Setting Basic Authentication for Web Service in WLS 6.1

Similar Messages

• Basic Authentication for Web Services

  I have build Web Service according to the weblogic 6.1 examples
  successfully deploying the .ear file etc.
  Now I want to add security to the WebService uri.
  I have added a <web-resource-collection> tag to the web.xml file, but
  what should I put for the <url-pattern> ?
  Am I obliged to 'manually' add <servlet> tags to the web.xml file in
  order to add a security constraint to a WebService deployed thru a
  .ear ?
  Taking WebLogic's own statelessSession.Weather example, what is the
  minimum I need to add to the web.xml file to have basic authentication
  on the weatheruri ?
  Thanks,
  Adam

  Ok, now I'm confused.  Is this a Flex app (runs in the browser) or an AIR app?  This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly.  The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app.  Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
  Mark

• SUP user authentication for web services

  Hi there.
  Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
  Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
  S

  Actually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.

• How to configure basic authentication for external services

  I have a BPM Project (11g) and within the composite I've added an external Web Service reference. This service uses basic authentication.
  I would like to deploy the composite with the username and password already configured.
  I have tried setting oracle.webservices.auth.username as a binding property and also as a property but neither seem to work. When the composite is deployed the basic authentication username is blank within Enterprise Manager.
  It also resets after updating it manually during subsequent releases.
  Any ideas?

  hi Mahender,
  Thanks for your posting!
  For this issue, you could refer to this document and tutorials (Microsoft Antimalware Whitepaper ). And you need use the Azure Powershell (http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx).
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• HTTP Basic authentication for proxy service and its wsdl?

  Hello:
  For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
  My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
  Is this possible to configure on OSB / WLS? How?
  Greetings!
  Edited by: user4483647 on 02-sep-2010 12:59
  Edited by: user4483647 on 02-sep-2010 13:25

  If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
  http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
  Edited by: mneelapu on Apr 2, 2009 2:09 PM

• Server-side authentication for web services

  I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
  user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
  change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.

  Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
  access it, and then access the
  user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
  In terms of some fields being restricted, you could remove these from the update request itself.
  Some pointers that might be helpful:
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
  http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/

• Implementing authentication for web services

  Hi all,
  I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
  Thanks in advanced and regards,
  Luis

  Hi,
  But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
  Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
  Appreciate the advice here on how to achieve that. Thanks.

• Basic Authentication with Web Service

  Hello,
  I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
  Once I have deployed the war file and run the client, I got access denied exception.
  I have checked the s1as7 log and here is the details:
  FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
  FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
  Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
  so somehow the app server treats the two sample differently with the same user id (j2ee/password)
  any comments?
  thanks..

  Hello,
  I am running S1AS7 on window XP. I have deployed the
  sample/jaxrpc/simple with basic authentication
  enabled. I have also changed to Client.java to set
  the USERNAME and PASSWORD (ie:
  stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
  "j2ee");
  Once I have deployed the war file and run the client,
  I got access denied exception.
  I have checked the s1as7 log and here is the
  details:
  FINE: Logging in user [j2ee] into realm: file using
  JAAS module: fileRealm
  FINEST: Login module initialized: class
  com.iplanet.ias.security.auth.login.File
  LoginModule
  FINEST: File login succeeded for: j2ee
  FINEST: JAAS login complete.
  FINEST: JAAS authentication committed.
  FINE: Password login succeeded for : j2ee
  FINE: Set security context as user: j2ee
  FINE: Authenticator[jaxrpc-simple]: Authenticated
  'j2ee' with type 'BASIC'
  FINE: SingleSignOn[server1]: Registering sso id
  '193F1461E0D9B982E6B4055C0134076
  9' for user 'j2ee' with auth type 'BASIC'
  FINE: Authenticator[jaxrpc-simple]: Calling
  accessControl()
  FINEST: PRINCIPAL : j2ee hasRole?: staffmember
  FINEST: PRINCIPAL TABLE: {}
  FINE: Authenticator[jaxrpc-simple]: Failed
  accessControl() test
  Please notice that the authentication worked, but the
  PRINCIPAL TABLE is null!!!! If I run the basic
  authentication sample, i can see from the log the
  PRINCIPAL TABLE is (...staff=[staffmember],
  j2ee=[staffmember],.....)
  so somehow the app server treats the two sample
  differently with the same user id (j2ee/password)
  any comments?
  thanks..
  One more thing, here is my web.xml file:
  <web-app>
  <display-name>Hello World Application</display-name>
  <description>A web application containing a simple JAX-RPC endpoint</description>
  <session-config>
  <session-timeout>60</session-timeout>
  </session-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>basic secuity test</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>POST</http-method>
       <http-method>GET</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>staffmember</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>basic-file</realm-name>
  </login-config>
  </web-app>

• User Authentication for Web Services

  Hi,
  I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
  As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
  Appreciate the advice. Thanks.

  Hi,
  But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
  Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
  Appreciate the advice here on how to achieve that. Thanks.

• Mutual authentication for Web services in BPEL

  Hi Guys,
  We have to call a few web services in bpel and our partners would want us to mutually authenticate the data that is exchanged.
  So that mean they provide us with a certificate file and we provide them with a certificate file.
  We have been using client certificates in our cacerts file and encrypting the request we send using that but we are not too sure how to set up a key in bpel so that we can decrypt the responses of the webservices.
  Does anybody have any idea how to do it. It would be a great help.
  Cheers
  Sandeep

  I would suggets to read the online tutorial:
  http://www.oracle.com/technology/products/ias/bpel/index.html
  and try one of the tutorials:
  2-Minute Product Tour
  BPEL: Learn by Example (PDF)
  Quick Start Tutorial - JDeveloper 10g (PDF)
  Quick Start Tutorial - Eclipse (PDF)

• What the mechanism of the Java Proxy for Web Services in WLS 8.1

  Hi, all;
  I try to find out how the java proxy of web service in weblogic server 8.1
  works. Suppose I use the java Proxy of a WebSerice in a client application whatever
  whithin or outside the application of the web service, does the proxy actually:
  1. translate my java arguments objects in XML to create SOAP msg,
  2. then send the msg across the network, and web service also response SOAP msg,
  3. then proxy translate it into return value of the method call ?
  If that is true , the Java Proxy seems very inefficient, right?
  Can any body tell me how the proxy works ?
  regards,
  shannon

  Hi Shannon,
  The type of proxy I'm familiar with is at the http connection level and
  associated with the networking properties in the JDK, See:
  http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html
  Your question may be related to JWS proxies, See:
  http://edocs.bea.com/workshop/docs81/doc/en/workshop/guide/howdoi/howUseTheJavaProxyForAWebService.html
  You may want to ask this question in the workshop newsgroup.
  Hope this helps,
  Bruce
  shannon lee wrote:
  >
  Hi, all;
  I try to find out how the java proxy of web service in weblogic server 8.1
  works. Suppose I use the java Proxy of a WebSerice in a client application whatever
  whithin or outside the application of the web service, does the proxy actually:
  1. translate my java arguments objects in XML to create SOAP msg,
  2. then send the msg across the network, and web service also response SOAP msg,
  3. then proxy translate it into return value of the method call ?
  If that is true , the Java Proxy seems very inefficient, right?
  Can any body tell me how the proxy works ?
  regards,
  shannon

• BASIC authentication and web client problems

  I have a very simple web service that is working. Now before attempting to use
  SSL, I want to test authenticating using BASIC authentication. I’ve made the
  changes to web.xml and even though the other web service pages authenticate ok
  (ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
  for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
  Has anyone completed this and if so, how does it work? I must have missed something
  simple.
  First, I setup the security constraint as follows:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>file-exchange-resources</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>Administrators</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
  <description>An administrators</description>
  <role-name>Administrators</role-name>
  </security-role>
  That allows me to secure / authenticate to the JSPs in the web service test app
  provided. Then I tried working with the admin server console to setup roles /
  privileges. I couldn’t get this to work but I easily could have done something
  wrong since there are no step by step examples other than the general docs in
  the programming guide.
  Next, since the web service deploys as a web application, I figured the problem
  must be that the internal WLS servlet needs security information defined in web.xml.
  I saw the programming guide listed the servlet name and discussed servlet mapping
  so I added the normal security entries for a servlet as follows and re-jarred
  the WAR and EAR.
  <servlet>
  <servlet-name>WebServiceServlet</servlet-name>
  <servlet-class>
  weblogic.webservice.server.servlet.WebServiceServlet
  </servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>WebServiceServlet</servlet-name>
  <url-pattern>/FileExchangeFacade/*</url-pattern>
  <security-role-ref>
  <role-name>Administrators</role-name>
  <role-link>Administrators</role-link>
  </security-role-ref>
  </servlet-mapping>
  It still doesn’t work. Any idea on how to get it to authenticate?
  Thanks,
  Dave

  Ok, this looks like an issue with the test page.
  When the test page gets a request to invoke a
  web service, it creates a client proxy and call invoke
  on the proxy. This will case the client proxy to
  create a new HTTP post connection to the server.
  Test page pulls out the username/passwd from the
  GET request from the browser and pass it to the
  POST request it makes to the web service. I think,
  the test page needs to do the same for realm. I will
  file a CR for this (CR105320).
  Please contact support with the case number if you
  need a patch for this.
  http://manojc.com
  "Malcolm Robbins" <[email protected]> wrote in message
  news:[email protected]...
  "Malcolm Robbins" <[email protected]> wrote in message
  news:[email protected]...
  One more thing.
  I took out explicit realm mapping and noticed that the firstauthentication
  challenge was for the WebLogic standard realm which was fine and
  authentication was successful. (i.e. I got to the web service "homepage").
  Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
  When I stepped into the web service method and pressed the Invoke buttonon
  the web service methods the realm was "default" and authenticationfailed.
  Why does the domain change and how do I cover this?Is was actually listed as "Default".
  However this is the same domain I believe because I've done a further
  experiment and set the domains explicitely
  in the deployment WAR deployment (Other tab) and in the web.xml file. The
  second challange is then asking for re-authentication in the correctdomain
  (myrealm) but it does not accept the valid user/password and just re
  challenges until 3 attempts then it displays the SOAP message and theserver
  log file has the following exception:
  java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
  'http://localhost:7001/webservice/TraderService?WSDL'
  at
  weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
  2)
  at java.net.URL.openStream(URL.java:793)
  at
  weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
  nFactory.java:73)
  at
  weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  108)
  at
  weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
  84)
  at
  weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
  ava:230)
  at
  weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
  iceServlet.java:306)
  at
  weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
  8)
  at
  weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
  at
  weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
  .java:224)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at
  weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
  tStubImpl.java:1058)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :401)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :306)
  at
  weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
  ebAppServletContext.java:5412)
  at
  weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
  r.java:744)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:3086)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :2544)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

• Authenticating the web service

  Hi
      i am using a web service but not able there i have hard coded the username and password to access the web service i don't want that i want user should enter the user name and password used in UME authentication or it should call separate HTTP Authentication but i am not able to do that so please guide me in this regards
  Thanks in advance

  Hi,
  Run through the following links to know about authentication for web service:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aed49d0d-0301-0010-6d84-e3e104dc1644
  http://help.sap.com/saphelp_nw04/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm
  Hope this helps,
  Regards,
  Srinivasan T

• How set  UserName and Password for HTTP Basic Authentication for a servlet

  Hi..
  How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
  Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
  But i dont know how do it in JBOSS..
  I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
  Thank u

  Hi Raj,
  You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
  Store the user information in a database table and check the username and password when the user enters it.
  You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
    CASE sy-ucomm.
      WHEN 'BACK'.
        LEAVE PROGRAM.
      WHEN <fcode for submit>.
        SELECT SINGLE uname pwd
         FROM <DB table>
         INTO (user, pass)
         WHERE username = user AND
                 password = passwd.
        IF sy-subrc = 0.
  <Go to next screen for further processing>
        ELSE.
  <Display Error message and exit>
        ENDIF.
    ENDCASE.
  Regards,
  Amit
  Message was edited by:
          Amit Kumar

• Specifying the character set for Web Services

  Hi
  When i set the weblogic system property
  -Dweblogic.webservice.i18n.charset=utf-8
  I get an error from weblogic douring startup
  <BEA-141087> <Unrecognized property: webservice.i18n.charset.>
  I'm using wls 8.1.
  Shouldn't this be the way to specify the encoding for web services
  Regards
  Preben

  Is it a Warning or a Error?
  If it is WARNING it is a known issue with the logging.
  The charset you set should work fine.
  Ajay
  "Preben" <[email protected]> wrote in message news:[email protected]..
  >
  Hi
  When i set the weblogic system property
  -Dweblogic.webservice.i18n.charset=utf-8
  I get an error from weblogic douring startup
  <BEA-141087> <Unrecognized property: webservice.i18n.charset.>
  I'm using wls 8.1.
  Shouldn't this be the way to specify the encoding for web services
  Regards
  Preben