How to index a website where basic authentication is needed

Similar Messages

• Transport level - Basic Authentication

  Hi,
  How do we set transport level basic authentication credentials (username, password) after creating a webservice proxy project. I tried the requestContext, and I think it should be somewhere else, as the service provider is using transport level basic authentication.
  Any help or direction is appreciated.
  Thank you,
  VJ

  This worked for me. If this helps anyone-
  I closed the existing application. Created a new application, and then created the web service proxy. After which, in the ServiceSoap12BindingQSPortClient commented out the
  existing setPortCredentialProviderList(requestContext), and have added the following:
  reqContext.put(BindingProvider.USERNAME_PROPERTY,"user");
  reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password");
  reqContext would be - Map<String, Object> reqContext = ((BindingProvider) sersServiceV3PortType).getRequestContext();, which is generated already.
  I would be using this standalone project as a component.
  Thanks,
  VJ
  Edited by: VJ on Jul 27, 2011 9:08 AM

• How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

  hi all,
  i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
  this is the simplified folder structure of my application on the server:
  [application]
    [etc]
      xyz.xml
    [jars]
      myapp.jar
    launch.jnlp
  website.jsp
  initial start and basic authentication:*
  my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
  second start and basic authentication:*
  if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
  and now the actual problem:*
  during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
  related thougts:*
  i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
  my current solution:*
  for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
  a possible alternative:*
  i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
  the only real solution:*
  should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
  WHAT HAVE I MISSED???
  AM I COMPLETELY WRONG???
  WHAT IS THE EASIEST WAY???
  AND WHAT IS THE BEST WAY???
  thank you so much,
  stephan

  Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
  if you have a structure like this:
  /ctxroot/
         launch.jnlp
         /app/
             *.jar
             *.whateveryou may use in your web.xml:
       <servlet>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
       </servlet>
       <servlet-mapping>
            <servlet-name>JnlpDownloadServlet</servlet-name>
            <url-pattern>*.jnlp</url-pattern>
            <url-pattern>/app/*</url-pattern>
       </servlet-mapping>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Application</web-resource-name>
                 <url-pattern>/app/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <role-name>bla</role-name>
                 <role-name>fahsel</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>Subscription</web-resource-name>
                 <url-pattern>*.jnlp</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>whatever-realm</realm-name>
       </login-config>
       <security-role><role-name>bla</role-name></security-role>
       <security-role><role-name>fahsel</role-name></security-role>
  ...Than you may use the Service stuff like:
       BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
       URL codeBase = bs.getCodeBase();
       URL pu = new URL(codeBase.toString() + "whatever.bla");
       HttpURLConnection res = (HttpURLConnection) pu.openConnection();
       res.setInstanceFollowRedirects(true);
       res.setRequestMethod("GET");
       res.setConnectTimeout(10 * 60 * 1000);
       res.connect();
       String enc = res.getContentType();
  ...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• How to update a large (over 4 million item) List(Of Byte) quickly by altering indexes contained in a Dictionary(Of Integer, Byte) where the Dictionaries keys are the indexes in the List(Of Byte) that need to be changed to the values for those indexes?

     I'm having some difficulty with transferring images from a UDP Client to a UDP Server. The issue is receiving the bytes necessary to update an original image sent from the Client to the Server and updating the Servers List(Of Byte) with the
  new bytes replacing bytes in that list. This is a simplex connection where the Sever receives and the Client sends to utilize the least amount of bandwidth for a "Remote Desktop" style application where the Server side needs image updates of whatever
  occurs on the Client desktop.
     So far I can tranfer images with no issue. The images can be be any image type (.Bmp, .Gif, .JPeg, .Png, etc). I was working with sending .JPeg's as they appear to be the smallest size image when a Bitmap is saved to a memory stream as type
  .JPeg. And then I am using GZip to compress that byte array again so it is much smaller. However on a loopback on my NIC the speed for sending a full size screen capture is not very fast as the Server updates fairly slowly unless the Clients screen capture
  Bitmap is reduced in size to about 1/3'd of the original size. Then about 12000 bytes or less are sent for each update.
     Due to .JPeg compression I suppose there is no way to get the difference in bytes between two .JPegs and only send those when something occurs on the desktop that alters the desktop screen capture image. Therefore I went to using .Bmp's as each
  .Bmp contains the same number of bytes in its array regardless of the image alterations on the desktop. So I suppose the difference in bytes from a second screen capture and an inital screen capture are what is different in the second image from the initial
  image.
     What I have done so far is save an initial Bitmap of a screen capture using a memory stream and saving as type .Bmp which takes less than 93 milliseconds for 4196406 bytes. Compressing that takes less than 118 milliseconds to 197325 bytes for
  the current windows on the desktop. When that is done PictureBox1 is updated from nothing to the captured image as the PictureBox's background image with image layout zoom and the PictureBox sized at 1/2 my screens width and 1/2 my screens height.
     Then I save a new Bitmap the same way which now contains different image information as the PictureBox is now displaying an image so its back color is no longer displayed (solid color Aqua) and the cursor has moved to a different location. The
  second Bitmap is also 4196406 in bytes and compressed it was 315473 bytes in size.
     I also just found code from this link Converting a Bitmap to a Byte Array (and Byte Array to Bitmap) which gets a byte array
  directly from a Bitmap and the size of that is 3148800 for whatever is full screen captured on my laptop. So I should be able to work with smaller byte arrays at some point.
     The issue I'm having is that once the Client sends an image of the desktop to the Server I only want to update the server with any differences occuring on the Clients desktop. So what I have done is compare the first screen captures bytes (stored
  in a List(Of Byte)) to the second screen captures bytes (stored in a List(Of Byte)) by using a For/Next for 0 to 4196405 where if a byte in the first screen captures List is not equal to a byte in the second screen captures List I add the index and byte of
  the second screen captures list to a Dictionary(Of Integer, Byte). The Dictionary then only contains the indexes and bytes that are different between the first screen capture and second screen capture. This takes about 125 milliseconds which I think is pretty
  fast for 4196406 byte comparison using a For/Next and adding all the different bytes and indexes for each byte to a Dictionary.
      The difference in Bytes between the inital screen capture and the second screen capture is 242587 as an example which changes of course. For that amount of bytes the Dictionary contains 242587 integers as indexes and 242587 bytes as different
  bytes totaling 485174 bytes for both arrays (keys, values).  Compressed the indexes go from 242587 to 43489 bytes and the values go from 242587 to 34982 bytes. Which means I will have to send 78, 481 bytes from the Client to the Server to update the display
  on the server. Quite smaller than the original 4196406 bytes of the second Bitmap saved to type .Bmp or the compressed size of that array which was 315473 bytes. Plus a few bytes I add as overhead so the server knows when an image array ends and how many packets
  were sent for the array so it can discard complete arrays if necessary since UDP is lossfull although probably not so much in current networks like it may originally have been when the internet started.
      In reality the data from the Client to the Server will mostly be the cursor as it moves and updating the Server image with only a few hundred bytes I would imagine at a time. Or when the cursor selects a Button for example and the Buttons
  color changes causing those differences in the original screen capture.
     But the problem is if I send the Dictionaries Indexes and Bytes to the Server then I need to update the original Bitmap List(Of Byte) on the server by removing the Bytes in the received informations Index locations array from the Servers Bitmap
  List(Of Byte) and replacing those Bytes with the Bytes in the received informations Byte array. This takes so long using a For/Next for however many indexes are in the received informations Index array to update the Bitmap List(Of Byte) on the server using
  "Bmp1Bytes.RemoveAt(Index As Integer)" followed by "Bmp1Bytes.Insert(Index As Integer, Item As Byte)" in the For/Next.
      I've tried various For/Next statements including using a new List(Of Byte) with If statements so If the the integer for the For/Next ='s the Key in a Dictionary(Of Integer, Byte) using a Counter to provide the Dictionaries Key value then
  the Dictionaries byte value will be added to the List(Of Byte) and the counter will increas by one Else the List(Of Byte) adds the original "Bmp1Bytes" byte at that index to the new List(Of Byte). This takes forever also.
     I also tried the same For/Next adding to a new Dictionary(Of Integer, Byte) but that takes forever too.
     I think I could use RemoveRange and AddRange to speed things up. But I don't know how to retrieve a contiguous range of indexes in the received indexes that need to be updated in the servers "Bmp1Bytes" List(Of Byte) from the received
  array of indexes and bytes which are in a Dictionary(Of Integer, Byte).  But I believe this would even be slower than some realistic method for replacing all Bytes in a List(Of Byte) when I have the indexes that need to be replaced and the bytes to replace
  them with.
     Even if I just used AddRange on a new List(Of Byte) to add ranges of bytes from the original "Bmp1Bytes" and the changes from the Dictionary(Of Integer, Byte) I think this would be rather slow. Although I don't know how to do that
  by getting contiguous ranges of indexes from the Dictionaries keys.
     So I was wondering if there is some method perhaps using Linq or IEnumerable which I've been unable to figure anything out which could do this.
     I do have some copy and pasted code which I don't understand how it works that I am using which I would guess could be altered for doing something like this but I can't find information that provides how the code works.  Or even if I did
  maybe I can't understand it. Like the code below which is extremely fast.
     Dim strArray() As String = Array.ConvertAll(Of Integer, String)(BmpComparisonDict.Keys.ToArray, Function(x) x.ToString())
  La vida loca

  Monkeyboy,
  That was quite a bit to read, but still a bit unclear. Could you put a specific list of goals/questions, asked in the smallest possible form?
  It seems like either you're making a program that monitors activity on your computer, or you're writing some kind of remote pc app.
  When you do get your bytes from using lockbits, keep in mind all the files header info would be lost. I think retaining the header info is worth the extra bytes.
  The other, thing: I'm not sure if you're taking 32bpp screen shots, but also keep in mind that the "whole desktop" is the final destination for blended graphics, if that makes sense. What I mean is that there is no need to capture an "alpha"
  channel for a desktop screenshot, as alpha would always be 255, this could save you 1 byte per pixel captured... Theres nothing "behind" the desktop, therefore no alpha, and every window shown above the desktop is already blended. I suggest using
  24Bpp for a full screen capture.
  Your X,Y information for the mouse could be stored as UINT16, this would save you a measly 2 bytes per location update/save.
  When you update your byte arrays, maybe you can turn the array into a stream and write to whatever index, however many bytes, that should prevent a "Shift" of bytes, and instead overwrite any bytes that "get in the way".
  ex
  Dim example As String = "This is an example."
  Dim insertString As String = "was"
  Dim insertBytes As Byte() = System.Text.Encoding.ASCII.GetBytes(insertString)
  Dim bytes As Byte() = System.Text.Encoding.ASCII.GetBytes(example)
  Dim modifiedBytes As Byte() = {}
  Using ms As New System.IO.MemoryStream(bytes)
  ms.Position = 5
  ms.Write(insertBytes, 0, 3)
  modifiedBytes = ms.ToArray
  End Using
  Dim newString As String = System.Text.Encoding.ASCII.GetString(modifiedBytes)
  'Notice how below there isn't the word "is" anymore, and that there isn't a
  'space.
  'This demonstrates that you overwrite existing data, versus shifting everything to
  'the right.
  'Returns: This wasan example.
  MsgBox(newString)
  “If you want something you've never had, you need to do something you've never done.”
  Don't forget to mark
  helpful posts and answers
  ! Answer an interesting question? Write a
  new article
  about it! My Articles
  *This post does not reflect the opinion of Microsoft, or its employees.
  Well it's too much to read. I was really tired when I wrote it. Even the below is too much to read but perhaps gets the point across of what I would like to do which I think
  Joel Engineer may have answered but I'm not sure. As I'm still too tired to understand that yet and research what he said in order to figure it out yet.
  But maybe the code below can provide the concept of the operation with the comments in it. But seeing as how I'm still tired it may be confused.
  Option Strict On
  Imports System.Windows.Forms
  Imports System.IO
  Imports System.IO.Compression
  Imports System.Drawing.Imaging
  Imports System.Runtime.InteropServices
  Public Class Form1
  Dim Bmp1Bytes As New List(Of Byte)
  Dim Bmp1BytesCompressed As New List(Of Byte)
  Dim Bmp2Bytes As New List(Of Byte)
  Dim BmpComparisonDict As New Dictionary(Of Integer, Byte)
  Dim BmpDifferenceIndexesCompressed As New List(Of Byte)
  Dim BmpDifferenceBytesCompressed As New List(Of Byte)
  Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
  SomeSub()
  End Sub
  Private Sub SomeSub()
  ' Pretend this code is in UDP Client app. A screen capture is performed of the desktop. Takes about 90 milliseconds.
  Bmp1Bytes.Clear()
  Using BMP1 As New Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height)
  Using g1 As Graphics = Graphics.FromImage(BMP1)
  g1.CopyFromScreen(0, 0, 0, 0, BMP1.Size)
  Cursor.Draw(g1, New Rectangle(Cursor.Position.X, Cursor.Position.Y, Cursor.Size.Width, Cursor.Size.Height))
  Using MS As New MemoryStream
  BMP1.Save(MS, System.Drawing.Imaging.ImageFormat.Bmp)
  Bmp1Bytes.AddRange(MS.ToArray)
  End Using
  End Using
  End Using
  Bmp1BytesCompressed.AddRange(Compress(Bmp1Bytes.ToArray))
  ' UDP Client app sends Bmp1BytesCompressed.ToArray to UDP Server which is the entire image of the desktop that the UDP
  ' Client is on. This image takes awhile to send since compressed it is about 177000 bytes from over 4000000 bytes.
  ' I will be using different code just to get the bytes from the actual Bitmap in the future. That is not important for now.
  ' Pretend the UDP Server has received the bytes, decompressed the array received into a List(Of Byte) and is displaying
  ' the image of the UDP Clients desktop in a PictureBox.
  ' Now the image on the UDP Clients desktop changes due to the mouse cursor moving as an example. Therefore a new Bitmap
  ' is created from a screen capture. This takes about 90 milliseconds.
  Bmp2Bytes.Clear()
  Using BMP2 As New Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height)
  Using g1 As Graphics = Graphics.FromImage(BMP2)
  g1.CopyFromScreen(0, 0, 0, 0, BMP2.Size)
  Cursor.Draw(g1, New Rectangle(Cursor.Position.X, Cursor.Position.Y, Cursor.Size.Width, Cursor.Size.Height))
  Using MS As New MemoryStream
  BMP2.Save(MS, System.Drawing.Imaging.ImageFormat.Bmp)
  Bmp2Bytes.AddRange(MS.ToArray)
  End Using
  End Using
  End Using
  ' Now I have the original images bytes in Bmp1Bytes and the new images bytes in Bmp2Bytes on the UDP Client. But I don't
  ' want to send all of the bytes in Bmp2Bytes to the UDP Server. Just the indexes of and the bytes that are different in
  ' Bmp2Bytes from Bmp1Bytes.
  ' This takes less than 100 milliseconds for what I've tested so far where over 500000 bytes in Bmp2Bytes are different
  ' than the bytes in Bmp1Bytes. Usually that amount would be much less. But during testing I was displaying the image
  ' from Bmp1 bytes in a PictureBox so a large amount of data would change between the first screen shot, the PictureBox
  ' then displaying an image on the same PC and then the second screen shot.
  BmpComparisonDict.Clear()
  For i = 0 To Bmp1Bytes.Count - 1
  If Bmp1Bytes(i) <> Bmp2Bytes(i) Then
  BmpComparisonDict.Add(i, Bmp2Bytes(i))
  End If
  Next
  ' So now I have all the difference bytes and their indexes from Bmp2Bytes in the BmpComparisonDict. So I compress
  ' the indexes into on List and the Bytes into another List.
  BmpDifferenceIndexesCompressed.Clear()
  BmpDifferenceBytesCompressed.Clear()
  BmpDifferenceIndexesCompressed.AddRange(Compress(BmpComparisonDict.Keys.SelectMany(Function(d) BitConverter.GetBytes(d)).ToArray()))
  BmpDifferenceBytesCompressed.AddRange(Compress(BmpComparisonDict.Values.ToArray))
  ' Now pretend the UDP Client has sent both those arrays to the UDP Server which has added both decompressed arrays
  ' to a Dictionary(Of Integer, Byte). And the server has the original image decompressed bytes received in a List
  ' called Bmp1Bytes also.
  ' This is where I am stuck. The UDP Server has the Dictionary. That part was fast. However there is no
  ' fast method I have found for creating a new List(Of Byte) where bytes in the originally received List(Of Byte) that
  ' do not have to be altered are placed into a new List(Of Byte) except for the indexes listed in the
  ' Dictionary(Of Integer, Byte) that need to be placed into the appropriate index locations of the new List(Of Byte).
  ' The below example for doing so is exceptionally slow. Pretend UpdateDictionary has all of the decompressed indexes
  ' and bytes received by the UDP Server for the update contained within it.
  Dim UpdateDictionary As New Dictionary(Of Integer, Byte)
  Dim UpdatedBytes As New List(Of Byte)
  Dim Counter As Integer = 0
  For i = 0 To Bmp1Bytes.Count - 1
  If i = UpdateDictionary.Keys(Counter) Then ' Provides the index contained in the Keys for the Dictionary
  UpdatedBytes.Add(UpdateDictionary.Values(Counter))
  Counter += 1
  If Counter > UpdateDictionary.Count - 1 Then Counter = 0
  Else
  UpdatedBytes.Add(Bmp1Bytes(i))
  End If
  Next
  ' So what I'm trying to do is find an extremely fast method for performing something similar to what the
  ' above operation performs.
  End Sub
  Private Function Compress(BytesToCompress() As Byte) As List(Of Byte)
  Dim BytesCompressed As New List(Of Byte)
  Using compressedStream = New MemoryStream()
  Using zipStream = New GZipStream(compressedStream, CompressionMode.Compress)
  zipStream.Write(BytesToCompress, 0, BytesToCompress.Count)
  zipStream.Close()
  BytesCompressed.AddRange(compressedStream.ToArray)
  End Using
  End Using
  Return BytesCompressed
  End Function
  Private Function Decompress(BytesToDecompress() As Byte) As List(Of Byte)
  Dim BytesDecompressed As New List(Of Byte)
  Using DecompressedStream = New MemoryStream()
  Using zipStream = New GZipStream(DecompressedStream, CompressionMode.Decompress)
  zipStream.Write(BytesToDecompress, 0, BytesToDecompress.Count)
  zipStream.Close()
  BytesDecompressed.AddRange(DecompressedStream.ToArray)
  End Using
  End Using
  Return BytesDecompressed
  End Function
  End Class
  La vida loca

• How to set up and test the Basic Authentication for HTTP protocol

  Hi,
  I tried configuring the password based Basic Authentication for sending xml document using ebMS - HTTP protocol. I set username and password while configuring the transport server for both trading partners. I want to know, is that sufficient for basic authenticaton. When I open the URI http://localhost:7778/b2b/transportServlet, it is not asking any authentication (username/password). Please note that I have not used SSL certificate. Anyone please help me out to configure Basic authentication.

  Hi Ramesh,
  Thanks for ur response. Could you please tell me where to set the Additional Transport header : authtype-basic#realm=myRealm(in which property file). In enqueue code, I could see the following attributes
  queue
  msgID
  replyToMsgID
  from
  to
  eventName
  doctypeName
  doctypeRevision
  msgType
  payload
  attachment
  subscriber
  Is it possible to set username/password in the enqueue attributes?
  Do i need to add username/password and Transport header in the input XML and defined that elements in xsd?

• How do I get around a limitation of Basic Authentication

  Dear all,
  your input on the following problem would be appreciated:
  We have encountered a problem with both the "logout" and "timeout" functionality used in eCRM, due to the use of basic authentication.
  Following a users logout and/or timeout period expiring, we are invalidating the user's session, so any user info will be removed from the server memory, and if the user attempts to access the site again there will be a security challenge.
  But since basic authentication is being used and the browser already has your authentication information, it just sends it again transparently.
  Whether users will notice will depend on how many windows they have open, and which browser they're using.
  For example, in IE 5, if you open the secure site in a browser window, and close that window (using the close button on the logout confirmation page), it will "forget" the authentication information. But if I open other windows while connected to the secure site, it remembers the authentication info. Even if the users don't notice, there is a security issue associated with this behaviour.......
  Any thoughts/ideas on getting around this problem (other than the obvious - not using basic authentication!!)
  Regards,
  Chris Adianto

  Chris Adianto wrote:
  Dear all,
  your input on the following problem would be appreciated:
  We have encountered a problem with both the "logout" and "timeout" functionality used in eCRM, due to the use of basic authentication.
  Following a users logout and/or timeout period expiring, we are invalidating the user's session, so any user info will be removed from the server memory, and if the user attempts to access the site again there will be a security challenge.
  But since basic authentication is being used and the browser already has your authentication information, it just sends it again transparently.
  Whether users will notice will depend on how many windows they have open, and which browser they're using.
  For example, in IE 5, if you open the secure site in a browser window, and close that window (using the close button on the logout confirmation page), it will "forget" the authentication information. But if I open other windows while connected to the secure site, it remembers the authentication info. Even if the users don't notice, there is a security issue associated with this behaviour.......
  Any thoughts/ideas on getting around this problem (other than the obvious - not using basic authentication!!)Send HttpServletResponse.SC_UNAUTHORIZED (401) in the response header: http://www.tapsellferrier.co.uk/Servlets/FAQ/authentication.html has more info.
  Cheers,
  Alex

• How to log out using BASIC authentication

  Hi,
  we are using JSC and Sun Appserver8.
  To authenticate we are using BASIC authentication and it works well.
  Now we need to do a log out function because of new demands.
  Is it possible to log out when using BASIC authentication ?
  If so, how?
  /Regards Krister

  If you are using Basic Authentication, you may not be able to force log out. In that case you may have to use form based authentication.
  Please read more details here
  http://httpd.apache.org/docs/1.3/howto/auth.html
  (Look at the topic How do I log out?)
  - Winston
  http://blogs.sun.com/winston

• How to access SOAP web service with authentication, HTTP basic Authentication

  Dear All
  i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
  http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
  http://forums.adobe.com/message/4262868
  private function authAndSend(service:HTTPService):void
          var encoder:Base64Encoder = new Base64Encoder();
          encoder.insertNewLines = false; // see below for why you need to do this
          encoder.encode("someusername:somepassword");
          service.headers = {Authorization:"Basic " +encoder.toString()};                                               
          service.send();
  Also i noticed in debug mode, always that WARNNING raised up
  Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.  The 'secure' attribute is only permitted in HTTPS and socket policy files.  See http://www.adobe.com/go/strict_policy_files for details.
  any idea ?

  Hello,
  I don't know if this could help.
  Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

• How to call a web service from BPEL that requires HTTP basic authentication

  Hi All,
  I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
  I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
  I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
  I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
  Can anyone help?
  Thanks,
  Mark Nelson

  Thanks Bas,
  I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
  <property name="basicHeaders">credentials</property>
  <property name="basicUsername">WMDATA</property>
  <property name="basicPassword">WMDATA</property>
  Instead of:
  <property name="httpUsername">WMDATA</property>
  <property name="httpPassword">WMDATA</property>
  I don’t know why this is, maybe because it is an Axis Web Service.
  Sorry for wasting your time.
  Regards Pete

• Basic Authentication, how to make it work?

  Your input will be highly appreciated.
  I am trying to make http basic authentication work in BEA Weblogic, and I am using
  'examplesWebApp' as my sample program. So far, I can see the browser popup dialogbox,
  but I always got authentication failure message after I gave login and password.
  Steps which I did:
  1. Start server - Start examples server which is weblogic700/samples/server/config/examples/startExamplesServer.sh
  (I am on Sun's Solaris).
  2. Start descriptor editing window -- In Management Console, select Deployment -->
  Web Applications --> examplesWebApp, then start "Edit Web Appliation Deployment Descriptors.."
  in another browser window.
  3. Login Config - In the new window, select "Web App Descriptor", then "Configure
  a new Login Config...", then select "Basic" for Auth Method , and type in "myrealm"
  for "Realm Name".
  4. Specify constraints - Select "Security Constraints", and then "Configure a new
  Security Constraint". Use "MySecurity Constraint" as the display name, and use "MyWeb
  Resource Collection" as Resource Name. Type in /* in the "Url Patterns" field.
  5. Configure a security role - Select "Security Constraints", and then "Configure
  a new Security Role". Type in Admin for "Role Name".
  6. Configure a Auth Constraint - Select "Security Constraints" --> "MySecurity Constraint",
  then "Configure a new Auth Constraint...". Click on Create button in Configuration
  tab, then move Admin from Available to Choosen column, then click on Apply
  7. Persist these changes and then restart the server
  That's all what I did, and then I use 'weblogic/weblogic' as login/password to try
  to login to http://localhost:7001/examplesWebApp/HelloWorld2. I can see the popup
  dialogbox, but I always get a failure message. By the way, weblogic/weblogic (login/password)
  always work for Management Console window.
  The user "weblogic" is a user defined in myrealm, and it is also in Administrators
  group. The role definition of "Admin" in myrealm has "Caller is a member of group
  Administrators" as one of its conditions. So my understanding is that it should work,
  but unfortunately it doesn't. I must miss some steps or part of my understanding
  may not be right.
  Hope somebody can give me some help.
  Thanks.
  Yunpeng Zhang

  Hello Abhilash,
  lets check what is the authentication selected for the Central Admin web applicaiton.
  go to CA --> Appliaction management --> manage web applicaiton --> select the central admin web app --> on the top ribbon select "Authentication Providers".
  here , verify under IIS authenticaiton settings section, which option is selected, if the basic authenticaiton check box is checked, please uncheck it and select "integrated Windows Authentication".
  if this doesnt work, 
  try unprovisioning and reprovisioning the CA usning command ..
  psconfig.exe -cmd adminvs -unprovision
  psconfig.exe -cmd adminvs -provision -port 0000 -windowsauthprovider onlyusentlm
  REF: http://technet.microsoft.com/en-in/library/cc263093(v=office.14).aspx 
  or ..
  if you have other servers in the farm, you can just start the Central Admin service on other server and stop it on the current one from "Services on server
  " option on CA.
  let me know afterwards ...
  Thanks, Noddy

• How to single sign on with  webApplication with Basic Authenticated in IIS

  Dear Sir,
  Our server is EP6 SP14, we will link iview with BW URL which using basic authen in IIS. . Please kindly advise howto single sign on with  webApplication with Basic Authenticated in IIS
  Thank you and best regards,
  Vimol

  Are you sure the BW is using IIS? Most recent versions are using ABAP style authentication. What version are you running?
  You may want to investigate IISProxy - it's no longer supported, but it might help you out. It basically takes an SSO cookie and allows IIS to "know" who the user is.
  Cheers

• How to implement OData based BASIC Authentication using HTML, JavaScript for Mobile Apps using Apache Cordova/PhoneGap and datajs-1.1.1.js library

  Hello,
  I have an issue with OData based BASIC authentication for iOS App created using HTML, JavaScript, SAP UI5, OData and Apache Cordova/PhoneGap.
  Please check the post here http://scn.sap.com/thread/3527245
  Request you to kindly reply on the above given link.
  Thanks and Regards,
  Suraj Kumar

  Hello Prathik,
  The code which I am using for OData based BASIC Authentication, for my Mobile App is as below.
     var onSuccess = function(data) {
     alert("We are Through"); //Just to check that the OData request was sucessful
     var onError = function(err) {
     switch(err.response.statusCode) {  
     case 403 : {
     window.alert("Error Code - 403, Service unreachable ");
     break;
     case 401 : {
     window.alert("The credentials are incorrect or missing!");
     break;  
  // dataUserName and dataPassword are the two variables, in which I am storing my Username and Password, respectively.
     var connectionRequest = {
     requestUri: "ODATA SERVICE URL GOES HERE/",
     headers: { Authorization : 'Basic ' + Base64.encode(dataUsername + ":" + dataPassword) },
     method: "POST"
     OData.request( connectionRequest, onSuccess, onError);

• How do I do basic authentication in a web services client

  At Linfield College we do network account management in real time via servlets running in GlassFish.  Since email accounts are hosted on Exchange, I need too be able to access Exchange to setup account, do email forwarding and also implement privacy in compliance with FERPA (a federal standard that affects to students).  The code to do all that is written in C# as an ASP.NET web service hosted in IIS.  I use Eclipse Kepler for Java EE development that includes the Web Tools Platform.  To create the client, a start by creating a Java Project and add a classfile. Then I highlight the classfile and  select new -> other -> web services.  I add the WSDL and under configuration I click client project and then finish.  That gives me a proxy stub that I can use to access all the published web methods, but what it doesn't give me is any way to implement authentication.  I want to implement basic authentication, what am I missing?
  Thanks,
  Rob Tanner
  Linfield College

  Does that mean that the documentation (http://docs.oracle.com/middleware/1212/wls/SCOVR/concepts.htm#SCOVR136) is wrong, or am I misunderstanding what it's talking about?
  Types of Authentication
  WebLogic Server users must be authenticated whenever they request access to a protected WebLogic resource. For this reason, each user is required to provide a credential (for example, a password) to WebLogic Server. The following types of authentication are supported by the WebLogic Authentication provider that is included in the WebLogic Server distribution:
  Username/Password Authentication
  Certificate Authentication
  Digest Authentication
  Perimeter Authentication

• How to configure basic authentication for external services

  I have a BPM Project (11g) and within the composite I've added an external Web Service reference. This service uses basic authentication.
  I would like to deploy the composite with the username and password already configured.
  I have tried setting oracle.webservices.auth.username as a binding property and also as a property but neither seem to work. When the composite is deployed the basic authentication username is blank within Enterprise Manager.
  It also resets after updating it manually during subsequent releases.
  Any ideas?

  hi Mahender,
  Thanks for your posting!
  For this issue, you could refer to this document and tutorials (Microsoft Antimalware Whitepaper ). And you need use the Azure Powershell (http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx).
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.