//this listener and call the gettestws.getOperation("Co....
So you'll see that the ServicesDEFINITION (GET) is called and grabs the definition of the Service1 service but this unsecured services is useless because we've removed all of the code. After the definition GET is called we can change the end point using endpointURI and perform the POST against our secure ServicesSECURE.

Web Service Call with Basic Authentication does not work

If I try to use Basic Authentication in my Web Service Client with the automatically created methods
setUsername(inUserName)
setPassword(inPassword)
setAddress(inAddress)
the application does not make a call. Did I forget something?
Is it possible to use "Test Method" with Basic Authentication?
Thank you.

Thank you for your answer.
But: I already read this article. And it doesn't help me.
I use the following code:
            getMyServiceClient1().setUsername(inUserName);
            getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
The methods setUsername and setPassword are definded as follows:
public void setUsername(String inUserName) {
        myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
public void setPassword(String inPassword) {
        myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
}But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
I also found this thread in your forum:
http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

How to call a web service from BPEL that requires HTTP basic authentication

Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark Nelson

Thanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete

Restful webservice with basic authentication

Hi, i am running the following:
Oracle: 11.2....
ApexListener: 2.....
Glassfish: 3.0...
Apex: 4.2.1
I have successfully established some restful webservices. Now i want to add a basic authentication to them against an APEX Authentication Scheme which is used in one of my APEX Applications. I cannot find any documentation related to Glassfish or ApexListener or APEX to do that.
Or are the RESTful Service Privileges which belong to APEX User Goups intent to do a basic authentication ?
Thanks for your help !
-- Klaus

OK got it solved by my self.
Solution:
Define a RESTFUL (POST, PLSQL) Service with the following HEADER parameters:
authorization authorization IN STRING
X-APEX-STATUS-CODE status OUT INTEGER
As per RFC 1945, the Authorization header value should contain the username:password
as encoded (base64) string. That is what the RESTclient send (over https)
In the PLSQL i decode :authorization and validate it against APEX Authentication Scheme.
The result of the validation drives the response header (:status) in PLSQL with 200 (ok) or 401 (Not Authorized)
-- Klaus

Basic authentication of a WebService -- Possible?

Hi All,
I have a web service that's defined like this:
<mx:Webservice wsdl="
http://username:password@intranet/webservices/myservice.asmx?WSDL"
/>
username and password are replace with the username and
password used by IIS's basic authentication subsystem to restrict
access to the web service.
This seems to work just fine in Opera and Firefox, but in IE,
it just hands. No fault or anything, it just hangs there, waiting
for the WSDL to load.
I've only tested in IE6, I'm not sure if it does the same in
IE7.
Is this a bug in Flex/Flash, a bug in IE, or something else
entirely? Is there a different way to do basic authentication with
web services?
-Josh

I'd use an HTTP sniffer to see if you can glean any more info
about what exactly is going over the wire and what might be
different in the MSIE case.

API Call For Basic Authentication

Hi,
Does anyone know whats the API call that WebLogic makes internally to
perform basic authentication. Is ServletAuthentication the only way to
programmatically log in a user.
Thanks
Sameer

If the target node for your operation is a sibling, I believe you're going to have to pass the parent node of the sibling into the AddNode() API call when this operation occurs within a version. Note that copyNodesAcrossVersions is a new method that has a copyAsSibling parameter, but AddNode() does not.
Edited by: Naren Truelove on Nov 12, 2012 3:12 PM
...grammatical correction...

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Consuming a Web Service via SSL with Basic Authentication

Hello,
I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
java.rmi.RemoteException: Service call exception; nested exception is:
 java.lang.NullPointerException
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
 at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
Caused by: java.lang.NullPointerException
 at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
 ... 2 more
Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
But my main focus is on the client implementation based on a proxy. Here comes the client's code:
public class MultiSecSSL {
 public static void main(String[] args) {
 try {
 MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
 SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
 SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
 AuthenticationContext auth = protocol.getAuthenticationContext();
 auth.setIgnoreSSLServerCertificate(true);
 auth.setUsername("cfpcompany");
 auth.setPassword("demo");
 String ret = service.pingText("Called service MultiSecurity via SSL");
 System.out.println(ret);
 } catch (Exception e) {
 e.printStackTrace(System.out);
Here comes the logical port information of the generated proxy:
<?xml version="1.0" encoding="UTF-8"?>
<LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
<LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
 <globalFeatures>
 <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
 <Property Name='SessionMethod' Value='httpCookies'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
 <Property Name='AuthenticationLevel' Value='None'>
 </Property>
 <Property Name='AuthenticationMechanism' Value='HTTP'>
 </Property>
 <Property Name='AuthenticationMethod' Value='BasicAuth'>
 </Property>
 <Property Name='SupportsSSO2Authentication' Value='false'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
 <Property Name='Level' Value='No'>
 </Property>
 <Property Name='TLSType' Value='SSL'>
 </Property>
 </Feature>
 </globalFeatures>
 <localFeatures>
 <Operation Name='pingText'>
 <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
 <Property Name='RequestPolicy' Value='Signature'>
 </Property>
 <Property Name='ResponsePolicy' Value='None'>
 </Property>
 </Feature>
 <Feature Name='http://sap.com/webservices/authorization' Original='true'>
 </Feature>
 </Operation>
 </localFeatures>
</LogicalPort>
</LogicalPorts>
To me, this looks consistent. Any idea, what is misconfigured on my machine ?

Hi Martin,
that is exactly, what I did.
- Change Web Service Configuration in IDE
- Build and Deploy the Service to my local Server
- Check Service in Visual Administrator
- Deleted and Regenerated the Standalone Proxy
- Deleted and Recreated the link between CLient and Proxy Project in IDE
- Started Client
Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
<webservice>
 <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
 <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
 <webservice-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuth</localName>
 </webservice-name>
 <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
 <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
 <ws-configuration>
 <configuration-name>SSL</configuration-name>
 <ejb-name>MultiSecWSBean</ejb-name>
 <service-endpoint-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLPort</localName>
 </service-endpoint-name>
 <wsdl-porttype-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuthVi</localName>
 </wsdl-porttype-name>
 <webservice-definition-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthWsd.wsdef</name>
 </webservice-definition-ref>
 <service-endpoint-vi-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthVi.videf</name>
 </service-endpoint-vi-ref>
 <transport-binding name="SOAPHTTP_TransportBinding">
 <wsdl-binding-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLBinding</localName>
 </wsdl-binding-name>
 </transport-binding>
 <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
 <global-features>
 <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
 <property name="TLSType" value="SSL"/>
 </feature>
 <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
 <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
 <property name="AuthenticationMethod" value="BasicAuth"/>
 <property name="AuthenticationMechanism" value="HTTP"/>
 <property name="SupportsSSO2Authentication" value="false"/>
 </feature>
 </global-features>
 <operation-configuration uniqueViName="pingText(java.lang.String)">
 <transport-binding-configuration>
 <input>
 <property name="soapAction" value=""/>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </input>
 <output>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </output>
 </transport-binding-configuration>
 <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
 <property name="RequestPolicy" value="None"/>
 <property name="ResponsePolicy" value="None"/>
 </feature>
 <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
 <property name="security-roles">
 <property name="role1" value="use_multisec_service"/>
 </property>
 </feature>
 </operation-configuration>
 </ws-configuration>
</webservice>
Regards,
Stefan

Basic authentication call webservice

Similar Messages

Maybe you are looking for