HTTP Basic Autnetication - LDAP Realm
Hi,
I have developed a SOAP webservice in BPEL 2.0 [ JBI ] and added the HTTP basic authentication on top of it ( added the policy ). I have used LDAP realm to authenticate the users from the LDAP server and its working fine.
Below is the code snippet of the WSDL used to point to LDAP realm.
<service name="casaService1">
<port name="casaPort1" binding="tns:casaBinding1">
<soap:address
location="http://localhost:9080/SOAPWSService/SOAPWS"/>
<wsp:PolicyReference URI="#HttpBasicAuthBindingLdapRealmPolicy"/>
</port>
</service>
<wsp:Policy wsu:Id="HttpBasicAuthBindingLdapRealmPolicy">
<mysp:MustSupportBasicAuthentication on="true">
<mysp:BasicAuthenticationDetail>
<mysp:Realm realmName="LdapRealm" />
</mysp:BasicAuthenticationDetail>
</mysp:MustSupportBasicAuthentication>
</wsp:Policy>
The LDAP realm details from the Glassfish Server are as below:
JAAS Context - ldapRealm
Directory - ldap://localhost:389
Based DN - dc=example,dc=com
Bind DN - cn=Directory Manager
Password - ldap123
Now i would like to provide access to only users in a particular group. I have updated the Assigned Groups in the LDAP realm ( admin console ) to the group for which i would like to provide access to. But its not working.
For webservices developed using EJB,we can use the web.xml , sun-web.xml,deployment descriptor files to add roles and map groups to this roles.
But how do we implement the same in OpenESB ( service assemblies ). Do we have to modify the WSDL ? Please share some info if anyone has worked on this before.
Thanks,
Kris.
Plamen Petrov wrote:
I am having similar problem. I managed to grant access
to individual users and groups in the LDAP server, but
what I want to do is to give access to everyone in
the LDAP directory without explicitly specifiyng his
name or group membership.Create a group "everyone" in LDAP as a workaround.
Cheers,
Alexander Petrushko
mailto:[email protected]
Consulting Services available
Freemarker vs JSP:
http://javaworld.com/javaworld/jw-01-2001/jw-0119-freemarker.html
Similar Messages
-
BASIC/LDAP Realm Authentication
I am trying to protect access to my Web Application using BASIC
Authentication based on an LDAPRealm that I have configured. I want all
users that try to access anything in my Web App to have to log in first,
based on their information in the LDAP server.
My web.xml file looks as such.
<web-app>
<display-name>LDAPSpike</display-name>
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ActiveDirectoryCachingRealm</realm-name>
</login-config>
</web-app>
Do I need to setup a <security-constraint> tag or a <security-role> tag? if
so what role do I use? I just want ANY user the be authenticated by using
the LDAP Realm (in this case ActiveDirectory as an LDAP Server)
Thanks in advance for the help...
Frank
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frank Febbraro
Senior Software EngineerPlamen Petrov wrote:
I am having similar problem. I managed to grant access
to individual users and groups in the LDAP server, but
what I want to do is to give access to everyone in
the LDAP directory without explicitly specifiyng his
name or group membership.Create a group "everyone" in LDAP as a workaround.
Cheers,
Alexander Petrushko
mailto:[email protected]
Consulting Services available
Freemarker vs JSP:
http://javaworld.com/javaworld/jw-01-2001/jw-0119-freemarker.html -
WL6.0 LDAP Realm problems
I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
getting it to work - basic auth just keeps popping the window up 3 times and
then giving up. Only pertinent message in the log is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite adding the following two
to the startup script cmd line and restarting the server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
rue
The HTTP basic-auth dialog box is correctly showing me that I'm trying to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified that the above
server account exists AND can authenticate and retrieve account
userpasswords (yes, the server account is "cn=" while the user accounts are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same results both ways.
Any ideas???Did you use the most recent ldap patch? I could not get it to work fine
with the default wls6.0sp1, but with the ldap-patch it works fine.
AND probably even more important... change
<Realm FileRealm="..." Name=".....">
to
<Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
Hope this helps...
Ronald
Sushil Pulikkal wrote:
Hi Tom,
I am using iPlanet Directory server with WL6.0 (which I presume is supported as
Netscape's is) and facing the same problem as Mike was i.e account locking after
three attempts(bottom of the message). I have created my own caching realm with
the basic realm being MyLDAPRealm.
The log gives no info other than the one about account locking.
My config.xml looks something like this -
<CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<LDAPRealm AuthProtocol="simple" Credential="enslaved"
GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
Name="MyLDAPRealm"
Principal="uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind"
UserDN="ou=Aussies,dc=timerasolutions,dc=com"
UserNameAttribute="uid"/>
The browser window does pop up, but the user id doesn't get authenticated. Is
there a way to know whether WLS is actually going to the LDAP server for authentication?
Any insight into this?
Thanks in advance,
Sushil
"Tom Moreau" <[email protected]> wrote:
Mike,
I haven't had any trouble getting the LDAPRealm to work
in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
you haven't told WLS to use it?
In other words, you can create many realm configurations then
you need to activate the one you want. If you haven't, the
we just use the file realm. The file realm won't be able
to authenticate you (since you put the info in LDAP!) and
after 3 failures, will lock out the account.
The instructions for selecting the realm are at:
http://e-docs.bea.com/wls/docs60/adminguide/index.html
See:
12. Managing Security
Specifying a Security Realm
Configuring the Caching Realm
The basic idea is:
1) create your LDAP Realm (you've already done this)
2) create a CachingRealm
3) set the CachingRealm's BasicRealm to your LDAP Realm
4) set the Security Realm's CachingRealm to your Caching Realm
5) reboot
It's pretty easy to do this through the admin console.
Otherwise, you can edit config.xml by hand.
Here's how:
<Domain>
<Security
Name="mydomain"
Realm="myRealm"
/>
<Realm
Name="myRealm"
FileRealm="myFileRealm"
CachingRealm="myCachingRealm"
/>
<FileRealm
Name="myFileRealm"
/>
<CachingRealm
Name="myCachingRealm"
BasicRealm="myLDAPRealm"
/>
<LDAPRealm
Name="myLDAPRealm"
/>
-Tom
"Mike" <[email protected]> wrote:
BTW, before someone suggests it, I found Tom Moreau's
suggestion to use:
<ServerDebug Name="examplesServer" DebugSecurityRealm="true"
/>
under the <Server> element in config.xml and restarted
with this and still
no additional
info from the LDAP realm printed about why it's not working
(nothing but the
same
locking account message mentioend below).
Is the source for the LDAP realm available so I can debug
it myself or has
anybody
written their own LDAP realm that they'd be willing to
share with the group?
Thanks again,
...Mike
"Mike" <[email protected]> wrote in message
news:[email protected]...
Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
probably
won't
work with 6.0 (old 5.x and previous style property),
but I can't figure
out
what
replaced it, to figure out why the LDAP realm isn't
working for me...
The property mapping guide at:
http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
shows that things like weblogic.security.ldaprealm.url
changed to LDAPURL in config.xml (without telling
you that this resides as an XML attribute of
<Domain><LDAPRealm ... /></Domain> although that's
easy enough to find by looking through the example
LDAP realm.
It then says that weblogic.security.ldaprealm.verbose
has changed to "Debug" in config.xml, but doesn't
say whether that's a "Debug" XML attribute on one
of the XML elements in there, or whether it's an
XML node itself, or where in the config.xml doc
it goes... It doesn't work as an attribute of
<LDAPRealm ...> (server won't start with it there)
and it doesn't show up at all in the DTD for config.xml
so I'm assuming the mapping doc at the above url is
wrong. Anybody know what this really became in 6.0?
I've tried setting StdoutDebugEnabled="true" in config.xml
and turning the logging level all the way up to see
everything, but even
then all I
get is the account locked message, not why it's failing
to authenticate
via
LDAP...
Any other ideas?
"Mike" <[email protected]> wrote in message
news:[email protected]...
I'm trying out WL6.0 (eval version) LDAP realm support
and having
trouble
getting it to work - basic auth just keeps popping
the window up 3 times
and
then giving up. Only pertinent message in the log
is:
####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
<FOOBAR>
<examplesServer> <ExecuteThread: '11' for queue: 'default'>
<> <>
<090021>
<Locking account, user jdoe.>
No obvious LDAP info or errors in the log, despite
adding the following
two
to the startup script cmd line and restarting the
server:
-Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
=t
rue
The HTTP basic-auth dialog box is correctly showing
me that I'm trying
to
authenticate to: MyLDAPRealm
Here's the config info for MyLDAPRealm
<LDAPRealm AuthProtocol="simple"
Credential="myserverpasswd"
GroupDN="o=mycompany,c=us" GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://tug:390"
Name="MyLDAPRealm"
Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
UserAuthentication="local"
UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
It's a Netscape 4.1 Directory server, and I've verified
that the above
server account exists AND can authenticate and retrieve
account
userpasswords (yes, the server account is "cn=" while
the user accounts
are
"uid=" - don't ask :-)....
I've tried both "bind" and "local" and get the same
results both ways.
Any ideas??? -
I am using Netscape Directory Service 4.2. I want to use LDAP realm for authentication from Weblogic 5.1. I have created a principal(kevink - username and cambridge - group) in NDS. I have created a servlet and registered in Weblogic giving permission to execute the servlet to the above username and group. I have the following entry in my weblogic properties file weblogic.allow.execute.weblogic.servlet.helloWorld=\ kevink, cambridge
I have also created the LDAPRealm.properties file in my weblogic home directory.
When I start weblogic with the LDAP debug mode on, I get the following messages
Mon May 01 14:38:52 EDT 2000:<W> <CachingRealm> ACL "weblogic.servlet.helloWorld" contains non existent principal "kevink" - ignoring principal ******** Error: ACL "weblogic.servlet.helloWorld" contains non-existent principal "kevink" - i noring principal
Mon May 01 14:38:52 EDT 2000:<W> <CachingRealm> ACL "weblogic.servlet.helloWorld" contains non- existent principal "cambridge" - ignoring principal ******** Error: ACL "weblogic.servlet.helloWorld" contains non-existent principal "cambridge" - ignoring principal
Any ideas to solve this problem are welcome RamYep. And if your LDAP realm is hooked up correctly, you'll see groups from your ldap realm
in the weblogic console, under the Security->Groups tab on the frame to the left.
Keep in mind that you will not see users from your LDAP server under the Security->Users
tab. This is expected behavior. But if you see the groups, then you've most likely hooked
up the LDAP realm the right way ...
Joe Jerry
Vishwanath Kumar wrote:
Hello Kumar,
I am attaching a small portion of config.xml which contains LDAP settings . Please change
this according to your LDAP server configuration and test it . I hope this should help
you out.
You also need to create a caching realm and then hook up that caching realm to this LDAP
realm .
For more information this URL should be helpful:
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
here is portion of config.xml
<LDAPRealm AuthProtocol="simple" Credential="dropdead"
GroupDN="o=beasys.com,ou=Groups" GroupIsContext="false"
GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://mmanson:389"
Name="defaultLDAPRealmForNetscapeDirectoryServer"
Notes="This is provided as an example. Before enabling this Realm, you must edit
the configuration parameters as appropriate for your environment."
Principal="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind" UserDN="o=beasys.com,ou=People"
UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
kumar wrote:
Hi,
I have tried to configure LDAP realm in weblogic, but I think it is not configured
correctly. And I don't know how to test it. Can anybody send me the sample config.xml
having LDAP realm configured correctly. Please send me a sample program to access
LDAP realm via weblogic.
Thx--
Vishwanath Kumar
Developer Relations Engineer
BEA Systems, Inc. -
LDAP realm with Active Directory
Hello,
In the sun one app server admin console i have set the security role to LDAP.
I have set up security roles in my web.xml such as this:
<security-role>
<description>This role represents administrators of the system, see actor administrators</description>
<role-name>administrators</role-name>
</security-role>
..and mapped the roles to groups in sun-application as follows:
<security-role-mapping>
<role-name>administrators</role-name>
<group-name>CMS_PM</group-name>
<principal-name>rlancett</principal-name>
</security-role-mapping>
My user and group information is stored in Active Directory so I have tried to configure the ldap realm in the admin console to get it working. These are the settings i have put in:
directory: ldap://earth.tier2consulting.com:389
base-dn: cn=Users,dc=tier2consulting,dc=com
jaas-context: ldapRealm
search-bind-dn: cn=administrator,cn=Users,dc=domain,dc=com
search-bind-password: ******
search-filter: sAMAccountName=%s
I get the error message :javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
WARNING: va:850)
FINEST: JAAS authentication aborted.
INFO: SEC5046: Audit: Authentication refused for [administrator].
I am pretty stuck on this having looked arounds all the forums:
Has anyone got sun one app server using Active Directory to get user/group information for security roles?
Thanks.Howdy,
I don't have a solution to your problem, but maybe this tid-bit will help in debugging with Active Directory error messages. I'm new to AD, so excuse me if everyone already knows this, but...
The error message you get back from the directory contains an error code in hexidecimal:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
If you translate '525' from hex to decimal you get '1317' which is the error message you can look up here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp
1317 - ERROR_NO_SUCH_USER - The specified user does not exist.
It took me a while to find this tip, so I thought I'd share it. Oh, and the easy way to get decimal from hexidecimal is:
System.out.println( "Here is 525 in decimal: " + Integer.parseInt("525", 16));
Okay, hope this helps somebody.
Now it's up to you to find out why it can't find the administrator!
Craig -
UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)
Hi Gurus,
I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
<service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
accepting-security-providers="HttpBasic">
<wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
<envelopePrefix xmlns="arbitraryNamespace" value=""/>
<namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
</service-endpoint>
I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
Do I miss something in this concept?
Thanks
Peteras said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
we will support only HTTP Basic Auth - rest will follow per customer demand ..
/clemens -
Can the web-to-go(?) httpd in JDev3 be configured to support http basic auth? How do I configure it to setup my realms? thnx.
Please note that I am able to do some basic programmatic configuration of the JDev3 httpd , such as doing:
oracle.jdeveloper.debugger.ServletDebugger dbg = new oracle.jdeveloper.debugger.ServletDebugger();
dbg.setRootDir("D:/JDev3/");
But I have been unsuccessful in other tasks
such as:
dbg.setDocumentRootDir("D:/myDir");
dbg.setServerPort("9090");
Compiler tells me these two methods are not supported by class oracle.jdeveloper.debugger.ServletDebugger
Info on how to configure the JDev3 httpd for - the doc root
-listen port,
- and realms for http basic auth
would be greatly appreciated. If correct documentation exists please point me to them (the JDev3 Help documentation contains erroneous information on some of these topics). thnx -
HTTP Basic authentication on EJB 3.0 based web service
How do I enable HTTP Basic authentication on EJB 3.0 based web services for OAS? Does any one have a sample solution ?
I manually updated oracle-webservices.xml file to include the following:
<ejb-transport-security-constraint>
<soap-port/>
<role-name>users</role-name>
<transport-guarantee>NONE</transport-guarantee>
</ejb-transport-security-constraint>
<ejb-transport-login-config>
<auth-method>BASIC</auth-method>
<realm-name>jazn.com</realm-name>
</ejb-transport-login-config>
When I use SOAP UI to test the web service I get the following error.
403 Forbidden
Error initializing security, security-role not found: usersI still get the 403 forbidden error message. I do not get the second part of the error message though.
-
i'm using WL510sp8 with a Netscape Dir Server...
when i start weblogic with the LDAP Realm configured it takes forever (20+ minutes) to start up because weblogic goes to the realm and ldap to check other acls in weblogic.properties like "everyone" and "system"...
how can i get around having these other acls checked in the ldap server??? subclass LDAPRealm and stop it manually? delegating realm with both ldap and wlproperties???
thanks
mal"Mike Westaway" <[email protected]> wrote in message
news:[email protected]..
>
My weblogic web application is configured to authenticate against a groupin an ldap
realm using basic authentication.
This all works just fine.
But now I want to query the LDAP server in the context of the current userto find
out what directory entries I have read/write acecss to.
I don't believe there is any method in the LDAP realm that would allow you
to do your own
queries against the LDAP server. -
My environment is WL 6.1 SP2.
I am currently using the LDAP Realm V1 (deprecated) and would like to switch to LDAP
Realm V2. The problem is that my WL console does not give me the option to configure
a LDAP Realm V2 when creating a new security realm. The only options I get are: LDAP
Realm V1, NT Realm, UNIX Realm, RDBMS Realm and Custom Realm.
I would appreciate it if anybody can tell me what needs to be done to get the configure
LDAP Realm V2 option.
Thanks
CharlI have had a custom realm that handles ACLs since 5.1. My question is I want to
mix it with the out-of-the box ldaprealm v2. I was hoping for a failover mechanism
where I can supply a custom realm that knows how to authorize and leave it up
to the canned ldaprealm to authenticate. The filerealm behaves in such a manner,
does it not.
I will try your idea about extending the ldaprealm. But, the challenge will be
in dealing with the delegate.
"Utpal" <[email protected]> wrote:
If you extend the weblogic.security.ldaprealmv2.LDAPRealm and implements
newAcl, deleteAcl, newPermission,
setPermission etc, I think it's doable.
=========
public class weblogic.security.ldaprealmv2.LDAPRealm extends
weblogic.security.a
cl.AbstractListableRealm implements weblogic.security.acl.DebuggableRealm
=========
-utpal
"Utpal" <[email protected]> wrote in message
news:[email protected]..
Why don't you use the Custom Security Realm? You can construct an ACLin a
custom seecurity realm.
http://edocs.beasys.com/wls/docs61/security/prog.html#1042361
-utpal
"Ziad Kurdi" <[email protected]> wrote in message
news:3c9b4c80$[email protected]..
Is there a way in 6.1 to use the supplied LDAP Realm V2 for
authentication
and
managing groups, but enhance it with ACL's (stored in a database)
for
authorization?
Obviously, I would like to take advantage of the server's caching
realm
capabilities.
I currently running a custom realm (from 5.1 which works in 6.1)
that
mixes LDAP
authentication, group management, and DB ACL's for authorization,
but I
no
longer
wish to capture the user's password (due to sorporate policies) and
would
like
to avoid maitaining the authentication code.
Thanks in advance for any assistance. -
"Hi , I was able to connect to LDAP Netscape Directory Server 4.1 successfully,i was able to see the users
Yep. And if your LDAP realm is hooked up correctly, you'll see groups from your ldap realm
in the weblogic console, under the Security->Groups tab on the frame to the left.
Keep in mind that you will not see users from your LDAP server under the Security->Users
tab. This is expected behavior. But if you see the groups, then you've most likely hooked
up the LDAP realm the right way ...
Joe Jerry
Vishwanath Kumar wrote:
Hello Kumar,
I am attaching a small portion of config.xml which contains LDAP settings . Please change
this according to your LDAP server configuration and test it . I hope this should help
you out.
You also need to create a caching realm and then hook up that caching realm to this LDAP
realm .
For more information this URL should be helpful:
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
here is portion of config.xml
<LDAPRealm AuthProtocol="simple" Credential="dropdead"
GroupDN="o=beasys.com,ou=Groups" GroupIsContext="false"
GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://mmanson:389"
Name="defaultLDAPRealmForNetscapeDirectoryServer"
Notes="This is provided as an example. Before enabling this Realm, you must edit
the configuration parameters as appropriate for your environment."
Principal="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
UserAuthentication="bind" UserDN="o=beasys.com,ou=People"
UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
kumar wrote:
Hi,
I have tried to configure LDAP realm in weblogic, but I think it is not configured
correctly. And I don't know how to test it. Can anybody send me the sample config.xml
having LDAP realm configured correctly. Please send me a sample program to access
LDAP realm via weblogic.
Thx--
Vishwanath Kumar
Developer Relations Engineer
BEA Systems, Inc. -
How to access SOAP web service with authentication, HTTP basic Authentication
Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
var encoder:Base64Encoder = new Base64Encoder();
encoder.insertNewLines = false; // see below for why you need to do this
encoder.encode("someusername:somepassword");
service.headers = {Authorization:"Basic " +encoder.toString()};
service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well. -
How to call a web service from BPEL that requires HTTP basic authentication
Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark NelsonThanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete -
Securing Web Applications by HTTP Basic Authentication
We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.BrindaHi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
<b>For, point one,</b>
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
<b>For point 2,</b>
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik -
Calling Web Service with Http Basic authentication in SOA 11g
I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
AyushHi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj
Maybe you are looking for
-
How Can I update my app new version to the registered devices
Well, we have developed an in-house app using the Unity3d Game Engine. I'm using a Developer Enterprise account, and have already created the proper certificates, registered the devices (7 ipads) and generated the provisioning Profile. I have already
-
Hi We need to put Returns order for Free good items with reference to the Billing document number which has the free goods item category. We created on item category copying ( RENN ) and assigned to (RE) . We made copy control for Bill doc to return
-
Problems to access facebook & google after flash player 12 update
I just installed the latest version of Flash player 12.0.0.77 on my mac, running osx 10.9.2, but since then, whenever I try to visit a facebook page , youtube page or google search page I get stuck on an error message saying WARNING! Your Flash Playe
-
[SOLVED] XBMC (libnfs 1.9.3) NFS fails to connect to server
Hey guys, My NFS source in XBMC recently stopped working. I'm not postive what caused it, I tried downgrading libnfs and the linux kernel to back a few months to when I'm certain it was working, but with no success. I also tried downgrading XBMC to 1
-
Checks are not generated after Automatic payment run
Hello, I have a strange issue. Payment has been executed normally through APP. However some of the checks are not printed and it is not gone to PAYR table as well. I can see the payment documents in REGUH table and the documents have been cleared. Th