User Authentication for Web Services
Hi,
I am developing a web services that resides in Intranet. Thus, would like to implement application layer of user authetication, i.e. to match the input user name and password against Database record through a web service logon() method. If authentication is passed, the client program is allowed to call subsequence web service methods, else exception needs to be thrown when calling subsequence methods.
As understand that each method call to web services is treated seperately. Thus, how can we implement the authentication so that the client program only passes in the user name and password at once through logon() method, instead of perfoming the authentication for each method?
Appreciate the advice. Thanks.
Hi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks.
Similar Messages
-
SUP user authentication for web services
Hi there.
Has anyone in the comunity had any experience with building Web Service based Mobile Business Object (MBO) in SUP 1.5.2. We have built a mobile application for a blackberry device which consumes two ERP web services. The application deploys successfully and runs on the blackberry device just fine. However, untill now the user credentials needed to authenticate a consumer to a web service has been hard-coded into the mobile business object. This, from an accountability point of view, is not an acceptible model (i.e. all mobile users would be logging in to the ERP backend with 1 common user ID).
Has anyone had any experience and could suggest an an alternative solution to this that would support accountability i.e. map SUP users to ERP users, trusted connections etc. and is this possible with SUP 1.5.2?
SActually, SUP 1.5.2 just provides the HTTP basic authentication for WS-MBO. It is enable that to create 'username' and 'password' on the WS-MBO as two input parameters. Thus, you can design your device app in SUP to prompt the dialog to accpet the username and password before you access your WS-MBO. Similar, if your web-service has input argument for username and password, you also can design a dialog like above.
-
Server-side authentication for web services
I was hoping to use Azure's server-side authentication for a HTML/JS web app. Some things are a bit unclear. For example, if a new user authenticates via Facebook, I want to create an associated record on the server-side and associate extra data with the
user, irrespective of the service used to log in. If they log in again, I want the client to be able to get this extra data (eg preferences) from the server. On the back-end, I also want to be able to update particular fields of this record that the user cannot
change themselves. I know how to go about this in a plain Node.js backend, but not sure how some of these basic things map to using Azure's services.Once the user logs in, you will have their information available to your server scripts. So one option is to use a custom API (or a Mobile Services Table) to insert/read/update the user data. You would protect this endpoint so that only logged-in users can
access it, and then access the
user object to obtain an ID an associate it in a table row. Lookups could be performed by similarly querying for the ID.
In terms of some fields being restricted, you could remove these from the update request itself.
Some pointers that might be helpful:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-data/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-call-custom-api/
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-authorize-users-in-scripts/ -
Implementing authentication for web services
Hi all,
I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
Thanks in advanced and regards,
LuisHi,
But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
Appreciate the advice here on how to achieve that. Thanks. -
Configure User Authentication in Web Service
Hi,
I have a receiver soap channel that consume a web service with user authentication. I am setting the user/password in Connection Parameters section, but I'm getting the error from the web service:
Incoming message does not contain required Security header
Any ideas about what's wrong in my channel?
Regards,
IsmaelHi,
It doesn't work in my case (It's said in the first post).
I have tested it using PI 7.1 using:
- "Message Protocol=SOAP 1.1." and filling user/password in "Configure User Authentification" and I get the error:
soap fault: WSDoAllReceiver: Incoming message does not contain required Security header
- "Message Protocol=Axis ." I get the error:
com.sap.engine.interfaces.messaging.api.exception.MessagingException:
javax.ejb.EJBException: Exception in getMethodReady() for stateless bean sap.com/com.sap.aii.axis.app*xml|com.sap.aii.adapter.axis.ejb.jar*xml|AFAdapterBean;
nested exception is: com.sap.engine.services.ejb3.util.pool.PoolException: javax.ejb.EJBException:
Exception raised from invocation of public void com.sap.aii.adapter.axis.modules.AFAdapterBean.ejbCreate() throws javax.ejb.CreateException method on bean instance com.sap.aii.adapter.axis.modules.AFAdapterBean@5902bd4b for bean sap.com/com.sap.aii.axis.app*xml|com.sap.aii.adapter.axis.ejb.jar*xml|AFAdapterBean; nested exception is: javax.ejb.CreateException: java.lang.NoClassDefFoundError: org/apache/axis/AxisFault
Regards, -
Basic Authentication for Web Services
I have build Web Service according to the weblogic 6.1 examples
successfully deploying the .ear file etc.
Now I want to add security to the WebService uri.
I have added a <web-resource-collection> tag to the web.xml file, but
what should I put for the <url-pattern> ?
Am I obliged to 'manually' add <servlet> tags to the web.xml file in
order to add a security constraint to a WebService deployed thru a
.ear ?
Taking WebLogic's own statelessSession.Weather example, what is the
minimum I need to add to the web.xml file to have basic authentication
on the weatheruri ?
Thanks,
AdamOk, now I'm confused. Is this a Flex app (runs in the browser) or an AIR app? This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly. The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app. Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
Mark -
Setting Basic Authentication for Web Service in WLS 6.1
Hi,
I am trying to set-up a Basic Username/Password authentication for a Web Service
that is hosted in WLS 6.1.
How do I go about doing that? Also once I get the username and password, how do
I pass that info
to the SOAP servlet to do the authentication? Can you give me some pointers on
this?
Thanks
MadhuHow do you want to do it? Through use of client.jar for the service or
directly? Here is how I do it directly:
String auth = "guest", pwd = "guest";
URL url = new URL("http://localhost:7001");
URL cmdURL = new URL(url.toString()+"/systemtest/TestWebService");
HttpURLConnection conn = (HttpURLConnection) cmdURL.openConnection();
String encAuth =
new BASE64Encoder().encode((auth + ":" + pwd).getBytes());
// BASE64Encode distributes long strings on multiple
// lines; we don't like that, no siree
int it = 0;
while ((it = encAuth.indexOf('\n')) != -1
|| (it = encAuth.indexOf('\r')) != -1) {
encAuth = encAuth.substring(0, it) +
encAuth.substring(it + 1);
conn.setRequestProperty("Authorization", "Basic " + encAuth);
conn.setRequestProperty("Content-Type", "text/xml");
conn.setRequestProperty("SOAPAction", cmdURL.toString());
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
OutputStream oStr = conn.getOutputStream();
String cmd =
"<?xml version=\"1.0\" ?>\n"
+ "<soap:Envelope xmlns:soap=\"http://schemas.xmls"
+ "oap.org/soap/envelope/\"><soap:Body>"
+ "<ping><arg0>false</arg0></ping>"
+ "</soap:Body></soap:Envelope>";
oStr.write(cmd.getBytes());
oStr.close();
InputStream iStr = conn.getInputStream();
byte[] buffer = new byte[1024];
while (true) {
int size = iStr.read(buffer);
if (size == -1)
break;
System.out.println(new String(buffer, 0, size));
ThorAAge -
Mutual authentication for Web services in BPEL
Hi Guys,
We have to call a few web services in bpel and our partners would want us to mutually authenticate the data that is exchanged.
So that mean they provide us with a certificate file and we provide them with a certificate file.
We have been using client certificates in our cacerts file and encrypting the request we send using that but we are not too sure how to set up a key in bpel so that we can decrypt the responses of the webservices.
Does anybody have any idea how to do it. It would be a great help.
Cheers
SandeepI would suggets to read the online tutorial:
http://www.oracle.com/technology/products/ias/bpel/index.html
and try one of the tutorials:
2-Minute Product Tour
BPEL: Learn by Example (PDF)
Quick Start Tutorial - JDeveloper 10g (PDF)
Quick Start Tutorial - Eclipse (PDF) -
Authenticating the web service
Hi
i am using a web service but not able there i have hard coded the username and password to access the web service i don't want that i want user should enter the user name and password used in UME authentication or it should call separate HTTP Authentication but i am not able to do that so please guide me in this regards
Thanks in advanceHi,
Run through the following links to know about authentication for web service:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aed49d0d-0301-0010-6d84-e3e104dc1644
http://help.sap.com/saphelp_nw04/helpdata/en/7c/a6d13f83a14d21e10000000a1550b0/frameset.htm
Hope this helps,
Regards,
Srinivasan T -
User Authentication for subfolder not working in Web Browser
We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
One of the functionalities of the Application is to send emails with attachments.
The logic is that the Application would generate the attachment file on the Application Server.
Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
Exchange and Relay Server is also set in the Application.
The problem is that the folder containing the folder which stores the attachments is having user authentication set.
Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
Alias created in httpd.conf
Alias /int-dir/ "/apps/interface/"
The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
Application Server : 10.12.213.21
Database Server : 10.12.213.22
Email Server : 10.12.213.44
Configuration as per httpd.conf
Alias /int-dir/ "/apps/interface/"
<Location /int-dir/>
AuthName "Interface folder"
AuthType Basic
AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
require user scott
</Location>
<Location /int-dir/email>
Options Indexes Multiviews IncludesNoExec
Order deny,allow
Deny from all
Allow from 10.12.213.21
Allow from 10.12.213.22
Allow from 10.12.213.44
</Location>
Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
However if we use the following URL :
http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
Please help me if you can.
Thanking you in advance,
GLad to give any more information that i can.
dxbrockyThanks for your response. I fixed the problem by selecting "full site" or "full website" at bottom of the web page. After making this selection the zoom function returned. Thanks again for your interest.
-
User Authentication in Web Dynpro Java
Hi guys,
I was just wondering how user authentication can be achieved in WDJ? In Web Dynpro ABAP this comes for free when you launch an application. However, in WDJ we can deploy and call the URL without any authentication at all. Is there a way to configure this or do we really have to code this? Thanks! Generous points will be awarded!Hi Alex,
check this links,
Re: User Authentication in Web Dynpro Application
Authentication of Web Dynpro
Using Web Dynpro authentication for a Web Service call
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/dd48d990-0201-0010-92a3-c3ed7e9fd244
http://help.sap.com/saphelp_nw04s/helpdata/en/04/ee8b8b0d23b746854897adc5611c1d/frameset.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8304e990-0201-0010-ed8b-d978f1e67b1e
Regards,
vino -
(261936172) Q general Are there seperate logs for web services?
Q<general> Are there seperate logs for web services?
A<general> It does not appear that there are any separate logs for web services.
There is knex.log file that records the errors that occur during deployment of
your .jws files. There is also the standard server log that provides information
about server status - you can write to this programmatically if you wish. There
is also the access.log file which record all the HTTP requests so this might cover
some of your web service requests that are transmitted over HTTP.Maybe the user has deniad Access to the Runbook, check in Runbook Designer.
Seidl Michael | http://www.techguy.at |
twitter.com/techguyat | facebook.com/techguyat -
Invalid Content Type Error for Web Service
Hi Experts,
We have a XI / PI Web Service, and have created an Adaptive Web Service Model for the same. For using this web service model, we have created a HTTP destination of type WSDL.
This configuration works great in our development and consolidation server.
While working with our production server, with all the settings same as consolidation server, the following error is generated for Web Service call. using the AWS model
java.io.IOException: Invalid content type while requesting http://<host>:<port>/webdynpro/resources/<application_package>/guicall.wsdl. Expected Content-type: text/xml, received Content-type: content/unknown, used user to connect: null
The HTTP destination address is the one specified in bold above.
Also, in later part of the stack trace we are bale to see this error:
com.sap.tc.webdynpro.model.webservice.exception.WSModelRuntimeException: Exception on creation of service metadata for WS metadata destination
Please guide us on this issue.
Best Regards,
Alka.Hi Alka,
How did you configure the Webservice Destinations in Visual Admin for a webservice explosed by XI system.
I mean what was the URL specified, did you specify XI SYSTEM userid password ???
How was the webservice published to inspection.wsil in XI system ??
Thanks,
Regards,
Aditya Metukul -
How to assign Tasks to other users using Exchange Web Service.
How to assign Tasks to other users using Exchange Web Service.
Any workaround also would helpHi Glen,
I am trying to use ExtendedPropertyType and put in UpdaterItemType as in this code as below. Although it is not updating the Owner
field.
I have tried it both by Propertyname and PropertyID. Although new custom property's canbe
added but to change an existing one like 'Owner' ? Would this be the right method.
2. And Is ProprertyID a fixed value as 0x811f or does it need to be calculated.
3. Is 'Owner' the right propertname for assigning a task ?
Thanks a lot.
Please see code below for reference.
PathToExtendedFieldType pathExtended = new PathToExtendedFieldType();
//pathExtended.DistinguishedPropertySetId = DistinguishedPropertySetType.PublicStrings;
pathExtended.DistinguishedPropertySetId = DistinguishedPropertySetType.Task;
pathExtended.DistinguishedPropertySetIdSpecified = true;
pathExtended.PropertyId = 0x811f;
pathExtended.PropertyIdSpecified = true;
//pathExtended.PropertyName = "Owner";
pathExtended.PropertyType = MapiPropertyTypeType.String;
ciSetAT.ExtendedProperty = new ExtendedPropertyType[1];
ciSetAT.ExtendedProperty[0] = new ExtendedPropertyType();
ciSetAT.ExtendedProperty[0].ExtendedFieldURI = pathExtended;
ciSetAT.ExtendedProperty[0].Item = "[email protected]";
SetItemFieldType set1 = new SetItemFieldType();
set1.Item = pathExtended;
set1.Item1 = ciSetAT;
UpdateItemType request = new UpdateItemType();
request.ItemChanges = new ItemChangeType[1] { new ItemChangeType() };
request.ItemChanges[0].Item = itemId;
request.ItemChanges[0].Updates = new ItemChangeDescriptionType[2];
request.ItemChanges[0].Updates[0] = setstart;
request.ItemChanges[0].Updates[1] = set1; -
Portal Authentication from web service
I would like to run a web service on a remote machine that checks if the user of the web service exists as a portal user.
My initial thought was to just log the user in whenever they attempt to use the web service and then log them out at the end. I have researched the AuthContext class and attempted a test implementation however it errors looking for certain AM Property files.
Perhaps I should just access the directory server directly? Basically, I just want to restrict usage of the web service to the existing portal users.
If anyone could offer any suggestions it would be appreciated. (Code examples or snippets would be appreciated)
Thanks in advance...
JasonHi,
1) If your webservice is on the same network:
- Just bind to LDAP (this is the fastes way)
2) OR You can also use identity SDK to connect
to your instance and receive AMUser object.
3) If you are not on the same network( SRAP access):
You can create a "stand alone" jsp or servlet which
doing (1) or (2) and your webservice talks over https to this servlet.
4) Logging user to portal is too much overhead and
at the end you don't know if user is a portal user or
just has login privilege to identityserver...
Cheers,
Alex :-)
Maybe you are looking for
-
Error in SSO between Portal and IDM
Hi All, In my scenario i need to configure the IDM workflow in portal and do SSO between them. I followed the steps given in IDM-Workflow installation document and did following things. 1. Uploaded the par file available in IDM installation kit in to
-
hi team I have developed Adapter Engine Alerts and i have received an Error. when i checked ion the message monitor and also in the communication chhannel monitoring the following error is being displayed " Message processing failed. Cause: com.sap.e
-
IPod Touch video out broken with 3.1.3
Anyone else experienced this? I updated to 3.1.3 this afternoon, and now when I plug my iPod into the dock in my LG Home Theatre the iPod displays a message about it not being compatible with that accessory. I get the same result when trying to outpu
-
Hi, Would it be possible to get a Linux PPC version please of Oracle 8i ? Winton
-
Button/Branch Routing Error:ERR-7621 Could not determine workspace for app
We are getting an error for one of our applications that is only occurring in Production and we are unable to reproduce in any of our other environments. When the user clicks a button on one specific page (Save, Back, Add) the user is getting the fol