Passing username & password in HTTP Header

Similar Messages

• How to pass username;password in to header Variable

  Hi All,
  I have to invoke client SOAP WSDL based web service, He has given the URL. I want to invoke it from bpel. It is sync based web service.
  Please have look at sample input data. in the header section there is element called Token.  what i need to do here I need to pass the user name and password those separated by ;
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.xxxxxxx.com/2005/">
     <soapenv:Header>
        <ns:AuthorizationToken>
           <ns:Token>username;password</ns:Token>
        </ns:AuthorizationToken>
     </soapenv:Header>
     <soapenv:Body>
        <ns:WEBGet>
           <ns:key>pass the input value</ns:key>
        </ns:WEBGet>
     </soapenv:Body>
  </soapenv:Envelope>
  Please advise me how to pass these values when i am invoking it through BPEL.
  Thanks,

  Please help me out, It is little bit urgent.

• Passing Username/Password from .xsql to Oracle

  Is there any other way to connect to the Oracle than hardcoding username, password, dburl and driver in the XSQLConfig.xml file?
  Can I use parameters in .xsql files?
  The idea is that every web user connects to DB like himself, so I am looking for a way to pass Username/Password from web application to the Oracle using xsql files on every connection.
  Thanks in advance.
  Oleg.

  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Steven Muench ([email protected]):
  Most web applications connect as a single backend database user to maximize the benefit of connection pooling.<HR></BLOCKQUOTE>
  While that may be true for publically accessible sites, I've found many, many internal web-apps need user authentication (login, whatever). In fact, the inability to do this easily has tipped some of our projects away from web-apps.
  null

• How to pass username/password through WebService proxy client to E-BS.

  Hi
  We are using ADF Webservice proxy client to integrate E-Business suite with ADF. It asks for username/password to access details from E-BS. In the generated webservice XSD file, a method is available with 2 parameters.
  1) SOAP header( Contains Username, responsibility and 2 more fields)
  2) Class object(Nested Object)
  However i didn't find "*Password*" field anywhere in it. Then how can I pass "*Password*" along with username to invoke this method?
  When i checked SOAP, the password is defined like this
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>a
  Thanks
  Raja

  hi Dario
  Thank you for your post. It is really helpful. Now I got stuck with a doubt, in this piece of code
  final Binding binding = ((BindingProvider) servicePort).getBinding();
  List<Handler> handlerList = binding.getHandlerChain();
  if (handlerList == null)
  handlerList = new ArrayList<Handler>();
  They didn't mention properly about "*servicePort*". What object is this?
  I checked in Oracle document, even in that I was not clear with that piece of code.
  public class HandlerWS{ 
  @Resource WebServiceContext ctx;
  @WebMethod()
  public String getProperty(String propertyName) {  
  return (String) ctx.getMessageContext().get(propertyName);
  public class Main {
  public static void main(String[] args) {
  HandlerWS test;
  try {
  test = new HandlerWS(new URL(args[0] + "?WSDL"), new
  QName("http://example.org", "HandlerWS") );
  } catch (MalformedURLException murl) { throw new RuntimeException(murl); }
  HandlerWSPortType port = test.*getHandlerWSPortTypePort*();
  What is this HandlerWSPortType object???. Can you give me little more explanation about it?
  Thanks

• External Web Service - User and password in HTTP header

  Hi!
  How is it possible to add user and password in the HTTP header in a external web service call? 
  I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio.  I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>.  I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
  How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
  Cheers
  Asle

  Hello All,
  I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
  I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
  OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
  Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
  Sorry for the long post. Hope someone can help. Thanks.

• Proxy auth - still getting 407 after passing username/password

  Hi,
  I am having trouble access url via our proxy. I have read/tried all the examples but still nothing. However java webstart can connect.
  1. proxy is Microsoft
  2. base64Encoder from com.orielly.server package
  here is the code:
  try {
  URL url = new URL("http", "someproxy", 80, "someurl");
  HttpURLConnection conn = (HttpURLConnection) url.openConnection();
  String proxyPassword = "DOMAIN\\username:password";
  String encoded = Base64Encoder.encode(proxyPassword.getBytes());
  conn.setRequestProperty("Proxy-Authorization","Basic "+encoded);
  conn.connect();
  System.out.print( conn.getResponseCode() );
  catch( Exception e ) {
  System.out.print( e ) ;
  when I run this I get 407 code.
  any help/pointers will be appreciated
  Thanks

  Check out this article
  http://www.javacoding.net/articles/technical/passproxy.html

• Pass Username & Password to a Different Application in the Same Workspace

  Can I pass the username and password from a main menu to open a different application in the same workspace. I'm trying to prevent the user from having to logon again. My main menu has links to different applications within the same work space.
  Thank you

  Anonymous - One way to do it (if you are using HTML DB's built-in session management) is to edit each application's authentication scheme and type in the same cookie name in the cookie name field (use any name you like). Another way is to use Single Sign-On.
  Scott

• Can I pass username & password in JDBC URL in Crystal Reports 2008?

  Hi,
  I tried to put this URL in the CRConfig.xml file : jdbc:postgresql://hostname:5432/db_name?user=user_name&password=pw
  Without the user and password parameters, it works fine but I always have to enter the database information when I create a new report or refresh an existing report.
  With the parameters, when I create a new report, if I click on "Create new connection", Crystal Reports freezes. If I click on the connection in "My connections", then I get an "Invalid argument" error message.
  How can I configure the database information so that I don't always need to enter it manually?
  Thanks,
  Marianne

  Hi Marianne,
  We don't recommended you do that. The text is in the clear so anyone could use your log on info. You may be able to add your user name to the Report by editing the connection properties from the Set Location dialog box but to add your password would give anyone who opened your report your log on info.
  And the info would be passed to the DB over the network in the clear so someone could hack your info.
  Thank you
  Don

• How to pass username/password to BPEL web service from java proxy?

  Hi all,
  Environment : SOA Suite 11g
  I am using basic http authentication in my SOA services using "oracle/wss_http_token_client_policy" policy. Now i need to invoke these SOA web services from a java proxy.
  Please let me know how this can be done.
  Thanks in advance

  Have you tried the below posts ?
  BPEL to invoke Webservice secured with HTTP Basic authentication
  Invoke a BPEL process using HTTP Basic Authentication
  http://docs.oracle.com/cd/E21764_01/web.1111/e13713/owsm_appendix.htm#CHDBAHBI
  Thanks,
  Vijay

• Username and password through SOAP header

  Hi Gurus
  I am developing web service model in webdynpro by consuming third-party WSDL. This third party web service expecting me to send the user name &password through SOAP header.
  Can any body tell me how to pass the username password through SOAP header using webdynpro model?

  Hi,
     In WD there's no direct way to access the SOAP message header. If the web service defines implicit headers in JAX-RPC then you have to use the setProperty methods of the javax.xml.rpc.Stub interface so that the JAX-RPC handler can retrieve these via the getProperty methods.
  Regards,
  Satyajit.

• Single-Sign-On (SSO) configuration on JAVA Stack through HTTP Header method

  Hello SDN community,
  in the context of a Proof of Concept, we are testing the integration of Microsoft Sharepoint Portal with SAP Backend (addin) systems.
  As the architecture impose use an external scenario (access from the internet), we couldn't use the Kerberos (SPNego) solution and thus we chosed the http header solution which in short uses an intermediary web server (in this case the IIS of the MOSS solution) which will act as authority.
  I miss information on how the workflow works for this http header authentication method. Through the visual administrator of the addin JAVA stack, it is possible to configure each application with a customized authentication (a choice of security modules). But this all that I know.
  My task is to configure SSO. From a sharepoint portal, the user should be able to access Web Dynpros and BSPs. I imagine that the very first call to a webdynpro or bsp (or maybe when we log on the sharepoint portal), the request to the WDP or BSP will first be forwareded by the intermediary server to the JAVA stack (or is it the SAP dispatcher that has to be configured).
  Is there an application to be built on the java stack to deal with the authentication, modify http header?
  What will the Java stack return? a sap long ticket? a token?
  How will the redirect work (to by example a BSP which is in the ABAP stack)?
  SAP preconise to secure with SSL the link between the intermediary web server and the JAVA stack, is IP restriction also a solution?
  A lot of questions about how this SSO http header should work,
  I would be very greatful for any help, or info,
  Kind regards,
  Tanguy Mezzano

  Hi Tanguy,
  to tell you the truth I'm really unsure about what you are trying to achieve. When I started posting to your thread I thought all you wanted was trying to access your J2EE engine via Browser and authenticate against the engine using HTTP Header Variables. Nevermind:
  Here are some answers to your question:
  in fact I did succeed, the problem was that even after domain-relaxation done by the J2EE, I had to change the domain of th SAP cookie to the bbbb.domain.com to be understood (I would have thought that all hosts in/under domain .domain would have accepted such a cookie but it seems that no...).
  The server does not care about the domain because Cookies in an HTTP Request do not contain any domain information. The domain is just important when the Cookie is set by the server so your Client (Browser) will know in which cases the Cookie may be sent or not. So if your domain is xxx.yyy.domain.com and your cookie is issued to .domain.com then your Browser will definitely sent it to all hosts under .domain.com (This includes xxx.yyy.domain.com etc.)
  My current scenario is: in a first request get a SAP Logon Ticket from the Java Stack, then change its domain and then directly call the backend with it.
  You can do that but there is no Client involved in this scenario. So this is useful if you just want to test the functionality (e.g. authentication to J2EE using Header Variables (This works finally!!!) and then use the fetched Logon Ticket to test SSO against any trusted Backend!!)
  So everything's is in a Java Client application without using any redirection.
  If I understand you, you're solution is from the Browser call a servlet (which is deployed on the Java Stack and has no authentication schema) by passing to it our http header.
  No, you should initially authenticate somewhere! I thought that maybe you had some resource you access before accessing the Java Stack. This could be any application (e.g. deployed on a Tomcat or JBOSS or other server or if you like even SAP J2EE). After authenticating there you are aware of the username and could use it to  procceed (e.g. Authenticate against the J2EE using the same user and HTTP Header authentication for that particular user!)
  That servlet will transfer the http header (with the HttpClient app) in order to get from the Java Stack a SAP Logon ticket, and then to redirect to the resource and by sending back the cookie in client browser. Am I correct?
  This was just a suggestion because I realized that there was no Client ever involved in any of your testing (looked strange to me!). I was just thinking that it would be easier for you to just get the Cookie into your Browser so your Browser would do the rest for you (in your case finally send the Logon Ticket Cookie to your Backend to test SSO using Logon Tickets!).
  The AuthenticatorServlet somehow serves as a Proxy to your client because your client is not able to set the Header Variable. That's why I initially suggested to use a Proxy (e.g. Apache) for that purpose. The problem is just that if you use a Proxy you will have to tell it somehow which username it should set in the Header Variable (e.g. using a URL Parameter or using a personalized client certificate and fetch the username (e.g. cn=<username> from the certificate!)
  This way of doing would simplify the calls for sso for each new application needing authentication, instead of having all code each time in it...
  I'm stuck again! Do you want to authenticate an End User or do you want to authenticate an application that needs to call any resources in your Backend that requires authentication?
  So my problem now, is how to call the servlet from the client browser:
  I'm trying to call my servlet from the browser but I don't succeed. I am able to understand how to reach a jsp from the Java Stack, but not to reach a servlet. I don't find the path to my servlet:
  <FORM method="POST" action="SSORedirect2" >
  A JSP is a servlet too. There is just no JAVA Class involved!
  You do not need any POST Request to invoke a Servlet.
  I see that my servlet is deployed, but I don't how what path to give to my form to invoke the servlet, here follows my web.xml
    <?xml version="1.0" encoding="UTF-8" ?>
    <!DOCTYPE web-app (View Source for full doctype...)>
  - <web-app>
    <display-name>WEB APP</display-name>
    <description>WEB APP description</description>
  - <servlet>
    <servlet-name>SSOredirect2</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
    </servlet>
  - <servlet>
    <servlet-name>SSORedirect2.jsp</servlet-name>
    <jsp-file>/SSORedirect2.jsp</jsp-file>
    </servlet>
  - <security-constraint>
    <display-name>SecurityConstraint</display-name>
  - <web-resource-collection>
    <web-resource-name>WebResource</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
  - <auth-constraint>
    <role-name>DefaultSecurityRole</role-name>
    </auth-constraint>
    </security-constraint>
  - <security-role>
    <role-name>DefaultSecurityRole</role-name>
    </security-role>
    </web-app>
  If you have an AuthenticatorServlet Class all you need is to add the Servlet Mapping in your web.xml file
  e.g.
  <servlet>
    <description>
    </description>
    <display-name>AuthenticatorServlet</display-name>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <servlet-class>com.atosorigin.examples.AuthenticatorServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>AuthenticatorServlet</servlet-name>
    <url-pattern>/AuthenticatorServlet</url-pattern>
  </servlet-mapping>
  You can directly call the Servlet in your Browser by calling the URL provided in the url-pattern of your Servlet mapping ( in this case /AuthenticatorServlet). The engine will invoke the Class "com.atosorigin.examples.AuthenticatorServlet" in the background and do whatever you defined there!
  I have also to pass my http header and the redirectUrl in the GET request.
  If you like! I just suggested this for testing purposes. As I stated before you need a way to tell your proxy (or in your case AuthenticatorServlet) which user should be set when calling the Engine in order to authenticate using HTTP Header. You could use the URL Paramater to define the user you actually want to use when you set the Header Variable.
  I just introduced the redirectURL because you were talking about redirects all the time. So if you finally want to call the Backend you could define the Backend URL in the redirectURL Parameter and the Servlet will make sure that you are redirected to this location after the whole process!
  Thx for your input very helpful,
  But again 0 points
  Cheers

• Bookmark a page with username/password in the URL

  I can add username/password for HTTP authentication directly to the URL (e.g. http://user:[email protected]/ ) and this works fine with the browser on Firefox OS 1.3 (on a ZTE Open C). However, when bookmarking that page, the bookmark doesn't include the username/password any more and so I'll have to manually enter the username/password when visiting that site again (after clearing private data) - and unfortunately there is no password manager for Firefox OS yet...
  Another way to add a bookmark appears to be via a small Javascript using the "save-bookmark", however that appears to only give me the option to add the bookmark to the Home Screen (and I am not sure if it will keep the username/password information in the bookmarked URL).
  Is there any other way to add a bookmark to the browser and keep the username/password information in the URL?

  Here is an example:
  http://user1:[email protected]/auth-basic/
  Works fine if you enter that URL in the URL bar. But when bookmarking it, it only gets bookmarked as http://test.webdav.org/auth-basic/ and so you will have to enter username and password again (after clearing cookies and session data) when opening from bookmarks.

• Authenticate with SSL if username/password are in an HTTP header

  Can 9iAS Portal authenticate a user if username and password are
  embeded in the HTTP header? Customer is using SSL.

  I'm not clear on what you're trying to accomplish. Are you attempting to detect that it's an iPad and then direct it to a web page designed for an iPad's format and browser? If you are, do a web search for "detecting mobile devices" and you'll find a number of techniques for doing that. Here's one:
  http://www.bionicworks.com/php/detect-ipads-safari-browser-and-redirect-to-html5 -page
  If that's not what you mean, please post back and explain further what it is you wish to accomplish and perhaps someone can steer you appropriately.
  Regards.

• Submit Pdf form to http w/ credentials (username/password)

  Hi!
  I developed a form in Adobe LiveCycle, it has a button which submits form with attachments to http site.
  No coding involved, just configuration of the button.
  Http site requires credentials (username/password). How do I pass those credentials with submission?
  Can username/password be added to http header?
  Or I can excecute some javascript before submission?
  Thanks you!

  I got it working
  1. WS (in .net) must be asmx service. WS method accepting attachment should have string as a parameter, which will be passed as base-64 encoded string. So to save it as a file it has to be decoded first. I used byte[] ... = Convert.FromBase64String(yourstring).
  Keep in mind string <= 2GB
  2. In PDF file add WS service as Data Connection (File->New Data Connection ->WSDL File-> wsdl -> etc...). PDF will generate all WS parameters and a button to call WS. Drag and drop data connection on the form OR right mouse click -> generate fields OR set <connect> element of different controls as you wish to match data connection. Let's say control generated and binded to WS input string parameter is called "base64StringDocContent" (name = "base64StringDocContent") and button that submits to WS is called "submitAttachmentBtn" (name="submitAttachmentBtn").
  3. Javascript code to send attachment to WS:
  //access pdf form
  var formDom = event.target;
  //attachment id should be unique, can be anything you like
  var attachmentId = new Date().getTime() + "";
  //prompt user for document and get it
  var documentSelected = formDom.importDataObject(attachmentId);
  if (documentSelected == true){
       //user selected the document
       //get stream of the document (attachment)
       var inputStream = formDom.getDataObjectContents(attachmentId);
       //get new stream encoded as base64
       var vEncodedStream = Net.streamEncode(inputStream, "base64");
       //get string from the stream
       var sBase64 = util.stringFromStream(vEncodeStream);
       //get conrol which is binded to WS input parameter
       //my PDF form is called form1
       var wsInputParam = form1.resolveNode("$..base64StringDocContent");
       //get button which submits to WS
       var wsSubmitBtn = form1.resolveNode("$..submitAttachmentBtn");
       //assign attachment content (encoded string to input parameter)
       wsInputParam.rawValue = sBase64;
       //call click event of WS submit button
       wsSubmitBtn.execEvent('click');
       //done
       //if WS returns any value it will be assigned to control binded to output value of the web service.
  else{
       //user clicked Cancel
  4. Validation and try and catch should be added where/when needed.
  Hope it saves a couple of days for somebody.
  Good luck!!!
  I am still curious how to work with credentials doing http submission.
  If somebody has a solution please post it.

• Extracting username and password from security header

  Hey all,
  I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
  1) I secured my BPEL process
  2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
  3) I added the security variable to the Header Variables for the BPEL process input
  4) I added the security variable to the Input Header Variables for the web service's invoke operation
  This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
  Environment:
  JDeveloper 11.1.1.6.0
  Thanks,
  Bill

  Hi Sri,
  If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
  Thanks,
  Bill