Basic Authentication in WebService

Hi,
   I am trying to authenticate in web service with basic authentication but I can not.
   The code:
   var w:WebService = new WebService();
   var encoder:Base64Encoder = new Base64Encoder();
   encoder.insertNewLines = false;
   encoder.encode("teste:teste");
   w.httpHeaders = {Authorization:"Basic " + encoder.toString()};
   w.loadWSDL("http://192.168.0.205:8080/jasperserver-pro/services/repository?wsdl");
   When I run the browser always asks for username and password and in a sniffer, for example firebug, I do not see the authentication header in HTTP package.
   Can anyone help me?
Thank you.

var enc:Base64Encoder = new Base64Encoder();
enc.encode("test:supp0rt");
web_Service_id.httpHeaders= {Authorization:"Basic " + enc.toString()};

Similar Messages

Basic authentication call webservice

Hey,
I'm making a Flex webshop and uses a webservice on XI as datasource. Now, each time I start the webshop, I need to login on this webservice. I want to hard code the credentials or another solution so I don't reveive the authentication screen anymore.
Anyone an idea how I can do this?
Thanks in advance!
Brecht Bauwens
Edited by: Brecht Bauwens on Mar 27, 2008 10:32 AM

hi
check the below links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a4433436-0301-0010-f2a9-9281ad574054
www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/591c31cf-0d01-0010-8ab7-a1f7d032a66c
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/244e7923-0a01-0010-5887-fe0b0c6dbb8d
www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/dab85be0-0601-0010-c6aa-b20626aa3cd5
note:reward points if solution found helpfull.....
regards
chandrakanth.k

Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Currently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Restful webservice with basic authentication

Hi, i am running the following:
Oracle: 11.2....
ApexListener: 2.....
Glassfish: 3.0...
Apex: 4.2.1
I have successfully established some restful webservices. Now i want to add a basic authentication to them against an APEX Authentication Scheme which is used in one of my APEX Applications. I cannot find any documentation related to Glassfish or ApexListener or APEX to do that.
Or are the RESTful Service Privileges which belong to APEX User Goups intent to do a basic authentication ?
Thanks for your help !
-- Klaus

OK got it solved by my self.
Solution:
Define a RESTFUL (POST, PLSQL) Service with the following HEADER parameters:
authorization authorization IN STRING
X-APEX-STATUS-CODE status OUT INTEGER
As per RFC 1945, the Authorization header value should contain the username:password
as encoded (base64) string. That is what the RESTclient send (over https)
In the PLSQL i decode :authorization and validate it against APEX Authentication Scheme.
The result of the validation drives the response header (:status) in PLSQL with 200 (ok) or 401 (Not Authorized)
-- Klaus

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

Basic authentication only works for some webservices?

I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
http://host:6405/infostore/16422
This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
http://host:6405/biprws/raylight/v1/documents/16422/parameters
error_code: "1"
message: "No session found in HTTP header X-SAP-LogonToken"
Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
I also found the a problem with the raylight logontoken described here: RESTful Raylight Error Incorrect session
Apparently, there needs to be double quotes around the logontoken for it to work. Could this "bug" be the reason why basic authentication doesn't work? I already tfried to put double quotes around and inside my base-encoded value but it still gives the same error.

Hello,
Raylight doesn't support basic authentication because it required a permanent session to work. Internally, we have to manage a "cache" to support subsequent REST calls and this is not possible using basic authentication.
Regards,
Anthony

Basic authentication of a WebService -- Possible?

Hi All,
I have a web service that's defined like this:
<mx:Webservice wsdl="
http://username:password@intranet/webservices/myservice.asmx?WSDL"
/>
username and password are replace with the username and
password used by IIS's basic authentication subsystem to restrict
access to the web service.
This seems to work just fine in Opera and Firefox, but in IE,
it just hands. No fault or anything, it just hangs there, waiting
for the WSDL to load.
I've only tested in IE6, I'm not sure if it does the same in
IE7.
Is this a bug in Flex/Flash, a bug in IE, or something else
entirely? Is there a different way to do basic authentication with
web services?
-Josh

I'd use an HTTP sniffer to see if you can glean any more info
about what exactly is going over the wire and what might be
different in the MSIE case.

How to access SOAP web service with authentication, HTTP basic Authentication

Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
        var encoder:Base64Encoder = new Base64Encoder();
        encoder.insertNewLines = false; // see below for why you need to do this
        encoder.encode("someusername:somepassword");
        service.headers = {Authorization:"Basic " +encoder.toString()};
        service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?

Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Calling web service with basic authentication from EP "unauthorized"

Hello,
I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
Problem in server response: [Unauthorized].
I'm using the following code for calling the .NET web service:
...Licence_GetList lParameter = new Licence_GetList();
lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);...
I've also configured a http system in the portal system landscape using the following parameters:
Authentication Method : Basic Authentication
Authentication Type : Server
User Mapping Type : admin,user
The user mapping is also personalized for this system!
What's wrong? Please help! This is really urgent!
Kind Regards
Joerg Loechner

Hello Renjith,
here is a small cutout of my "portapp.xml";
<services>
<service alias="LicenceManager" name="LicenceManager">
 <service-config>
 <property name="className" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager"/>
 <property name="startup" value="false"/>
 <property name="WebEnable" value="false"/>
 <property name="WebProxy" value="true"/>
 <property name="SecurityZone" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager/
 DefaultSecurity"/>
 </service-config>
 <service-profile>
 <property name="SystemAlias" value="LicMan_NET"/
 </service-profile>
</service>
</services>
I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
Regards
Joerg Loechner

Calling Web Service with Http Basic authentication in SOA 11g

I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
Ayush

Hi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj

Consuming a Web Service via SSL with Basic Authentication

Hello,
I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
java.rmi.RemoteException: Service call exception; nested exception is:
 java.lang.NullPointerException
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
 at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
Caused by: java.lang.NullPointerException
 at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
 ... 2 more
Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
But my main focus is on the client implementation based on a proxy. Here comes the client's code:
public class MultiSecSSL {
 public static void main(String[] args) {
 try {
 MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
 SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
 SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
 AuthenticationContext auth = protocol.getAuthenticationContext();
 auth.setIgnoreSSLServerCertificate(true);
 auth.setUsername("cfpcompany");
 auth.setPassword("demo");
 String ret = service.pingText("Called service MultiSecurity via SSL");
 System.out.println(ret);
 } catch (Exception e) {
 e.printStackTrace(System.out);
Here comes the logical port information of the generated proxy:
<?xml version="1.0" encoding="UTF-8"?>
<LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
<LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
 <globalFeatures>
 <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
 <Property Name='SessionMethod' Value='httpCookies'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
 <Property Name='AuthenticationLevel' Value='None'>
 </Property>
 <Property Name='AuthenticationMechanism' Value='HTTP'>
 </Property>
 <Property Name='AuthenticationMethod' Value='BasicAuth'>
 </Property>
 <Property Name='SupportsSSO2Authentication' Value='false'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
 <Property Name='Level' Value='No'>
 </Property>
 <Property Name='TLSType' Value='SSL'>
 </Property>
 </Feature>
 </globalFeatures>
 <localFeatures>
 <Operation Name='pingText'>
 <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
 <Property Name='RequestPolicy' Value='Signature'>
 </Property>
 <Property Name='ResponsePolicy' Value='None'>
 </Property>
 </Feature>
 <Feature Name='http://sap.com/webservices/authorization' Original='true'>
 </Feature>
 </Operation>
 </localFeatures>
</LogicalPort>
</LogicalPorts>
To me, this looks consistent. Any idea, what is misconfigured on my machine ?

Hi Martin,
that is exactly, what I did.
- Change Web Service Configuration in IDE
- Build and Deploy the Service to my local Server
- Check Service in Visual Administrator
- Deleted and Regenerated the Standalone Proxy
- Deleted and Recreated the link between CLient and Proxy Project in IDE
- Started Client
Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
<webservice>
 <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
 <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
 <webservice-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuth</localName>
 </webservice-name>
 <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
 <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
 <ws-configuration>
 <configuration-name>SSL</configuration-name>
 <ejb-name>MultiSecWSBean</ejb-name>
 <service-endpoint-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLPort</localName>
 </service-endpoint-name>
 <wsdl-porttype-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuthVi</localName>
 </wsdl-porttype-name>
 <webservice-definition-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthWsd.wsdef</name>
 </webservice-definition-ref>
 <service-endpoint-vi-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthVi.videf</name>
 </service-endpoint-vi-ref>
 <transport-binding name="SOAPHTTP_TransportBinding">
 <wsdl-binding-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLBinding</localName>
 </wsdl-binding-name>
 </transport-binding>
 <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
 <global-features>
 <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
 <property name="TLSType" value="SSL"/>
 </feature>
 <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
 <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
 <property name="AuthenticationMethod" value="BasicAuth"/>
 <property name="AuthenticationMechanism" value="HTTP"/>
 <property name="SupportsSSO2Authentication" value="false"/>
 </feature>
 </global-features>
 <operation-configuration uniqueViName="pingText(java.lang.String)">
 <transport-binding-configuration>
 <input>
 <property name="soapAction" value=""/>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </input>
 <output>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </output>
 </transport-binding-configuration>
 <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
 <property name="RequestPolicy" value="None"/>
 <property name="ResponsePolicy" value="None"/>
 </feature>
 <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
 <property name="security-roles">
 <property name="role1" value="use_multisec_service"/>
 </property>
 </feature>
 </operation-configuration>
 </ws-configuration>
</webservice>
Regards,
Stefan

Configuring Basic Authentication with Username and password on BizTalk Schema Service

Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh S

Hi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

EJB3 Web Service - basic authentication

I have a very simple EJB @WebService in an EJB jar and placed in an EAR. The web service has an @RolesAllowed annotation on a role called WSS_USER.
I have a weblogic-ejb-jar.xml file containing..
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.bea.com/ns/weblogic/10.0" xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<weblogic-enterprise-bean>
<ejb-name>TestWebServiceEJB</ejb-name>
<enable-call-by-reference>True</enable-call-by-reference>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>WSS_USER</role-name>
<principal-name>WSS_USER</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
I have created the correct WSS_USER principal within Weblogic.
If I test the web service using SoapUI I get:
<message>[EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=Test, module=Bedrock.server.services.local.jar, ejb=TestWebServiceEJB, method=test, methodInterface=ServiceEndpoint, signature={}.</message>
How do I get basic authentication working with this web service?
In glassfish I add the following into sun-ejb-jar.xml and it works fine:
<ejb>
<ejb-name>TestWebServiceEJB</ejb-name>
<webservice-endpoint>
<port-component-name>TestWebServiceEJB</port-component-name>
<endpoint-address-uri>ctx/TestWebServiceEJB</endpoint-address-uri>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</webservice-endpoint>
</ejb>
Is there an equivalent in weblogic?
Thanks,
Matt

I was hoping it could be achieved without weblogic specific annotations?
What I'm after is an example of a simple EJB3 web service in a jar, inside an ear, with no war file.
I'd then like BASIC authentication on that web service.
Something that can be dropped into any app server.
Matt

BASIC authentication and web client problems

I have a very simple web service that is working. Now before attempting to use
SSL, I want to test authenticating using BASIC authentication. I’ve made the
changes to web.xml and even though the other web service pages authenticate ok
(ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
Has anyone completed this and if so, how does it work? I must have missed something
simple.
First, I setup the security constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>file-exchange-resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<description>An administrators</description>
<role-name>Administrators</role-name>
</security-role>
That allows me to secure / authenticate to the JSPs in the web service test app
provided. Then I tried working with the admin server console to setup roles /
privileges. I couldn’t get this to work but I easily could have done something
wrong since there are no step by step examples other than the general docs in
the programming guide.
Next, since the web service deploys as a web application, I figured the problem
must be that the internal WLS servlet needs security information defined in web.xml.
I saw the programming guide listed the servlet name and discussed servlet mapping
so I added the normal security entries for a servlet as follows and re-jarred
the WAR and EAR.
<servlet>
<servlet-name>WebServiceServlet</servlet-name>
<servlet-class>
weblogic.webservice.server.servlet.WebServiceServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServiceServlet</servlet-name>
<url-pattern>/FileExchangeFacade/*</url-pattern>
<security-role-ref>
<role-name>Administrators</role-name>
<role-link>Administrators</role-link>
</security-role-ref>
</servlet-mapping>
It still doesn’t work. Any idea on how to get it to authenticate?
Thanks,
Dave

Ok, this looks like an issue with the test page.
When the test page gets a request to invoke a
web service, it creates a client proxy and call invoke
on the proxy. This will case the client proxy to
create a new HTTP post connection to the server.
Test page pulls out the username/passwd from the
GET request from the browser and pass it to the
POST request it makes to the web service. I think,
the test page needs to do the same for realm. I will
file a CR for this (CR105320).
Please contact support with the case number if you
need a patch for this.
http://manojc.com
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
One more thing.
I took out explicit realm mapping and noticed that the firstauthentication
challenge was for the WebLogic standard realm which was fine and
authentication was successful. (i.e. I got to the web service "homepage").
Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
When I stepped into the web service method and pressed the Invoke buttonon
the web service methods the realm was "default" and authenticationfailed.
Why does the domain change and how do I cover this?Is was actually listed as "Default".
However this is the same domain I believe because I've done a further
experiment and set the domains explicitely
in the deployment WAR deployment (Other tab) and in the web.xml file. The
second challange is then asking for re-authentication in the correctdomain
(myrealm) but it does not accept the valid user/password and just re
challenges until 3 attempts then it displays the SOAP message and theserver
log file has the following exception:
java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
'http://localhost:7001/webservice/TraderService?WSDL'
at
weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
2)
at java.net.URL.openStream(URL.java:793)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:73)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
108)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
84)
at
weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
ava:230)
at
weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
iceServlet.java:306)
at
weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
8)
at
weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
at
weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
.java:224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5412)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3086)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

Basic Authentication in WebService

Similar Messages

Maybe you are looking for