PROXY BASIC AUTHENTICATION

Similar Messages

• JDeveloper Web Service Client/Proxy Basic Authentication

  Hi I recently migrated a 10g Web Service to an 11g Web Service that uses basic authentication.
  I then generated the client/proxy using the WSDL for my consumer application in JDeveloper 11g. however I cannot find any functions that will allow me to set the username and password to access the web service.
  For instance, in 10g Client, I simply had to this:
  myPort = new SoapHttpPortClient();
  myPort.setUsername("username");
  myPort.setPassword("password");
  I am not sure how I do the same in the generated Web Service client in 11g.
  Thanks in advance.

  Thanks Frank. I was able to get it to work!
  I did google it but I always add "jdeveloper 11g" in my searches so that must be why this did not come up. :) Thanks again!

• Add Basic Authentication to Proxy Services in OSB

  Hi,
  I need add Basic Authentication (browser pop-up with usr and pwd) to a proxy service.
  ¿how can I do that?
  Thanks!!

  For an HTTP service choose the HTTP Transport tab and select Basic for the authentication property.

• Proxy with *NOT-Basic* Authentication

  Every thread dealing with URL connection thru Proxy explains how to connect with "Basic" authetication.
  My problem : Basic authentication is not acceptable because login/password are sent uncrypted. And more, in my case the rpoxy will ask for my windows 200 login/password. So I really need to do specific authentication.
  I observed tha my navigator is doing NTLM authentication : the authentication String (before Base64 encoding) looks like "NTLMSSP<encrypted login andpassword and other unknown binary data><network station name><network group name>". ex : "NTLMSSP &#9792;&#9787; &#9787; 4 &#9792; ( &#9827;� &#9788;&#9786; MYCOMPUTERWORKGROUP"
  Wich password encoding is used in NTLM proxy authentication ?
  Do you know some other proxy authentication that do not send clearly login&password ?

  Transport level authentication is done at transport layer even before the actual proxy service gets initiated. So you wont be able to catch authentication errors in the proxy service (and do alerting/logging/reporting etc). You can probably try enabling debug logging for HTTP protocol and see if you can capture these errors in the Access.log of the servers.    

• Proxy for Basic Authentication

  Hi,
  Can someone point out if I am on the right track about this ?
  I have an application which uses Basic Authentication as its authentication mechanism.I have defined the Application for single sign-on using the External Applications option in the Portal Builder.
  I have read further down in the documentation (Configuring and Administering External Applications) http://download.oracle.com/docs/cd/B10464_01/manage.904/b10851/ext_apps.htm#1009009
  that there is something called Proxy Authentication for Basic Authentication Applications.
  Can someone explain this to me as I am unsure as to whether I need to set this proxy up as well ? The diagram in the documentation appears to be what I am trying to do.
  As I mentioned in a previous post Basic Authentication doesn't appear to be working for me. The very first time I authenticate I get straight into the application but any attempts after that results in the Basic Authentication dialog box appearing even though I have checked the "Remember my login information" tick box.
  Any ideas ?
  Thanks,

  Thank you for the response. I tried with a pass-through service account but could not get it working.
  This is what I did:
  1. I have a SOAP business service with WS-Policy with username security assertion.
  2. I created a SOAP business service with the wsdl. OSB EPE editor said OSB does not support WSSE 1.2 policies. I extended my OSB domain to include OWSM and in the business service policy tab, selected OWSM policy option and added "oracle/wss_username_token_client_policy". (Now I am not sure how the user credentials in HTTP BASIC (headers) will be propagated to WS-Security headers)
  3. I created a pass through service account and added this service account in the SOAP business service. I am able to configure service account only when I choose HTTP BASIC authentication in the business service. This did not propagate the username from HTTP to WS-Security. I see errors in the log like "WSM-00015 : The user name is missing.". Looks like wss_username_token_client_policy is looking for username in csf-key map. I do not know this map gets populated internally. If I have to do it programmatically I saw there is java code to set BindingProvider.USER_NAME in the request context. How do I do this from OSB designer ?
  4. I tried creating a wrapper proxy around the secure SOAP business service and include the wrapper proxy in my main proxy but could not get it working. I get lof of NullPointers.
  I am missing something. Can you please help ?

• Basic Authentication SSO, Web proxy, Rewriter issue

  I have iPS 3.0 SP4.
  I have configured the Gateway to do single signon for HTTP Basic Authentication. My external application also requires a web proxy to connect, so I added the proxy to the "DNS Domain and Subdomains" list. My "Rewrite all URLs Enabled" is not checked.
  I added a link to the external application in the Bookmark channel. When I click on the link, a new browser window is launched, SSO happened (verified from iwtGateway log), but the contents kept going back to the Portal Desktop instead of the external aplication.
  I found out that the external application is using the URL location information of the browser to extract the protocol, host and port info to construct the target page using JavaScript. By the Gateway rewriting the URL, the JavaScript is incorrectly using the Gateway host and port, instead of the application host and port.
  How do I setup the Gateway to do Basic Auth SSO, use a web proxy to fetch the content, but do NOT do URL rewriting? Our users have access to the application directly, so we do not need to run the app behind the Gateway. But I need to use the Gateway to to the SSO. Also, since the "DNS Domain and Subdomains" list is used for both proxy definition and rewriting, how do I make them mutually exclusive - i.e. want to use web proxy but do not want rewriting?
  Can you also suggest other ways of doing Basic Authentication SSO without using the Gateway? I have seen some discussions on using the Authenticator class and a separate Servlet. Please post me an example.
  Thanks.

  Yes, I have already tried the option you suggested. I had previously created a JSP channel that has a link invoking my servlet. This servlet, reads the user profile from an external LDAP and sends the Authorization header on a URLConnection object, just like you described it.
  However, I cannot just simply render the returned content on the InputStream of the URLConnection. The browser/client is actually connected to the servlet - so presenting the images and links directly will be relative to the servlet machine, not the external app. So the images and links do not work.
  If I do a request.sendRedirect(...), the external application will ask for the auth header again. The browser has not captured the auth header that was sent earlier by the servlet.
  How do you tell the browser to keep the auth header for all subsequent request? Is the Gateway SSO approach telling the browser to keep sending the auth header, or is the Gateway programmatically adding the auth header for each request?

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• 3.1EA1: proxy client used allows only BASIC authentication

  The proxy client used only use BASIC authentication. The problem the proxy we're using uses NTLM authentication, and the user/password are the domain user/password, thereby very dangerous to send using a non-secure authentication mode as BASIC (a simple base64 enconding of user and password...)
  Edited by: user8381214 on Oct 21, 2011 3:52 AM

  Hi user8381214 ,
  Can you give me more details?
  Note that there are two main types of proxy connection:
  1/username1[username2]/password
  and
  2/username1/password with proxyClient username2/password
  Which one is affected?
  -Turloch
  SQLDeveloper team
  If you would prefer this to be off the forum my email address is:
  turloch<dot>otierney<AT>oracle.com

• IIS Reverse Proxy and Basic Authentication

  Hi,
  we've currently put a WebAS 6.40 serving a BSP Application in our Appl-DMZ. For the access via Web the IIS Reverse Proxy is used, which works fine as long as you use a service for which a user is provided (in SICF). But if you don't provide a user in the service (in order to debug the BSP Application) you have to authenticate yourself using Basic Authentication (Browser Popup) which does not work (the popup returns and returns ...)
  I' ve browsed the forums and it seems that the IIS Reverse Proxy does not support (the forwarding) of Basic Authentication "requests".
  So my question, does someone exactly know if the IIS Reverse proxy supports Basic Authentication or not ?
  Thanks,
  Markus

  Hello Markus,
  1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
  2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
  Regards
  Gregor

• Reverse Proxy + Policy Agent generates unwanted Basic Authentication

  We have a policy agent installed on the SJWS 7.0u1. It's configured as a reverse proxy to a server running on another port on the same machine as the web server. The policy agent catches the request and redirects to the access manager, which authenticates fine. The access manager then redirects back to the web server, which then issues presents the basic authentication dialog. (We did not configure it for basic authentication).
  In a previous post I was directed to check my DNS entries. Both servers can resolve each other without problem. I can type nslookup server.practicegreenhealth.org, nslookup server (these are the web server addresses) and they both resolve to the correct ip. I can type nslookup access.practicegreenhealth.org and nslookup access and they both resolve to the correct IP.
  I had the application deployed as a JRuby application within the SJWS's servlet container and the setup worked fine. I switched back to using SJWS as a reverse proxy to application running as its own instance and am now presented with the basic auth dialog. I can hit the application fine both from the box it's running on and if I disable the policy agent. It's just the combination of the reverse proxy configuration + the policy agent that doesn't seem to work.
  Edited by: phoehne on Jun 23, 2008 12:40 PM

  what does the server error log say ? you might want to increase the log level to finest (config/server.xml change info to finest) and restart and look at the server error logs. this could provide us some insight on what is happening. most likely some config parameters in obj.conf need to be fine tuned.

• OSB : Restful proxy service with basic authentication

  Hi,
  We want to expose a restful webservice from OSB with Basic authentication (username and password). Let us know what is the procedure for the same.
  THanks,

  Hi Vinoth,
  The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
  You basically have 2 options:
  - You can configure your LDAP in Providers
  - Use the DefaultAuthenticator that weblogic provides you by default.
  If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
  Do mark this as useful or answered, if this has helped.

• Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

  Hi!
  We need to implement authentication using our own methods, and the authentication
  information is provided to the web service implementation in a basic authentication
  header. The problem is, that the servlet
  weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
  in
  wls 7.0.sp2, always attempts to perform authentication, if the header is present.
  Is there any way to circumvent this, because we want to implement authentication
  on our own?
  I already know two workarounds:
  The best would of course be to implement a custom security realm for our own
  authentication system. This is not an option, implementing an own security
  realm is overkill for this specific web service.
  The other way would be to route the requests by way of a custom servlet, which
  would
  remove the basic authentication header, and put the authentication info in custom
  headers, such as x-auth: <user:password>, or smthng similar, and after successful
  authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
  But still, I'd like to know if there is any way to tell bea's servlet to ignore
  the basic
  authentication header?
  Oh yeah, by the way, this is URGENT, as always. (really!! ;)
  Toni Nykanen

  Currently there is no option to turn off security check.
  I think you can use a servlet filter mapped to the URL
  of your service, instead of a proxy servlet?
  Regards,
  -manoj
  http://manojc.com
  "Toni Nykanen" <[email protected]> wrote in message
  news:3ef1577b$[email protected]..
  >
  Hi!
  We need to implement authentication using our own methods, and theauthentication
  information is provided to the web service implementation in a basicauthentication
  header. The problem is, that the servlet
  weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
  in
  wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
  Is there any way to circumvent this, because we want to implementauthentication
  on our own?
  I already know two workarounds:
  The best would of course be to implement a custom security realm for ourown
  authentication system. This is not an option, implementing an own security
  realm is overkill for this specific web service.
  The other way would be to route the requests by way of a custom servlet,which
  would
  remove the basic authentication header, and put the authentication info incustom
  headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
  authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
  >
  But still, I'd like to know if there is any way to tell bea's servlet toignore
  the basic
  authentication header?
  Oh yeah, by the way, this is URGENT, as always. (really!! ;)
  Toni Nykanen

• Calling web service with basic authentication from EP "unauthorized"

  Hello,
  I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
  <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
  Problem in server response: [Unauthorized].</b>
  I'm using the following code for calling the .NET web service:
  <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
  lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
  ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
  ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
  Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
  I've also configured a http system in the portal system landscape using the following parameters:
  <i>Authentication Method : Basic Authentication
  Authentication Type : Server
  User Mapping Type : admin,user</i>
  The user mapping is also personalized for this system!
  What's wrong? Please help! This is really urgent!
  Kind Regards
  Joerg Loechner

  Hello Renjith,
  here is a small cutout of my "portapp.xml";
  <services>
    <service alias="LicenceManager" name="LicenceManager">
      <service-config>
        <property name="className" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager"/>
        <property name="startup" value="false"/>
        <property name="WebEnable" value="false"/>
        <property name="WebProxy" value="true"/>
        <property name="SecurityZone" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager/
                 DefaultSecurity"/>
      </service-config>
      <service-profile>
        <property name="SystemAlias" value="LicMan_NET"/
      </service-profile>
    </service>
  </services>
  I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
  Regards
  Joerg Loechner

• Consuming a Web Service via SSL with Basic Authentication

  Hello,
  I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
  When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
  java.rmi.RemoteException: Service call exception; nested exception is:
       java.lang.NullPointerException
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
       at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
  Caused by: java.lang.NullPointerException
       at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
       at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
       at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
       ... 2 more
  Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
  000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
  But my main focus is on the client implementation based on a proxy. Here comes the client's code:
  public class MultiSecSSL {
      public static void main(String[] args) {
          try {
              MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
              SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
              SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
              AuthenticationContext auth = protocol.getAuthenticationContext();
              auth.setIgnoreSSLServerCertificate(true);
              auth.setUsername("cfpcompany");
              auth.setPassword("demo");
              String ret = service.pingText("Called service MultiSecurity via SSL");
              System.out.println(ret);
          } catch (Exception e) {
               e.printStackTrace(System.out);
  Here comes the logical port information of the generated proxy:
  <?xml version="1.0" encoding="UTF-8"?>
  <LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
    <LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
      <globalFeatures>
        <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
          <Property Name='SessionMethod' Value='httpCookies'>
          </Property>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
          <Property Name='AuthenticationLevel' Value='None'>
          </Property>
          <Property Name='AuthenticationMechanism' Value='HTTP'>
          </Property>
          <Property Name='AuthenticationMethod' Value='BasicAuth'>
          </Property>
          <Property Name='SupportsSSO2Authentication' Value='false'>
          </Property>
        </Feature>
        <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
          <Property Name='Level' Value='No'>
          </Property>
          <Property Name='TLSType' Value='SSL'>
          </Property>
        </Feature>
      </globalFeatures>
      <localFeatures>
        <Operation Name='pingText'>
          <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
            <Property Name='RequestPolicy' Value='Signature'>
            </Property>
            <Property Name='ResponsePolicy' Value='None'>
            </Property>
          </Feature>
          <Feature Name='http://sap.com/webservices/authorization' Original='true'>
          </Feature>
        </Operation>
      </localFeatures>
    </LogicalPort>
  </LogicalPorts>
  To me, this looks consistent. Any idea, what is misconfigured on my machine ?

  Hi Martin,
  that is exactly, what I did.
  - Change Web Service Configuration in IDE
  - Build and Deploy the Service to my local Server
  - Check Service in Visual Administrator
  - Deleted and Regenerated the Standalone Proxy
  - Deleted and Recreated the link between CLient and Proxy Project in IDE
  - Started Client
  Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
    <webservice>
      <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
      <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
      <webservice-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>MultiSecuritySSLAuth</localName>
      </webservice-name>
      <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
      <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
      <ws-configuration>
        <configuration-name>SSL</configuration-name>
        <ejb-name>MultiSecWSBean</ejb-name>
        <service-endpoint-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>SSLPort</localName>
        </service-endpoint-name>
        <wsdl-porttype-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>MultiSecuritySSLAuthVi</localName>
        </wsdl-porttype-name>
        <webservice-definition-ref>
          <package>com.technidata.cfp.i3rdparty.cfpxml</package>
          <name>MultiSecuritySSLAuthWsd.wsdef</name>
        </webservice-definition-ref>
        <service-endpoint-vi-ref>
          <package>com.technidata.cfp.i3rdparty.cfpxml</package>
          <name>MultiSecuritySSLAuthVi.videf</name>
        </service-endpoint-vi-ref>
        <transport-binding name="SOAPHTTP_TransportBinding">
          <wsdl-binding-name>
            <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
            <localName>SSLBinding</localName>
          </wsdl-binding-name>
        </transport-binding>
        <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
        <global-features>
          <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
            <property name="TLSType" value="SSL"/>
          </feature>
          <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
          <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
            <property name="AuthenticationMethod" value="BasicAuth"/>
            <property name="AuthenticationMechanism" value="HTTP"/>
            <property name="SupportsSSO2Authentication" value="false"/>
          </feature>
        </global-features>
        <operation-configuration uniqueViName="pingText(java.lang.String)">
          <transport-binding-configuration>
            <input>
              <property name="soapAction" value=""/>
              <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
            </input>
            <output>
              <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
            </output>
          </transport-binding-configuration>
          <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
            <property name="RequestPolicy" value="None"/>
            <property name="ResponsePolicy" value="None"/>
          </feature>
          <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
            <property name="security-roles">
              <property name="role1" value="use_multisec_service"/>
            </property>
          </feature>
        </operation-configuration>
      </ws-configuration>
    </webservice>
  Regards,
  Stefan

• BASIC authentication and web client problems

  I have a very simple web service that is working. Now before attempting to use
  SSL, I want to test authenticating using BASIC authentication. I’ve made the
  changes to web.xml and even though the other web service pages authenticate ok
  (ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
  for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
  Has anyone completed this and if so, how does it work? I must have missed something
  simple.
  First, I setup the security constraint as follows:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>file-exchange-resources</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>Administrators</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
  <description>An administrators</description>
  <role-name>Administrators</role-name>
  </security-role>
  That allows me to secure / authenticate to the JSPs in the web service test app
  provided. Then I tried working with the admin server console to setup roles /
  privileges. I couldn’t get this to work but I easily could have done something
  wrong since there are no step by step examples other than the general docs in
  the programming guide.
  Next, since the web service deploys as a web application, I figured the problem
  must be that the internal WLS servlet needs security information defined in web.xml.
  I saw the programming guide listed the servlet name and discussed servlet mapping
  so I added the normal security entries for a servlet as follows and re-jarred
  the WAR and EAR.
  <servlet>
  <servlet-name>WebServiceServlet</servlet-name>
  <servlet-class>
  weblogic.webservice.server.servlet.WebServiceServlet
  </servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>WebServiceServlet</servlet-name>
  <url-pattern>/FileExchangeFacade/*</url-pattern>
  <security-role-ref>
  <role-name>Administrators</role-name>
  <role-link>Administrators</role-link>
  </security-role-ref>
  </servlet-mapping>
  It still doesn’t work. Any idea on how to get it to authenticate?
  Thanks,
  Dave

  Ok, this looks like an issue with the test page.
  When the test page gets a request to invoke a
  web service, it creates a client proxy and call invoke
  on the proxy. This will case the client proxy to
  create a new HTTP post connection to the server.
  Test page pulls out the username/passwd from the
  GET request from the browser and pass it to the
  POST request it makes to the web service. I think,
  the test page needs to do the same for realm. I will
  file a CR for this (CR105320).
  Please contact support with the case number if you
  need a patch for this.
  http://manojc.com
  "Malcolm Robbins" <[email protected]> wrote in message
  news:[email protected]...
  "Malcolm Robbins" <[email protected]> wrote in message
  news:[email protected]...
  One more thing.
  I took out explicit realm mapping and noticed that the firstauthentication
  challenge was for the WebLogic standard realm which was fine and
  authentication was successful. (i.e. I got to the web service "homepage").
  Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
  When I stepped into the web service method and pressed the Invoke buttonon
  the web service methods the realm was "default" and authenticationfailed.
  Why does the domain change and how do I cover this?Is was actually listed as "Default".
  However this is the same domain I believe because I've done a further
  experiment and set the domains explicitely
  in the deployment WAR deployment (Other tab) and in the web.xml file. The
  second challange is then asking for re-authentication in the correctdomain
  (myrealm) but it does not accept the valid user/password and just re
  challenges until 3 attempts then it displays the SOAP message and theserver
  log file has the following exception:
  java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
  'http://localhost:7001/webservice/TraderService?WSDL'
  at
  weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
  2)
  at java.net.URL.openStream(URL.java:793)
  at
  weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
  nFactory.java:73)
  at
  weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  108)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  84)
  at
  weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
  ava:230)
  at
  weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
  iceServlet.java:306)
  at
  weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
  8)
  at
  weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
  at
  weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
  .java:224)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at
  weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1058)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :401)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  at
  weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletContext.java:5412)
  at
  weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:744)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:3086)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2544)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)