JAX-WS setting header HTTP basic authentication

Similar Messages

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• Securing Web Applications by HTTP Basic Authentication

  We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General  TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
  regards,
  J.Iswaryal
  K.Brinda

  Hi J.Iswaryal,
  I guess two things based on your post.
  1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
  2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
  <b>For, point one,</b>
  After creating web service goto webservice perspective in NWDS. there, choose your web service project.
  Now, open Web service configuration file recided in your project.
  Here, go under config1-> security and double click on it.
  It will display security options for this web service.
  Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
  Now, save this, rebuild this and deploy on server.
  <b>For point 2,</b>
  Make model for your web service.
  before calling your web service, set your username and password in code as shown below.
  wdContext.current<web service model node>element().modelobject()._setusername(<username>);
  wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
  Rehards,
  Bhavik

• How to access SOAP web service with authentication, HTTP basic Authentication

  Dear All
  i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
  http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
  http://forums.adobe.com/message/4262868
  private function authAndSend(service:HTTPService):void
          var encoder:Base64Encoder = new Base64Encoder();
          encoder.insertNewLines = false; // see below for why you need to do this
          encoder.encode("someusername:somepassword");
          service.headers = {Authorization:"Basic " +encoder.toString()};                                               
          service.send();
  Also i noticed in debug mode, always that WARNNING raised up
  Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.  The 'secure' attribute is only permitted in HTTPS and socket policy files.  See http://www.adobe.com/go/strict_policy_files for details.
  any idea ?

  Hello,
  I don't know if this could help.
  Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

• How to call a web service from BPEL that requires HTTP basic authentication

  Hi All,
  I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
  I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
  I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
  I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
  Can anyone help?
  Thanks,
  Mark Nelson

  Thanks Bas,
  I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
  <property name="basicHeaders">credentials</property>
  <property name="basicUsername">WMDATA</property>
  <property name="basicPassword">WMDATA</property>
  Instead of:
  <property name="httpUsername">WMDATA</property>
  <property name="httpPassword">WMDATA</property>
  I don’t know why this is, maybe because it is an Axis Web Service.
  Sorry for wasting your time.
  Regards Pete

• Calling Web Service with Http Basic authentication in SOA 11g

  I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
  Am i missing some steps?
  Please let me know.
  Note - I am working on SOA 11.1.1.4.
  Regards
  Ayush

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• BPEL to invoke Webservice secured with HTTP Basic authentication

  Hi All,
  Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
  1) Created Target Synchronous process ex : B
  2) Created Source Syncronous Process ex : A
  Iam trying to call B(Target) from A(source).
  3) Open Composite.xml of A(Source)
  4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
  5) Under Security tab attach oracle/wss_username_token_client_policy
  6) Login to em/console
  7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
  8) Enter username and password under HTTP Basic Authentication.
  9)Test from em.console(when we are testing under security tab I have checked None radio button)
  So this is the Error message which is throwing.
  ==================================
  The selected operation process could not be invoked.
  An exception occured while invoking the webservice operation. Please see logs for more details.
  oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
  java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
  =======================================
  Please let me know if Iam missing any steps.
  Thanks
  SSV

  Followed this post.......
  This is avery good question
  in 11g i have taken out the steps from my document which i created for one our customer
  go to composite
  Right click on the external reference service and select “Configure WS policies” :done
  Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
  6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
  7. Include the “oracle.webservices.auth.username--> :done
  value-->password :done
  8. Include the “oracle.webservices.auth.password”-->name :done
  value-->password :done
  Thanks
  SSV

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

  Hi Gurus,
  I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
  Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
  <service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
  service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
  accepting-security-providers="HttpBasic">
  <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
  <envelopePrefix xmlns="arbitraryNamespace" value=""/>
  <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
  </service-endpoint>
  I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
  But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
  Do I miss something in this concept?
  Thanks
  Peter

  as said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
  we will support only HTTP Basic Auth - rest will follow per customer demand ..
  /clemens

• HTTP Basic authentication on EJB 3.0 based web service

  How do I enable HTTP Basic authentication on EJB 3.0 based web services for OAS? Does any one have a sample solution ?
  I manually updated oracle-webservices.xml file to include the following:
  <ejb-transport-security-constraint>
  <soap-port/>
  <role-name>users</role-name>
  <transport-guarantee>NONE</transport-guarantee>
  </ejb-transport-security-constraint>
  <ejb-transport-login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>jazn.com</realm-name>
  </ejb-transport-login-config>
  When I use SOAP UI to test the web service I get the following error.
  403 Forbidden
  Error initializing security, security-role not found: users

  I still get the 403 forbidden error message. I do not get the second part of the error message though.

• Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

  Hi!
  We need to implement authentication using our own methods, and the authentication
  information is provided to the web service implementation in a basic authentication
  header. The problem is, that the servlet
  weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
  in
  wls 7.0.sp2, always attempts to perform authentication, if the header is present.
  Is there any way to circumvent this, because we want to implement authentication
  on our own?
  I already know two workarounds:
  The best would of course be to implement a custom security realm for our own
  authentication system. This is not an option, implementing an own security
  realm is overkill for this specific web service.
  The other way would be to route the requests by way of a custom servlet, which
  would
  remove the basic authentication header, and put the authentication info in custom
  headers, such as x-auth: <user:password>, or smthng similar, and after successful
  authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
  But still, I'd like to know if there is any way to tell bea's servlet to ignore
  the basic
  authentication header?
  Oh yeah, by the way, this is URGENT, as always. (really!! ;)
  Toni Nykanen

  Currently there is no option to turn off security check.
  I think you can use a servlet filter mapped to the URL
  of your service, instead of a proxy servlet?
  Regards,
  -manoj
  http://manojc.com
  "Toni Nykanen" <[email protected]> wrote in message
  news:3ef1577b$[email protected]..
  >
  Hi!
  We need to implement authentication using our own methods, and theauthentication
  information is provided to the web service implementation in a basicauthentication
  header. The problem is, that the servlet
  weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
  in
  wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
  Is there any way to circumvent this, because we want to implementauthentication
  on our own?
  I already know two workarounds:
  The best would of course be to implement a custom security realm for ourown
  authentication system. This is not an option, implementing an own security
  realm is overkill for this specific web service.
  The other way would be to route the requests by way of a custom servlet,which
  would
  remove the basic authentication header, and put the authentication info incustom
  headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
  authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
  >
  But still, I'd like to know if there is any way to tell bea's servlet toignore
  the basic
  authentication header?
  Oh yeah, by the way, this is URGENT, as always. (really!! ;)
  Toni Nykanen

• Modifying outbound header for basic authentication

  Hi,
  I want to add the username password that is required by the third party, but I dont want to use service account, instead I want to do it in message flow of proxy service by modifying some variable in the variable structure but I am not sure which variable am i suppose to change.
  Please help me out with possible solutions.
  Rgds,
  rahul.

  Hi Atheek,
  I added a transport header while routing to the business service and getting the following error <BEA-386012> <An error ocurred while evaluating the message-level username XPath selector: [OSB Security:386014]the result of the XPath selector is empty>
  I selected the Other option and value as Authorization, in the Action tab I have written xs:base64Binary('testuser:welcome')
  Thanks,
  Rahul

• Web Services with HTTP Basic Auth

  Hi,
  I am having a problem connecting to web services which
  require HTTP Basic Authentication from a Flex application. I have
  useProxy set to true and call setRemoteCredentials prior to
  attempting the call, but the credentials do not appear to be set on
  the request (the request fails with fault.faultString = "HTTP
  request error", faultCode = "Server.Error.Request". The messages on
  the server indicate that the user name and password were not
  specified.
  I do have the proxy-config.xml file set up properly (I think
  -- I followed the example in the mx.rpc.soap.mxml.WebService class
  description, at least).
  I can verify that the WSDL (which doesn't require BASIC auth
  to access) is being loaded properly, but when I make the request,
  it fails. Is this a known problem?
  I am using Flex Builder 2.0.1 to build my SWF files.
  Thanks,
  Brendan

  Thanks for the pointer, I did try it, but it didn't help.
  As I said in the original post, the problem is with HTTP
  Basic Authentication, so adding a header for WSSE to the service
  request didn't help. It needs to be an HTTP Authorization header,
  not a SOAP Security header.
  Brnedan

• Basic authentication when calling a web service

  I am attempting to call a web service using ActionScript. The
  web service provider requires that I use HTTP Basic Authentication
  to communicate my SOAP requests. I cannot seem to get this done in
  ActionScript. If I instantiate a WebService object and call its
  SetCredentials method, I get an error "Authentication not supported
  on DirectHTTPChannel (no proxy)". I have the WebService object's
  useProxy property set to true. HELP!

  I know this is five years later on this forum but there's no solution here or on any other forum.  So after two day's of hammering this out I was able to produce a workable solution.  Create a new user account for testing.
  Wu_Xiao's explanation of the issue was dead on.  The WebService does a GET then a POST and for the GET we are unable to supply the Authorization in the header and this is why we get the popup. The POST has the Authorization but it already to late. 
  Take these actions
  1 Create a new user on the machine with the web services. Start with a simple name and password (text only)  I had issues with different users. Start clean and simple.
  2 Copy your web services a second usable service.  You'll see in my example below i have Ive copied  ServicesSECURE/Services1.asmx?WSDL to ServicesDEFINITION/Services1.asmx?WSDL
  3 Remove all of the code inside of your services making the new set of service like a definition service. Make sure all of the inputs and outputs are the same. ServicesDEFINITION will have no coding and empty returns.
  Example  
  [WebMethod]
          public String CountUsers(string group)
              return "";
  4 Implement the code below. Call the init() right away to instantiate the web service and wait until it loads to use any of the services.  I use a button event to test.
  private var testws:WebService = new WebService;
    private function init():void
    testws.wsdl="http://test.com/ServicesDEFINITION/Services1.asmx?WSDL";
    var encoder:Base64Encoder= new Base64Encoder();
    encoder.insertNewLines = false; // see below for why you need to do this
    encoder.encode("USERNAME:PASSWORD");
    testws.httpHeaders = {Authorization:" Basic " + encoder.toString()};
    testws.loadWSDL();
    testws.addEventListener("load", wsdlLoadHandler);
    protected function test_clickHandler(event:MouseEvent):void
    testws["CountUsers"].addEventListener(mx.rpc.events.FaultEvent.FAULT,testFaultHandler);
    testws["CountUsers"].addEventListener(mx.rpc.events.ResultEvent.RESULT,testResultHandler) ;
    testws.endpointURI="http://test.com/ServicesSECURE/Services1.asmx?WSDL";
    testws.getOperation("CountUsers").send("Test");
    protected function wsdlLoadHandler (event:LoadEvent) : void
    //the service has to load before using the getOperation function
    //you could try using mx.core.UIComponent.callLater from
    //this listener and call the gettestws.getOperation("Co....
  So you'll see that the ServicesDEFINITION (GET) is called and grabs the definition of the Service1 service but this unsecured services is useless because we've removed all of the code.  After the definition GET is called we can change the end point using endpointURI and perform the POST against our secure ServicesSECURE.

• Proxy for Basic Authentication

  Hi,
  Can someone point out if I am on the right track about this ?
  I have an application which uses Basic Authentication as its authentication mechanism.I have defined the Application for single sign-on using the External Applications option in the Portal Builder.
  I have read further down in the documentation (Configuring and Administering External Applications) http://download.oracle.com/docs/cd/B10464_01/manage.904/b10851/ext_apps.htm#1009009
  that there is something called Proxy Authentication for Basic Authentication Applications.
  Can someone explain this to me as I am unsure as to whether I need to set this proxy up as well ? The diagram in the documentation appears to be what I am trying to do.
  As I mentioned in a previous post Basic Authentication doesn't appear to be working for me. The very first time I authenticate I get straight into the application but any attempts after that results in the Basic Authentication dialog box appearing even though I have checked the "Remember my login information" tick box.
  Any ideas ?
  Thanks,

  Thank you for the response. I tried with a pass-through service account but could not get it working.
  This is what I did:
  1. I have a SOAP business service with WS-Policy with username security assertion.
  2. I created a SOAP business service with the wsdl. OSB EPE editor said OSB does not support WSSE 1.2 policies. I extended my OSB domain to include OWSM and in the business service policy tab, selected OWSM policy option and added "oracle/wss_username_token_client_policy". (Now I am not sure how the user credentials in HTTP BASIC (headers) will be propagated to WS-Security headers)
  3. I created a pass through service account and added this service account in the SOAP business service. I am able to configure service account only when I choose HTTP BASIC authentication in the business service. This did not propagate the username from HTTP to WS-Security. I see errors in the log like "WSM-00015 : The user name is missing.". Looks like wss_username_token_client_policy is looking for username in csf-key map. I do not know this map gets populated internally. If I have to do it programmatically I saw there is java code to set BindingProvider.USER_NAME in the request context. How do I do this from OSB designer ?
  4. I tried creating a wrapper proxy around the secure SOAP business service and include the wrapper proxy in my main proxy but could not get it working. I get lof of NullPointers.
  I am missing something. Can you please help ?