Setting Basic Authentication for Web Service in WLS 6.1
Hi,
I am trying to set-up a Basic Username/Password authentication for a Web Service
that is hosted in WLS 6.1.
How do I go about doing that? Also once I get the username and password, how do
I pass that info
to the SOAP servlet to do the authentication? Can you give me some pointers on
this?
Thanks
Madhu
How do you want to do it? Through use of client.jar for the service or
directly? Here is how I do it directly:
String auth = "guest", pwd = "guest";
URL url = new URL("http://localhost:7001");
URL cmdURL = new URL(url.toString()+"/systemtest/TestWebService");
HttpURLConnection conn = (HttpURLConnection) cmdURL.openConnection();
String encAuth =
new BASE64Encoder().encode((auth + ":" + pwd).getBytes());
// BASE64Encode distributes long strings on multiple
// lines; we don't like that, no siree
int it = 0;
while ((it = encAuth.indexOf('\n')) != -1
|| (it = encAuth.indexOf('\r')) != -1) {
encAuth = encAuth.substring(0, it) +
encAuth.substring(it + 1);
conn.setRequestProperty("Authorization", "Basic " + encAuth);
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("SOAPAction", cmdURL.toString());
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
OutputStream oStr = conn.getOutputStream();
String cmd =
"<?xml version=\"1.0\" ?>\n"
+ "<soap:Envelope xmlns:soap=\"http://schemas.xmls"
+ "oap.org/soap/envelope/\"><soap:Body>"
+ "<ping><arg0>false</arg0></ping>"
+ "</soap:Body></soap:Envelope>";
oStr.write(cmd.getBytes());
oStr.close();
InputStream iStr = conn.getInputStream();
byte[] buffer = new byte[1024];
while (true) {
int size = iStr.read(buffer);
if (size == -1)
break;
System.out.println(new String(buffer, 0, size));
ThorAAge
Similar Messages
-
Basic Authentication for Web Services
I have build Web Service according to the weblogic 6.1 examples
successfully deploying the .ear file etc.
Now I want to add security to the WebService uri.
I have added a <web-resource-collection> tag to the web.xml file, but
what should I put for the <url-pattern> ?
Am I obliged to 'manually' add <servlet> tags to the web.xml file in
order to add a security constraint to a WebService deployed thru a
.ear ?
Taking WebLogic's own statelessSession.Weather example, what is the
minimum I need to add to the web.xml file to have basic authentication
on the weatheruri ?
Thanks,
AdamOk, now I'm confused. Is this a Flex app (runs in the browser) or an AIR app? This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly. The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app. Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
Mark -
SUP user authentication for web services
Hi there.
Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
SActually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.
-
How to configure basic authentication for external services
I have a BPM Project (11g) and within the composite I've added an external Web Service reference. This service uses basic authentication.
I would like to deploy the composite with the username and password already configured.
I have tried setting oracle.webservices.auth.username as a binding property and also as a property but neither seem to work. When the composite is deployed the basic authentication username is blank within Enterprise Manager.
It also resets after updating it manually during subsequent releases.
Any ideas?hi Mahender,
Thanks for your posting!
For this issue, you could refer to this document and tutorials (Microsoft Antimalware Whitepaper ). And you need use the Azure Powershell (http://msdn.microsoft.com/en-us/library/azure/dn771718.aspx).
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
HTTP Basic authentication for proxy service and its wsdl?
Hello:
For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
Is this possible to configure on OSB / WLS? How?
Greetings!
Edited by: user4483647 on 02-sep-2010 12:59
Edited by: user4483647 on 02-sep-2010 13:25If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
Edited by: mneelapu on Apr 2, 2009 2:09 PM -
Server-side authentication for web services
I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
access it, and then access the
user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
In terms of some fields being restricted, you could remove these from the update request itself.
Some pointers that might be helpful:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/ -
Implementing authentication for web services
Hi all,
I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
Thanks in advanced and regards,
LuisHi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
Basic Authentication with Web Service
Hello,
I am running S1AS7 on window XP. I have deployed the sample/jaxrpc/simple with basic authentication enabled. I have also changed to Client.java to set the USERNAME and PASSWORD (ie: stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, "j2ee");
Once I have deployed the war file and run the client, I got access denied exception.
I have checked the s1as7 log and here is the details:
FINE: Logging in user [j2ee] into realm: file using JAAS module: fileRealm
FINEST: Login module initialized: class com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated 'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id '193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed accessControl() test
Please notice that the authentication worked, but the PRINCIPAL TABLE is null!!!! If I run the basic authentication sample, i can see from the log the PRINCIPAL TABLE is (...staff=[staffmember], j2ee=[staffmember],.....)
so somehow the app server treats the two sample differently with the same user id (j2ee/password)
any comments?
thanks..Hello,
I am running S1AS7 on window XP. I have deployed the
sample/jaxrpc/simple with basic authentication
enabled. I have also changed to Client.java to set
the USERNAME and PASSWORD (ie:
stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY
"j2ee");
Once I have deployed the war file and run the client,
I got access denied exception.
I have checked the s1as7 log and here is the
details:
FINE: Logging in user [j2ee] into realm: file using
JAAS module: fileRealm
FINEST: Login module initialized: class
com.iplanet.ias.security.auth.login.File
LoginModule
FINEST: File login succeeded for: j2ee
FINEST: JAAS login complete.
FINEST: JAAS authentication committed.
FINE: Password login succeeded for : j2ee
FINE: Set security context as user: j2ee
FINE: Authenticator[jaxrpc-simple]: Authenticated
'j2ee' with type 'BASIC'
FINE: SingleSignOn[server1]: Registering sso id
'193F1461E0D9B982E6B4055C0134076
9' for user 'j2ee' with auth type 'BASIC'
FINE: Authenticator[jaxrpc-simple]: Calling
accessControl()
FINEST: PRINCIPAL : j2ee hasRole?: staffmember
FINEST: PRINCIPAL TABLE: {}
FINE: Authenticator[jaxrpc-simple]: Failed
accessControl() test
Please notice that the authentication worked, but the
PRINCIPAL TABLE is null!!!! If I run the basic
authentication sample, i can see from the log the
PRINCIPAL TABLE is (...staff=[staffmember],
j2ee=[staffmember],.....)
so somehow the app server treats the two sample
differently with the same user id (j2ee/password)
any comments?
thanks..
One more thing, here is my web.xml file:
<web-app>
<display-name>Hello World Application</display-name>
<description>A web application containing a simple JAX-RPC endpoint</description>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>basic secuity test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>staffmember</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>basic-file</realm-name>
</login-config>
</web-app> -
User Authentication for Web Services
Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
Mutual authentication for Web services in BPEL
Hi Guys,
We have to call a few web services in bpel and our partners would want us to mutually authenticate the data that is exchanged.
So that mean they provide us with a certificate file and we provide them with a certificate file.
We have been using client certificates in our cacerts file and encrypting the request we send using that but we are not too sure how to set up a key in bpel so that we can decrypt the responses of the webservices.
Does anybody have any idea how to do it. It would be a great help.
Cheers
SandeepI would suggets to read the online tutorial:
http://www.oracle.com/technology/products/ias/bpel/index.html
and try one of the tutorials:
2-Minute Product Tour
BPEL: Learn by Example (PDF)
Quick Start Tutorial - JDeveloper 10g (PDF)
Quick Start Tutorial - Eclipse (PDF) -
What the mechanism of the Java Proxy for Web Services in WLS 8.1
Hi, all;
I try to find out how the java proxy of web service in weblogic server 8.1
works. Suppose I use the java Proxy of a WebSerice in a client application whatever
whithin or outside the application of the web service, does the proxy actually:
1. translate my java arguments objects in XML to create SOAP msg,
2. then send the msg across the network, and web service also response SOAP msg,
3. then proxy translate it into return value of the method call ?
If that is true , the Java Proxy seems very inefficient, right?
Can any body tell me how the proxy works ?
regards,
shannonHi Shannon,
The type of proxy I'm familiar with is at the http connection level and
associated with the networking properties in the JDK, See:
http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html
Your question may be related to JWS proxies, See:
http://edocs.bea.com/workshop/docs81/doc/en/workshop/guide/howdoi/howUseTheJavaProxyForAWebService.html
You may want to ask this question in the workshop newsgroup.
Hope this helps,
Bruce
shannon lee wrote:
>
Hi, all;
I try to find out how the java proxy of web service in weblogic server 8.1
works. Suppose I use the java Proxy of a WebSerice in a client application whatever
whithin or outside the application of the web service, does the proxy actually:
1. translate my java arguments objects in XML to create SOAP msg,
2. then send the msg across the network, and web service also response SOAP msg,
3. then proxy translate it into return value of the method call ?
If that is true , the Java Proxy seems very inefficient, right?
Can any body tell me how the proxy works ?
regards,
shannon -
BASIC authentication and web client problems
I have a very simple web service that is working. Now before attempting to use
SSL, I want to test authenticating using BASIC authentication. I’ve made the
changes to web.xml and even though the other web service pages authenticate ok
(ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
Has anyone completed this and if so, how does it work? I must have missed something
simple.
First, I setup the security constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>file-exchange-resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<description>An administrators</description>
<role-name>Administrators</role-name>
</security-role>
That allows me to secure / authenticate to the JSPs in the web service test app
provided. Then I tried working with the admin server console to setup roles /
privileges. I couldn’t get this to work but I easily could have done something
wrong since there are no step by step examples other than the general docs in
the programming guide.
Next, since the web service deploys as a web application, I figured the problem
must be that the internal WLS servlet needs security information defined in web.xml.
I saw the programming guide listed the servlet name and discussed servlet mapping
so I added the normal security entries for a servlet as follows and re-jarred
the WAR and EAR.
<servlet>
<servlet-name>WebServiceServlet</servlet-name>
<servlet-class>
weblogic.webservice.server.servlet.WebServiceServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServiceServlet</servlet-name>
<url-pattern>/FileExchangeFacade/*</url-pattern>
<security-role-ref>
<role-name>Administrators</role-name>
<role-link>Administrators</role-link>
</security-role-ref>
</servlet-mapping>
It still doesn’t work. Any idea on how to get it to authenticate?
Thanks,
DaveOk, this looks like an issue with the test page.
When the test page gets a request to invoke a
web service, it creates a client proxy and call invoke
on the proxy. This will case the client proxy to
create a new HTTP post connection to the server.
Test page pulls out the username/passwd from the
GET request from the browser and pass it to the
POST request it makes to the web service. I think,
the test page needs to do the same for realm. I will
file a CR for this (CR105320).
Please contact support with the case number if you
need a patch for this.
http://manojc.com
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
One more thing.
I took out explicit realm mapping and noticed that the firstauthentication
challenge was for the WebLogic standard realm which was fine and
authentication was successful. (i.e. I got to the web service "homepage").
Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
When I stepped into the web service method and pressed the Invoke buttonon
the web service methods the realm was "default" and authenticationfailed.
Why does the domain change and how do I cover this?Is was actually listed as "Default".
However this is the same domain I believe because I've done a further
experiment and set the domains explicitely
in the deployment WAR deployment (Other tab) and in the web.xml file. The
second challange is then asking for re-authentication in the correctdomain
(myrealm) but it does not accept the valid user/password and just re
challenges until 3 attempts then it displays the SOAP message and theserver
log file has the following exception:
java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
'http://localhost:7001/webservice/TraderService?WSDL'
at
weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
2)
at java.net.URL.openStream(URL.java:793)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:73)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
108)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
84)
at
weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
ava:230)
at
weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
iceServlet.java:306)
at
weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
8)
at
weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
at
weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
.java:224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5412)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3086)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134) -
Authenticating the web service
Hi
i am using a web service but not able there i have hard coded the username and password to access the web service i don't want that i want user should enter the user name and password used in UME authentication or it should call separate HTTP Authentication but i am not able to do that so please guide me in this regards
Thanks in advanceHi,
Run through the following links to know about authentication for web service:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aed49d0d-0301-0010-6d84-e3e104dc1644
http://help.sap.com/saphelp_nw04/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm
Hope this helps,
Regards,
Srinivasan T -
How set UserName and Password for HTTP Basic Authentication for a servlet
Hi..
How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
But i dont know how do it in JBOSS..
I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
Thank uHi Raj,
You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
Store the user information in a database table and check the username and password when the user enters it.
You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
CASE sy-ucomm.
WHEN 'BACK'.
LEAVE PROGRAM.
WHEN <fcode for submit>.
SELECT SINGLE uname pwd
FROM <DB table>
INTO (user, pass)
WHERE username = user AND
password = passwd.
IF sy-subrc = 0.
<Go to next screen for further processing>
ELSE.
<Display Error message and exit>
ENDIF.
ENDCASE.
Regards,
Amit
Message was edited by:
Amit Kumar -
Specifying the character set for Web Services
Hi
When i set the weblogic system property
-Dweblogic.webservice.i18n.charset=utf-8
I get an error from weblogic douring startup
<BEA-141087> <Unrecognized property: webservice.i18n.charset.>
I'm using wls 8.1.
Shouldn't this be the way to specify the encoding for web services
Regards
PrebenIs it a Warning or a Error?
If it is WARNING it is a known issue with the logging.
The charset you set should work fine.
Ajay
"Preben" <[email protected]> wrote in message news:[email protected]..
>
Hi
When i set the weblogic system property
-Dweblogic.webservice.i18n.charset=utf-8
I get an error from weblogic douring startup
<BEA-141087> <Unrecognized property: webservice.i18n.charset.>
I'm using wls 8.1.
Shouldn't this be the way to specify the encoding for web services
Regards
Preben
Maybe you are looking for
-
Adobe field values not getting displayed in UWL workitem
Hi, We filled a ISR Adobe form and submitted it and generated the corresponding notification number. On clickng the 'display and print form', the form is gettin displayed properly. But on checking the form at the approvers UWL, the field values are n
-
How do I use ICloud Photo stream on one computer with two differenet Apple Id's. My husband and I each have seperate ID's but one computer.
-
Standalone application through BOE SDK
Hi, I am new to SDK development so trying out different things with the SDK. The first experiement that I did was trying to build a standlone application through BOE SDK. The main purpsoe of this application is to connect the enterprise and get som
-
Applets 'n win versions??
...ok, i created an applet (i copied out of a book, because i'm learning) and i tested it on my computer by creating an HTML file and using the <applet> tag with WinME. It didn't work, so i figured it was a problem with me not having the Java Runtime
-
Hi- In the past we used to get "Negative" for Payment reversal to increase the liability account and "Positive" for the Accrual Reversal. After we did upgrade to BI system, sign for the payment reversals are coming with "Positive" sign. This is causi