Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Similar Messages

Calling Web Service with Http Basic authentication in SOA 11g

I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
Am i missing some steps?
Please let me know.
Note - I am working on SOA 11.1.1.4.
Regards
Ayush

Hi Ayush,
Please refer -
http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
Regards,
Anuj

How to access SOAP web service with authentication, HTTP basic Authentication

Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
        var encoder:Base64Encoder = new Base64Encoder();
        encoder.insertNewLines = false; // see below for why you need to do this
        encoder.encode("someusername:somepassword");
        service.headers = {Authorization:"Basic " +encoder.toString()};
        service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?

Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

BPEL to invoke Webservice secured with HTTP Basic authentication

Hi All,
Iam trying to call a Synchronous BPEL porcess from BPEL by passing HTTP basic authentication.I have done below steps to achieve this.
1) Created Target Synchronous process ex : B
2) Created Source Syncronous Process ex : A
Iam trying to call B(Target) from A(source).
3) Open Composite.xml of A(Source)
4) Right Click on External Refernce B(Target) parter link and click Configure WS policies
5) Under Security tab attach oracle/wss_username_token_client_policy
6) Login to em/console
7) Right click on A(Source) Composite and click Service/Refence Properties>>B(Target)
8) Enter username and password under HTTP Basic Authentication.
9)Test from em.console(when we are testing under security tab I have checked None radio button)
So this is the Error message which is throwing.
==================================
The selected operation process could not be invoked.
An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security.
java.lang.Exception: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:570) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:298) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:712) at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.java:564) ... 68 more Caused by: oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:260) at oracle.sysman.emSDK.webservices.wsdlparser.OperationInfoImpl.invokeWithDispatch(OperationInfoImpl.java:843) at oracle.sysman.emas.model.wsmgt.PortName.invokeOperation(PortName.java:664) ... 69 more Caused by: javax.xml.ws.soap.SOAPFaultException: SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security. at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:874) at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:707) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:226) at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:97) at oracle.sysman.emSDK.webservices.wsdlapi.dispatch.DispatchUtil.invoke(DispatchUtil.java:256) ... 71 more
=======================================
Please let me know if Iam missing any steps.
Thanks
SSV

Followed this post.......
This is avery good question
in 11g i have taken out the steps from my document which i created for one our customer
go to composite
Right click on the external reference service and select “Configure WS policies” :done
Under the security tab, click add button and select “oracle/ wss_username_token_client_policy :done
6. Now Open the property Inspector window and click the add button under “Binding properties” tab. :done
7. Include the “oracle.webservices.auth.username--> :done
value-->password :done
8. Include the “oracle.webservices.auth.password”-->name :done
value-->password :done
Thanks
SSV

HTTP Basic authentication on EJB 3.0 based web service

How do I enable HTTP Basic authentication on EJB 3.0 based web services for OAS? Does any one have a sample solution ?
I manually updated oracle-webservices.xml file to include the following:
<ejb-transport-security-constraint>
<soap-port/>
<role-name>users</role-name>
<transport-guarantee>NONE</transport-guarantee>
</ejb-transport-security-constraint>
<ejb-transport-login-config>
<auth-method>BASIC</auth-method>
<realm-name>jazn.com</realm-name>
</ejb-transport-login-config>
When I use SOAP UI to test the web service I get the following error.
403 Forbidden
Error initializing security, security-role not found: users

I still get the 403 forbidden error message. I do not get the second part of the error message though.

How to call a web service from BPEL that requires HTTP basic authentication

Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark Nelson

Thanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete

Web Services with HTTP Basic Auth

Hi,
I am having a problem connecting to web services which
require HTTP Basic Authentication from a Flex application. I have
useProxy set to true and call setRemoteCredentials prior to
attempting the call, but the credentials do not appear to be set on
the request (the request fails with fault.faultString = "HTTP
request error", faultCode = "Server.Error.Request". The messages on
the server indicate that the user name and password were not
specified.
I do have the proxy-config.xml file set up properly (I think
-- I followed the example in the mx.rpc.soap.mxml.WebService class
description, at least).
I can verify that the WSDL (which doesn't require BASIC auth
to access) is being loaded properly, but when I make the request,
it fails. Is this a known problem?
I am using Flex Builder 2.0.1 to build my SWF files.
Thanks,
Brendan

Thanks for the pointer, I did try it, but it didn't help.
As I said in the original post, the problem is with HTTP
Basic Authentication, so adding a header for WSSE to the service
request didn't help. It needs to be an HTTP Authorization header,
not a SOAP Security header.
Brnedan

How set UserName and Password for HTTP Basic Authentication for a servlet

Hi..
How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
But i dont know how do it in JBOSS..
I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
Thank u

Hi Raj,
You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
Store the user information in a database table and check the username and password when the user enters it.
You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
CASE sy-ucomm.
 WHEN 'BACK'.
 LEAVE PROGRAM.
 WHEN <fcode for submit>.
 SELECT SINGLE uname pwd
 FROM <DB table>
 INTO (user, pass)
 WHERE username = user AND
 password = passwd.
 IF sy-subrc = 0.
<Go to next screen for further processing>
 ELSE.
<Display Error message and exit>
 ENDIF.
ENDCASE.
Regards,
Amit
Message was edited by:
 Amit Kumar

HTTP Basic authentication for proxy service and its wsdl?

Hello:
For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
Is this possible to configure on OSB / WLS? How?
Greetings!
Edited by: user4483647 on 02-sep-2010 12:59
Edited by: user4483647 on 02-sep-2010 13:25

If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
Edited by: mneelapu on Apr 2, 2009 2:09 PM

UDDI inquiry service HTTP-Basic authentication in BPEL (10.1.3.1)

Hi Gurus,
I'd like to know how we can setup BPEL server for Oracle Service Registry UDDI with HTTP-BASIC authentication for inquiry service (apart of OWSM solution)?
Imagine that in Service Registry I have defined HTTP-BASIC authentication (REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml) for inquiry service used in BPEL domain (uddiLocation key in BPEL domain configuration). And now I'd like to provide credentials. In package.xml I have this
<service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint"
service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
accepting-security-providers="HttpBasic">
<wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
<envelopePrefix xmlns="arbitraryNamespace" value=""/>
<namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
</service-endpoint>
I don't see any field with username or password. Is it automaticaly taken from security provider configured for Service Registry (for example LDAP)? If yes then it is clear.
But what about BPEL engine, where can I provide those credentials? Is it some secret configuration file? Or only supported way is to configure it through OWSM component in order to enrich request by credentials (what about license, when customer doesn't want to use OWSM)?
Do I miss something in this concept?
Thanks
Peter

as said internally - file an ER for it pls - and I will take care of it, depending on the demand - either for 10.1.3.1 GA or 10.1.3.1 patchset ..
we will support only HTTP Basic Auth - rest will follow per customer demand ..
/clemens

JDeveloper Web Service Client/Proxy Basic Authentication

Hi I recently migrated a 10g Web Service to an 11g Web Service that uses basic authentication.
I then generated the client/proxy using the WSDL for my consumer application in JDeveloper 11g. however I cannot find any functions that will allow me to set the username and password to access the web service.
For instance, in 10g Client, I simply had to this:
myPort = new SoapHttpPortClient();
myPort.setUsername("username");
myPort.setPassword("password");
I am not sure how I do the same in the generated Web Service client in 11g.
Thanks in advance.

Thanks Frank. I was able to get it to work!
I did google it but I always add "jdeveloper 11g" in my searches so that must be why this did not come up. :) Thanks again!

Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Currently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Dummy's Guide To Securing Web Applications!

 Hi,
 I need some help with securing my web app. Is there anyone out there who can
 help me with some of the troubles I am having with it. And you're have to keep
 it simple with me today. It's Friday and I'm not in the smartest of moods today!
 Here's what I have - A web app consisting of two parts, each in it's own folder.
 The first part tracks details of various "system change requests" (SCRs). The
 second part is a survey which is filled out by a user when a SCR is completed.
 What I need is for the first part (SCR details), to be password protected so
 that only certain people can access it. The second part (survey), I want anyone
 to have access. One final thing. The SCR info part should be accessable by developers
 and administrators, then there is another folder in the first part which I want
 accesible just by the administrators. So basically the folder structure of my
 web app looks like this :
 Gomez (The web app)
 |
 +-- SCRs (Part one - SCR info. Accessible by
 | | developers and administrators)
 | |
 | +-- Admin (More SCR pages for Administrators only)
 |
 +-- Survey (Should be accessible by everyone)
 So far I have tried to do this using BASIC authentication. I have set up two
 groups on the WebLogic server (dev & admin). With these groups I can restrict
 access to the first part fine. But I keep getting asked for a password on the
 survey bit which I dont want.
 So here's what I need help with :
 1. Changing the web app so that a password is asked for when accessing the SCR
 file, but not when trying to access the survey folder. I'll add a reply with
 my current web.xml.
 2. Also I was wondering if it was possible to log into a page using NT security?
 The WebLogic Server is on an UNIX box. If it's possible could somebody take
 me through it - in simple terms?
 Thanks for any help, anyone can give. If there's anything you don't get - reply
 or email me.
 Thanks again,
 Lee


 Well that little pic I drew to show my directory structure messed up. Here it
 is again :
 Gomez (The web app) 
 | 
 +-- Gomez (Part one - SCR info. Accessible by 
 | | developers and administrators) 
 | | 
 | +-- Admin (More SCR pages for Administrators only) 
 | 
 +-- Survey (Should be accessible by everyone) 
 And here's the web.xml as well :
 <?xml version="1.0" encoding="UTF-8"?> 
 <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd"> 
 <web-app> 
 <welcome-file-list> 
 <welcome-file>Gomez/scr_all.jsp</welcome-file> 
 </welcome-file-list> 
 <security-constraint> 
 <display-name>GomezPages</display-name> 
 <web-resource-collection> 
 <web-resource-name>GomezPages</web-resource-name> 
 <url-pattern>/Gomez/*</url-pattern> 
 <http-method>GET</http-method> 
 <http-method>POST</http-method> 
 </web-resource-collection> 
 <auth-constraint> 
 <role-name>developer</role-name> 
 <role-name>administrator</role-name> 
 </auth-constraint> 
 <user-data-constraint> 
 <transport-guarantee>NONE</transport-guarantee> 
 </user-data-constraint> 
 </security-constraint> 
 <security-constraint> 
 <display-name>AdminPages</display-name> 
 <web-resource-collection> 
 <web-resource-name>AdminPages</web-resource-name> 
 <url-pattern>/Gomez/admin/*</url-pattern> 
 <http-method>GET</http-method> 
 <http-method>POST</http-method> 
 </web-resource-collection> 
 <auth-constraint> 
 <role-name>administrator</role-name> 
 </auth-constraint> 
 <user-data-constraint> 
 <transport-guarantee>NONE</transport-guarantee> 
 </user-data-constraint> 
 </security-constraint> 
 <login-config> 
 <auth-method>BASIC</auth-method> 
 <realm-name>default</realm-name> 
 </login-config> 
 <security-role> 
 <role-name>administrator</role-name> 
 </security-role> 
 <security-role> 
 <role-name>developer</role-name> 
 </security-role> 
 </web-app>

Web Service Call with Basic Authentication does not work

If I try to use Basic Authentication in my Web Service Client with the automatically created methods
setUsername(inUserName)
setPassword(inPassword)
setAddress(inAddress)
the application does not make a call. Did I forget something?
Is it possible to use "Test Method" with Basic Authentication?
Thank you.

Thank you for your answer.
But: I already read this article. And it doesn't help me.
I use the following code:
            getMyServiceClient1().setUsername(inUserName);
            getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
The methods setUsername and setPassword are definded as follows:
public void setUsername(String inUserName) {
        myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
public void setPassword(String inPassword) {
        myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
}But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
I also found this thread in your forum:
http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

Publish Sharepoint 2013 via Web Application Proxy and Kerberos Authentication

This is similar to
http://social.technet.microsoft.com/Forums/windowsserver/en-US/66c23aae-8774-4257-b9f9-b796e69b0318/action?threadDisplayName=publishing-sharepoint-2010-using-web-application-proxy
However I have tried his resolution to no avail.
I am trying to publish a SharePoint 2013 website via web application proxy. SharePoint 2013 is using negotiate (Kerberos) as its authentication provider. When trying to browse to the site externally via the WAP I get an http error 500 internal server error.
In the web application proxy's event viewer I find the following two entries every time I try to browse the site.
event ID 13019
level: warning
Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because of the following general API error: No credentials are available in the security package
(0x8009030e).
Details:
Transaction ID: {5672be45-a4b8-0005-58ff-7256b8a4cf01}
Session ID: {5672be45-a4b8-0000-3909-7356b8a4cf01}
Published Application Name: sharepoint
Published Application ID: ****
Published Application External URL: https://sharepoint.domain.com
Published Backend URL: https://sharepoint.domain.com
User: [email protected]
User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
Device ID: <Not Applicable>
Token State: OK
Cookie State: NotFound
Client Request URL:
https://sharepoint.domain.com/home?authToken=****client-request-id=****
Backend Request URL: <Not Applicable>
Preauthentication Flow: PreAuthBrowser
Backend Server Authentication Mode: WIA
State Machine State: BackendRequestProcessing_Pending
Response Code to Client: <Not Applicable>
Response Message to Client: <Not Applicable>
Client Certificate Issuer: <Not Found>"
And
event ID 12027
level: error
Web Application Proxy encountered an unexpected error while processing the request.
Error: No credentials are available in the security package
(0x8009030e).
Details:
Transaction ID: ****
Session ID: ****
Published Application Name: Sharepoint
Published Application ID: ****
Published Application External URL: https://sharepoint.domain.com/
Published Backend URL: https://sharepoint.domain.com/
User: [email protected]
User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
Device ID: <Not Applicable>
Token State: OK
Cookie State: NotFound
Client Request URL:
https://gateway.dcsch.co.uk/home?authToken=****client-request-id=****
Backend Request URL: <Not Applicable>
Preauthentication Flow: PreAuthBrowser
Backend Server Authentication Mode: WIA
State Machine State: OuOfOrderFEHeadersWriting
Response Code to Client: 500
Response Message to Client: <Not Applicable>
Client Certificate Issuer: <Not Found>"
I have tried everything I have seen in many posts and the one linked above but cannot get this working. It does work fine internally.

And within the next 10 minutes I found this
http://technet.microsoft.com/en-us/library/dn308246.aspx#Kerberos
Needed to set up delegation to ANY service in the Web application proxy

Securing Web Applications by HTTP Basic Authentication

Similar Messages

Maybe you are looking for