HTTP digest Authentication, using HttpURLConnection

Similar Messages

• OSB: HTTP digest authentication for WebServices

  Hi,
  How do I configure HTTP digest authentication for WebServices offered by the OSB (Proxy Services with WS as transport)?
  Best regards
  Dimo

  Did you figure out how to do it.?

• HTTP Digest Authentication in Weblogic Server ?

  I understand that Weblogic Server 10.3.0.0 does not have declarative support for HTTP Digest Authentication. In that case, what are the alternatives to do HTTP Digest Authentication on the server ?
  Edited by: user566628 on Sep 19, 2008 1:47 PM

  I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
  http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
  If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

• HTTP Digest Authentication

  Hi,
  To authenticate users I have to use digest authentication (RFC2617). However, it seems there is no support for this authentication in BEA webserver 8.1.
  How can I best implement this? Any tips on where to find classes which I can reuse, I hope I do not have to develop this from scratch.
  Thanks,
  Steve

  Steve, did this ever get solved? I have the same issue trying to use Mappoint.
  Thanks.

• Digest Authentication with OC4J standalone

  Hi,
  I am using oc4j 9.0.3 standalone web container . I used axis application as soap engine for deploying a web service in the oc4j . I want to implement HTTP digest authentication for my webservice.
  I am forced to use the same verison of OC4J due to some reasons. Could anyone help me in knowing the procedure for the HTTP digest authentication implementation using oc4j903 asap.
  Advance thanks for help

  could anyone please reply to this thread asap

• Digest authentication in WL7.0

  Hi,
  Does anybody know if Weblogic Server 7.0 supports HTTP
  digest authentication method ?
  I created my own authenticator, but I want Weblogic to check
  the authentication method (but not the username/password). When
  I try to set a security constraint in my application's web.xml,
  the server says:
  weblogic.xml.dom.DOMProcessingException: DIGEST authentication method is not supported.
  Regards, Geza

  "Geza Szocs" <[email protected]> wrote in message
  news:[email protected]..
  >
  Hi,
  Does anybody know if Weblogic Server 7.0 supports HTTP
  digest authentication method ?
  Digest authentication is not supported in 7.0

• Http Digest authenticatio

  Is http digest authentication supported by osb or soa suite.?
  Thanks

  I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
  http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
  If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

• Httpurlconnection digest authentication

  We have an applet which runs after requesting a page from an http server. This applet then makes thousands of http requests (SOAP) to the same server. Our problem is that when we set the server to require digest authentication for the soap service, the httpurlconnection is sending the soap request, getting back an unauthorized, then sending the auth information with the next request. So every request is getting huge overhead, 2 round trips, when it should be 1. For the first request, java vm pops up its little window and asks for credentials, then for the rest of the requests it uses those same credentials, but does not automatically send them until the server requests them. How can I set it so that for each request, it automatically sends the credentials with the cnonce, instead of sending no credentials, getting an unauthorized reply, then sending again with the credentials? I tried System.setProperty("http.auth.digest.validateServer", "true");, but that did not change anything. All help is appreciated.

  A brute-force way I have discovered is to clear out the entire AuthCacheValue map:
  AuthCacheValue.setAuthCache(new AuthCacheImpl());
  However, both AuthCacheValue and AuthCacheImpl are part of the sun.net.www.* classes, so this method would be very fragile and raises issues of incompatibility.

• OSB Authentication using username and password (plaintext or digest)

  Hi,
  I want to implement a simple osb authentication using username/password (plain text or digest) , so that client required to provide username password token in soap header (message Level security) to access our webservices. I have read some of articles which shows how to create custom ws policy, but received following error during deployment.
  weblogic.wsee.ws.init.WsDeploymentException: The WebLogic Server 9.x-style policy is not supported in JAX-WS web services
  Please note - I can not install OWSM as part of my requirement
  =======
  <?xml version="1.0"?>
  <!-- WS-SecurityPolicy -->
  <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
  xmlns:wssp="http://www.bea.com/wls90/security/policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part">
  <!-- Identity Assertion -->
  <wssp:Identity>
  <wssp:SupportedTokens>
  <!-- Use UsernameToken for authentication -->
  <wssp:SecurityToken IncludeInMessage="true"
  TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
  <wssp:UsePassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"/>
  </wssp:SecurityToken>
  </wssp:SupportedTokens>
  </wssp:Identity>
  </wsp:Policy>

  You can use the default Auth.xml WS policy in OSB and be able implement the authentication using username and plain text password.
  Just assign the Auth.xml on the Request Policies of the Proxy Service (under Policies).
  Then use any user credentials that has access to the domain for testing.
  If you want to restrict access for each operation then in the Security tab, under Message Access Control, specify a Role.
  Then in the OSB > Security Configuration, create the appropriate role with the specific role conditions like User is User1 or User is User2 etc ...
  Hope this helps.
  Thanks,
  Patrick

• HTTPS authentication using SSL in SOAP Sender adapter

  Hi,
  We are currently doing a SOAP to RFC synchronous scenario in PI 7.0. Our client wants to ensure that the data security is maintained at the transport level. So, we have planned to implement the HTTPS without client authentication using SSL certificates. Our Basis team has promised us that they will take care of the cerficate generation and installation part in the server. Now i am confused at the PI communication channel setup level.
  1) Do i have to specify the certificate installed path in the channel or in any other object ? If so, where do i have to configure the path ?
  2) What is the exact path that has to be carried by a PI developer once the certificates are installed in the server ?
  I have attached my communnication channel screenshot below,
  http://i41.tinypic.com/mk49h.jpg
  Please let me know what i have to configure in the Sender SOAP channel to receive data securely once the certificates are installed in the system.
  Thanks & Regards,
  Sherin Jose P

  Hi,
  1.for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
  The HTTPS connection should use the certificates imported in t-code STRUST.
  have you seen below thread,
  SSL / X.509 In SOAP Sender/Receiver Adapter
  Please go through below blog,
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c?overridelayout=true
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?QuickLink=index&overridelayout=true
  http://help.sap.com/saphelp_nwpi71/helpdata/de/14/ef2940cbf2195de10000000a1550b0/content.htm
  2. you nedd to check the message flow between the sender and receiver through PI .
  regards,
  ganesh.

• Authentication syntax for HTTP GET method using TCP functions in Labview on linux

  Hi,
  Currently, I am trying to communicate to web server. I have Labview installed on a Linux machine. The HTTP function blocks and other labview functions do not work. Hence, I am building a HTTP code string using TCP functions (port 80) to talk to the web server. I am successfully able to fetch a response from web sites (example www.ni.com) from my vi. However, when I try to communicate to my web server, it does not work. It requires an authentication. I am able to open http://ipaddress in my browser from my machine using username and password. Can someone help with Authentication string requirement for GET method?
  so far the string is:
  GET /index/ HTTP/1.1
  Host: http://xx.xx.xx.xx

  An easy option would be to try http://userassword@server syntax for the URL.
  Else I posted a Twitter fetcher once (won't work anymore since Twitter moved to Oauth authentication) at LAVA. Based on code from @cloew.
  The code is part of this LLB.
  Ton
  Free Code Capture Tool! Version 2.1.3 with comments, web-upload, back-save and snippets!
  Nederlandse LabVIEW user groep www.lvug.nl
  My LabVIEW Ideas
  LabVIEW, programming like it should be!

• How  Stateless Web services requests can be authenticated using HTTP Login

  Hi All,
  How Stateless Web services requests can be authenticated using HTTP Login (with Oracle CRM On Demand Single Sign On (SSO) Token in HTTP Header).
  If there is any code regarding stateless Web services requests to CRMOD please send it to me that will be helpful for me.
  Please help me.
  Thanks,
  Jaysing
  Edited by: 883663 on Sep 19, 2011 12:06 AM

  You cant use stateless web services when you're using SSO. It's called out in the documentation.

• How to set proxy authentication using java properties at run time

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

  Hi All,
  How to set proxy authentication using java properties on the command line, or in Netbeans (Project => Properties
  => Run => Arguments). Below is a simple URL data extract program which works in absence of firewall:
  import java.io.*;
  import java.net.*;
  public class DnldURLWithoutUsingProxy {
     public static void main (String[] args) {
        URL u;
        InputStream is = null;
        DataInputStream dis;
        String s;
        try {
            u = new URL("http://www.yahoo.com.au/index.html");
           is = u.openStream();         // throws an IOException
           dis = new DataInputStream(new BufferedInputStream(is));
           BufferedReader br = new BufferedReader(new InputStreamReader(dis));
        String strLine;
        //Read File Line By Line
        while ((strLine = br.readLine()) != null)      {
        // Print the content on the console
            System.out.println (strLine);
        //Close the input stream
        dis.close();
        } catch (MalformedURLException mue) {
           System.out.println("Ouch - a MalformedURLException happened.");
           mue.printStackTrace();
           System.exit(1);
        } catch (IOException ioe) {
           System.out.println("Oops- an IOException happened.");
           ioe.printStackTrace();
           System.exit(1);
        } finally {
           try {
              is.close();
           } catch (IOException ioe) {
  }However, it generated the following message when run behind the firewall:
  cd C:\Documents and Settings\abc\DnldURL\build\classes
  java -cp . DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.net.ConnectException: Connection refused
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
  at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
  at java.net.Socket.connect(Socket.java:452)
  at java.net.Socket.connect(Socket.java:402)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:139)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:402)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:618)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:306)
  at sun.net.www.http.HttpClient.<init>(HttpClient.java:267)
  at sun.net.www.http.HttpClient.New(HttpClient.java:339)
  at sun.net.www.http.HttpClient.New(HttpClient.java:320)
  at sun.net.www.http.HttpClient.New(HttpClient.java:315)
  at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:510)
  at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:487)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:615) at java.net.URL.openStream(URL.java:913) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  I have also tried the command without much luck either:
  java -cp . -Dhttp.proxyHost=wwwproxy -Dhttp.proxyPort=80 DnldURLWithoutUsingProxy
  Oops- an IOException happened.
  java.io.IOException: Server returned HTTP response code: 407 for URL: http://www.yahoo.com.au/index.html
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245) at java.net.URL.openStream(URL.java:1009) at DnldURLWithoutUsingProxy.main(DnldURLWithoutUsingProxy.java:17)
  All outgoing traffic needs to use the proxy wwwproxy (alias to http://proxypac/proxy.pac) on port 80, where it will prompt for valid authentication before allowing to get through.
  There is no problem pinging www.yahoo.com from this system.
  I am running jdk1.6.0_03, Netbeans 6.0 on Windows XP platform.
  I have tried Greg Sporar's Blog on setting the JVM option in Sun Java System Application Server (GlassFish) and
  Java Control Panel - Use browser settings without success.
  Thanks,
  George

• DIGEST authentication support

  I have noticed that neither SunONE nor weblogic support DIGEST authentication. Tomcat appears to have spotty support as well.
  Digests should be supported by all browsers that use HTTP 1.1, but yet the servlet spec makes it an optional item for web container implementors. I would love to have a good way to hide passwords entered from the browser without going whole hog (SSL).
  Does anyone know why DIGEST isn't better supported by containers?

  I'm not sure but I don't believe so.
  Paul
  On Fri, 29 Jun 2001 13:26:58 -0400, "Alex" <[email protected]> wrote:
  Does WLS 5.1 support DIGEST authentication?
  Alex
  [email protected]

• Digest Authentication

  Hi there!
  Is there any chance to achieve digest authentication to AMServer? Suppose I have only username and digest (MD5 or SHA-1) and I want to log in and obtain SSOToken.
  For instace client enters username and password on some JSP page, then the password will be digested and send through the wire to AMServer.
  I dont want to use HTTPS or Certificate authentication (the digest is quite enough).
  Please help.
  Thanks.

  Yes, you have to do this implementation yourself in the WLSS 2.1 release. Example application code will be provided as part of a future WLSS release, however.