Transport level - Basic Authentication

Hi,
How do we set transport level basic authentication credentials (username, password) after creating a webservice proxy project. I tried the requestContext, and I think it should be somewhere else, as the service provider is using transport level basic authentication.
Any help or direction is appreciated.
Thank you,
VJ

This worked for me. If this helps anyone-
I closed the existing application. Created a new application, and then created the web service proxy. After which, in the ServiceSoap12BindingQSPortClient commented out the
existing setPortCredentialProviderList(requestContext), and have added the following:
reqContext.put(BindingProvider.USERNAME_PROPERTY,"user");
reqContext.put(BindingProvider.PASSWORD_PROPERTY,"password");
reqContext would be - Map<String, Object> reqContext = ((BindingProvider) sersServiceV3PortType).getRequestContext();, which is generated already.
I would be using this standalone project as a component.
Thanks,
VJ
Edited by: VJ on Jul 27, 2011 9:08 AM

Similar Messages

Consuming a Web Service via SSL with Basic Authentication

Hello,
I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
java.rmi.RemoteException: Service call exception; nested exception is:
     java.lang.NullPointerException
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
     at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
Caused by: java.lang.NullPointerException
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
     at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
     ... 2 more
Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
But my main focus is on the client implementation based on a proxy. Here comes the client's code:
public class MultiSecSSL {
    public static void main(String[] args) {
        try {
            MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
            SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
            SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
            AuthenticationContext auth = protocol.getAuthenticationContext();
            auth.setIgnoreSSLServerCertificate(true);
            auth.setUsername("cfpcompany");
            auth.setPassword("demo");
            String ret = service.pingText("Called service MultiSecurity via SSL");
            System.out.println(ret);
        } catch (Exception e) {
             e.printStackTrace(System.out);
Here comes the logical port information of the generated proxy:
<?xml version="1.0" encoding="UTF-8"?>
<LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
<LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
    <globalFeatures>
      <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
        <Property Name='SessionMethod' Value='httpCookies'>
        </Property>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
        <Property Name='AuthenticationLevel' Value='None'>
        </Property>
        <Property Name='AuthenticationMechanism' Value='HTTP'>
        </Property>
        <Property Name='AuthenticationMethod' Value='BasicAuth'>
        </Property>
        <Property Name='SupportsSSO2Authentication' Value='false'>
        </Property>
      </Feature>
      <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
        <Property Name='Level' Value='No'>
        </Property>
        <Property Name='TLSType' Value='SSL'>
        </Property>
      </Feature>
    </globalFeatures>
    <localFeatures>
      <Operation Name='pingText'>
        <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
          <Property Name='RequestPolicy' Value='Signature'>
          </Property>
          <Property Name='ResponsePolicy' Value='None'>
          </Property>
        </Feature>
        <Feature Name='http://sap.com/webservices/authorization' Original='true'>
        </Feature>
      </Operation>
    </localFeatures>
</LogicalPort>
</LogicalPorts>
To me, this looks consistent. Any idea, what is misconfigured on my machine ?

Hi Martin,
that is exactly, what I did.
- Change Web Service Configuration in IDE
- Build and Deploy the Service to my local Server
- Check Service in Visual Administrator
- Deleted and Regenerated the Standalone Proxy
- Deleted and Recreated the link between CLient and Proxy Project in IDE
- Started Client
Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
<webservice>
    <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
    <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
    <webservice-name>
      <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
      <localName>MultiSecuritySSLAuth</localName>
    </webservice-name>
    <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
    <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
    <ws-configuration>
      <configuration-name>SSL</configuration-name>
      <ejb-name>MultiSecWSBean</ejb-name>
      <service-endpoint-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>SSLPort</localName>
      </service-endpoint-name>
      <wsdl-porttype-name>
        <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
        <localName>MultiSecuritySSLAuthVi</localName>
      </wsdl-porttype-name>
      <webservice-definition-ref>
        <package>com.technidata.cfp.i3rdparty.cfpxml</package>
        <name>MultiSecuritySSLAuthWsd.wsdef</name>
      </webservice-definition-ref>
      <service-endpoint-vi-ref>
        <package>com.technidata.cfp.i3rdparty.cfpxml</package>
        <name>MultiSecuritySSLAuthVi.videf</name>
      </service-endpoint-vi-ref>
      <transport-binding name="SOAPHTTP_TransportBinding">
        <wsdl-binding-name>
          <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
          <localName>SSLBinding</localName>
        </wsdl-binding-name>
      </transport-binding>
      <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
      <global-features>
        <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
          <property name="TLSType" value="SSL"/>
        </feature>
        <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
        <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
          <property name="AuthenticationMethod" value="BasicAuth"/>
          <property name="AuthenticationMechanism" value="HTTP"/>
          <property name="SupportsSSO2Authentication" value="false"/>
        </feature>
      </global-features>
      <operation-configuration uniqueViName="pingText(java.lang.String)">
        <transport-binding-configuration>
          <input>
            <property name="soapAction" value=""/>
            <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
          </input>
          <output>
            <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
          </output>
        </transport-binding-configuration>
        <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
          <property name="RequestPolicy" value="None"/>
          <property name="ResponsePolicy" value="None"/>
        </feature>
        <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
          <property name="security-roles">
            <property name="role1" value="use_multisec_service"/>
          </property>
        </feature>
      </operation-configuration>
    </ws-configuration>
</webservice>
Regards,
Stefan

Proxy with *NOT-Basic* Authentication

Every thread dealing with URL connection thru Proxy explains how to connect with "Basic" authetication.
My problem : Basic authentication is not acceptable because login/password are sent uncrypted. And more, in my case the rpoxy will ask for my windows 200 login/password. So I really need to do specific authentication.
I observed tha my navigator is doing NTLM authentication : the authentication String (before Base64 encoding) looks like "NTLMSSP<encrypted login andpassword and other unknown binary data><network station name><network group name>". ex : "NTLMSSP ♀☻ ☻ 4 ♀ ( ♣� ☼☺ MYCOMPUTERWORKGROUP"
Wich password encoding is used in NTLM proxy authentication ?
Do you know some other proxy authentication that do not send clearly login&password ?

Transport level authentication is done at transport layer even before the actual proxy service gets initiated. So you wont be able to catch authentication errors in the proxy service (and do alerting/logging/reporting etc). You can probably try enabling debug logging for HTTP protocol and see if you can capture these errors in the Access.log of the servers.

HTTP Basic authentication for proxy service and its wsdl?

Hello:
For some reasons I needed to configure the HTTP basic authentication on a proxy service at OSB 11g. Everything was OK until I realized that, additionally to the authentication when calling the service, the OSB also asks for credentials when I try to get that proxy wsdl file.
My requirements are to secure the proxy service when is called only, not when retrieving the wsdl.
Is this possible to configure on OSB / WLS? How?
Greetings!
Edited by: user4483647 on 02-sep-2010 12:59
Edited by: user4483647 on 02-sep-2010 13:25

If I'm not wrong, Basic authentication is Transport level feature. So passing User/Password in SOAPHeader doesn't make sense. SOAP message can only be sent when you have a HTTP Connection open. During opening of HTTP connection User/Password is required for basic authentication.
http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security7.html#wp156943
Edited by: mneelapu on Apr 2, 2009 2:09 PM

Help needed for using BASIC authentication through JDBCRealm

Help needed.
Hello,
I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
Thank you very much.

You can set this up for your context using META-INF/context.xml instead of working with server.xml.
Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/myApp" reloadable="true">
    <Realm
        className="org.apache.catalina.realm.JDBCRealm"
        driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
        connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
        connectionName="username" connectionPassword="password"
        digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
        userRoleTable="user_roles" roleNameCol="rolename"
    />
</Context>Hope this helps.
People on the forum help others voluntarily, it's not their job.
Help them help you.
Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
----------------------------------------------------------------

How to set up and test the Basic Authentication for HTTP protocol

Hi,
I tried configuring the password based Basic Authentication for sending xml document using ebMS - HTTP protocol. I set username and password while configuring the transport server for both trading partners. I want to know, is that sufficient for basic authenticaton. When I open the URI http://localhost:7778/b2b/transportServlet, it is not asking any authentication (username/password). Please note that I have not used SSL certificate. Anyone please help me out to configure Basic authentication.

Hi Ramesh,
Thanks for ur response. Could you please tell me where to set the Additional Transport header : authtype-basic#realm=myRealm(in which property file). In enqueue code, I could see the following attributes
queue
msgID
replyToMsgID
from
to
eventName
doctypeName
doctypeRevision
msgType
payload
attachment
subscriber
Is it possible to set username/password in the enqueue attributes?
Do i need to add username/password and Transport header in the input XML and defined that elements in xsd?

How do I protect my JNLP, my JARs etc. (with Basic Authentication)???

hi all,
i know that there is a FAQ ( [see here|http://lopica.sourceforge.net/faq.html#obfuscate] ) answering a related question with "You can use an obfuscator...". ok, but is there really no other solution?
this is the simplified folder structure of my application on the server:
[application]
[etc]
    xyz.xml
[jars]
    myapp.jar
launch.jnlp
website.jsp
initial start and basic authentication:*
my first idea was to secure everything underneath "application" with basic authentication via my web.xml (yes, i'm aware of the security concerns). this means everybody can access my website (here: website.jsp) which contains a start button that links to "launch.jnlp". as soon as the user clicks on it, the browser opens its standard authentication dialog since launch.jsp is in a protected area. after entering the correct credentials the jnlp-file is downloaded and java web start takes over control. first of all it seems as it tries to access the same jnlp-file again (??? --> probably in order to check for changes in the jnlp file --> this is certainly not the case for the initial startup) and then wants to download the relevant jar (myapp.jar). because both resources are protected jws opens its own basic authentication dialog where i have to enter the same credentials the second time. as far as i know, there is no solution to pass the credentials between the browser and the jvm.
second start and basic authentication:*
if the user starts my application for the 2nd, 3rd, ... time via desktop-link (set in jnlp-file) there is no need for accessing my website with a browser. therefore only the authentication dialog of jws gets displayed. so far, so good!
and now the actual problem:*
during runtime my application (signed with verisign certificate and having all permissions) uses commons-vfs and commons-httpclient to access resources on the same server (e.g. etc/xyz.xml). since they're underneath the protected "application" directory as well, my application needs the same credentials the user already entered in the authentication dialog of jws. now i could retrieve these credentials by calling Authenticator.requestPasswordAuthentication() within my application and passing them to vfs and httpclient. however, doing so opens up jws' authentication dialog again. grrr!!! is there a way to prevent this?
related thougts:*
i know i could disable jws' default Authenticatior and set my own Authenticator which might be able to return already entered credentials without opening the dialog a second time. however, it seems that even with <property name="javaws.cfg.jauthenticator" value="none" /> jws still opens its own dialog when acessing the JNLP file and the relevant JARs during the startup/download phase. of course, who else if not jws could handle that phase? my application might not even be downloaded at this point. so i guess setting my own Authenticator would not be a solution either (at least not if i want to secure my jnlp and my jars, too). quite the contrary, it would have to open another dialog... :-(
my current solution:*
for the moment i use jws' default Authenticatior which allows me to easily protect all my stuff on the server side (jnlp, jar, etc). i can live with the two login dialogs at the initial startup. and instead of querying the credentials from jws' default Authenticatior at runtime, i set two system properties for username and password in the (protected) jnlp-file, query them at runtime and hand it to vfs and httpclient. this prevents the 2nd (or 3rd) dialog but is definitely not a great solution. most of all i'm not happy with the fact that this somehow "destroys" the container-based security advantage of easily configuring authorized users via a separate mechanism e.g. tomcat-users.xml. now there has to be one master-password that has to be set in the jnlp-file! grrr!
a possible alternative:*
i'm not sure but would it be better to secure everything with form-based authentication on the website, and dynamically generate username and password into the jnlp-file? but what happens when the admin changes the password on the server and the user starts its application via desktop-link??? in case of basic authentication i think jws would popup the login dialog again. however, if i use the old username and password generated into the jnlp it won't work. i think the user then has to access the website again. this is not good at all! :-(
the only real solution:*
should i write a small application which can be downloaded by everybody and on startup queries the user's credentials, validates them with the help of our server, and uses the javax.jnlp-api to download the secured JARs of my real application? this seems so much overkill! does anybody have experiences with this approach? how difficult is it to implement the whole download/update stuff with javax.jnlp?
WHAT HAVE I MISSED???
AM I COMPLETELY WRONG???
WHAT IS THE EASIEST WAY???
AND WHAT IS THE BEST WAY???
thank you so much,
stephan

Not sure, whether I understood correctly, what you wanna do - but up to now I can't see any problem.
if you have a structure like this:
/ctxroot/
       launch.jnlp
       /app/
           *.jar
           *.whateveryou may use in your web.xml:
     <servlet>
          <servlet-name>JnlpDownloadServlet</servlet-name>
          <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class>
     </servlet>
     <servlet-mapping>
          <servlet-name>JnlpDownloadServlet</servlet-name>
          <url-pattern>*.jnlp</url-pattern>
          <url-pattern>/app/*</url-pattern>
     </servlet-mapping>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>Application</web-resource-name>
               <url-pattern>/app/*</url-pattern>
               <http-method>GET</http-method>
               <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
               <role-name>bla</role-name>
               <role-name>fahsel</role-name>
          </auth-constraint>
          <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>Subscription</web-resource-name>
               <url-pattern>*.jnlp</url-pattern>
          </web-resource-collection>
          <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
     <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>whatever-realm</realm-name>
     </login-config>
     <security-role><role-name>bla</role-name></security-role>
     <security-role><role-name>fahsel</role-name></security-role>
...Than you may use the Service stuff like:
     BasicService bs = (BasicService)ServiceManager.lookup("javax.jnlp.BasicService");
     URL codeBase = bs.getCodeBase();
     URL pu = new URL(codeBase.toString() + "whatever.bla");
     HttpURLConnection res = (HttpURLConnection) pu.openConnection();
     res.setInstanceFollowRedirects(true);
     res.setRequestMethod("GET");
     res.setConnectTimeout(10 * 60 * 1000);
     res.connect();
     String enc = res.getContentType();
...Where is the problem? If you wanna intercept certain "calls" to an app resource, just use a filter, which decides, whether to answer the request directly by itself or to pass it to the JnlpDownloadServlet ...

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
<b>For, point one,</b>
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
<b>For point 2,</b>
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Add Basic Authentication to Proxy Services in OSB

Hi,
I need add Basic Authentication (browser pop-up with usr and pwd) to a proxy service.
¿how can I do that?
Thanks!!

For an HTTP service choose the HTTP Transport tab and select Basic for the authentication property.

HTTPS (Transport Level Security)

Hi SDNers,
I have a question regarding securing a SOAP Sender scenario using HTTPS. We are on PI 7.11 and have a SOAP-PI-RFC scenario. I have used a HTTP Sender instead of a SOAP channel to configure the option of 'HTTPS without Client Authentication'. I have generated the WSDL for this and tested successfully using SOAP UI.
But our client needs a SSL certificate for this. As far as I understand SSL certificates are used only for message level security. But here they are OK with just transport level security. Do we need any certificates in this case? Please clarify.
Another question I have is, is there any way of using HTTPS (transport level security) using SOAP Sender adapter? The option of 'HTTPS without Client Authentication' is not available anymore from PI 7.1 SP1 onwards. That is the reason I used a HTTP sender adapter.
Any help is much appreciated <text removed>
Thanks & regards,
Sudheer
Edited by: Matt on Oct 12, 2011 6:49 AM

Hi Abhishek,
I am not able to see that option in the SOAP Sender channel configuration. Besides, the help link from SAP also does not show this option.
Here is the link for EHP1:
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
and here is the link you gave,
http://help.sap.com/saphelp_nwpi71/helpdata/EN/fc/5ad93f130f9215e10000000a155106/content.htm
Clearly, both are for configuring the sender SOAP channel, but the options are different if you notice.
I am not able to understand where I am going wrong.
Appreciate your quick response.
Regards,
Sudheer

Configuring Basic Authentication with Username and password on BizTalk Schema Service

Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh S

Hi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

Basic Authentication for Web Services

I have build Web Service according to the weblogic 6.1 examples
successfully deploying the .ear file etc.
Now I want to add security to the WebService uri.
I have added a <web-resource-collection> tag to the web.xml file, but
what should I put for the <url-pattern> ?
Am I obliged to 'manually' add <servlet> tags to the web.xml file in
order to add a security constraint to a WebService deployed thru a
.ear ?
Taking WebLogic's own statelessSession.Weather example, what is the
minimum I need to add to the web.xml file to have basic authentication
on the weatheruri ?
Thanks,
Adam

Ok, now I'm confused. Is this a Flex app (runs in the browser) or an AIR app? This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly. The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app. Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
Mark

Add basic authentication like .httaccess in apache.

Hi!,
¿how can I add basic authentication to servlet or Webservice in Weblogic like .httaccess (apache) protection?
Thanks!!!!

You need to configure your deployment descriptor for that.. here is an example..
web.xml
<?xml version='1.0' encoding='UTF-8'?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<welcome-file-list>
<welcome-file>protected.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint-0</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
weblogic.xml
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>weblogic</principal-name>
</security-role-assignment>
</weblogic-web-app>

Avoiding Weblogic basic authentication check

I want to use Acegi basic authentication filter with WLS 8.1. But weblogic doesn't allow requests which have Authorization header and no such user is configured in weblogic, although I haven't configured any security in weblogic for my web-app. How could I send username and password using basic authentication, without weblogic to check them?

You can comment out the security constraint and login config in the web.xml of your application.

-Faisal
http://www.weblogic-wonders.com

Disable weblogic basic authentication from application side

I am using a restful service for my application and i want to disable basic authentication of weblogic from application not from config.xml
please help

You can comment out the security constraint and login config in the web.xml of your application.

-Faisal
http://www.weblogic-wonders.com

Transport level - Basic Authentication

Similar Messages

Maybe you are looking for