Web Services with HTTP Basic Auth

Similar Messages

• Calling Web Service with Http Basic authentication in SOA 11g

  I am calling a webservice which has http basic authentication attached to it. Thus i am adding 'oracle/wss_http_token_client_policy' OWSM policy to the WS refrence in my composite in Jdeveloper,but it doesn't showme the option of providing the http Username and http Password. The only key it is showing me is cf.key.
  Am i missing some steps?
  Please let me know.
  Note - I am working on SOA 11.1.1.4.
  Regards
  Ayush

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• UCM 11g web services with HTTP authentication

  Is it possible to setup UCM 11g web services with HTTP authentication?
  I did setup UCM 11g web services using OWSM policies and are working well.
  But my development team wants to consume web services with only HTTP authentication (simple user name and password), do not want to use Keystore files and encryption.
  Please help me guys.
  Thank you in advance

  Hi ,
  If you are looking to use the WSDL to execute ucm services then use SoapUI IDE on development , there it requires only the http authentication method .
  Let me know if this is the actual requirement which you were looking for or if I have missed the point .
  I use this to quickly test WSDL and verify if the service being invoked is actually correct or not .
  Thanks,
  Srinath
  Edited by: Srinath Menon on Apr 26, 2013 11:32 AM

• SSL Certificate necessary for web Service with HTTPS encoding?

  Hi experts,
  I wanna create a Web Service with HTTPS. Now when I create an endpoint in Transaction SOAMANAGER, I use "Transport Guarantee Type" HTTPS. I'm a little bit confused, becuase at "Authentication Method I have different options which I don't understand.
  At Authentication Method, there are some check boxes.
  Whats the difference between HTTP Authentication and Message Authentication?
  (Why) can I use User ID/Password as Authentication Method with HTTPS? I think I need X.509 SSL Client Certificate.
  What is a Logon Ticket?
  Is there a good Documentation in the web, who explains the meaning of the different options and when to use which option?
  Thanks and regards,
  Sebastian

  Hi,
  >>>WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  you don't use the URL from ID - you need to create one yourself and put it there in the generator
  Regards,
  Michal Krawczyk

• Need JDeveloper Web Service with HTTP POST method

  Hello all,
  I am creating a Web Service from a java class using JDeveloper. The wsdl created uses a SOAP binding. When I test the web service, either through JDeveloper or by deploying to OAS, the HTTP request created uses the HTTP GET protocol. I am assuming that this would be the same for anybody doing this.
  I need to know how to change it to be an HTTP POST protocol instead.
  The reason that I need to try and use the POST method is that the xml needed by the service holds a lot of data and the http server is giving me a "URI too long" error. I have read and been told that using POST instead of GET would help this, but I can't figure out what to change to make this happen. I am not sure if I have to make a change in the generated wsdl or somewhere else. Or if it just won't work that way.
  Any help you can provide would be appreciated.
  Thanks,
  rob

  Hi Ayush,
  Please refer -
  http://biemond.blogspot.com/2010/08/http-basic-authentication-with-soa.html
  Regards,
  Anuj

• Invoking web service with HTTP authentication using OdiInvokeWebService

  I did all configurations in OdiInvokeWebService Advanced Editor. When I press "Invoke web service" there are no errors. But when I try to execute this step there is an error:
  java.lang.IllegalArgumentException: Bad password format. Make sure that it's an encrypted password.
  Text of the command:
  OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=_321321_"
  *<?xml version = '1.0' encoding = 'UTF8'?>*
  *<ZODI_FILERequest>*
  *<ZODI_FILE>*
  *<FILE>/tmp/temp1.txt</FILE>*
  *</ZODI_FILE>*
  *</ZODI_FILERequest>*
  When I fill HTTP password edit manually and try to execute there is another error:
  *com.sunopsis.wsinvocation.SnpsWSInvocationException: AxisFault*
  *faultCode: {http://xml.apache.org/axis/}HTTP*
  *faultSubcode:*
  *faultString: (401)Unauthorized*
  Text of the command:
  *OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=*aIyHMmFSmTzVm1V08nTf"
  *<?xml version = '1.0' encoding = 'UTF8'?>*
  *<ZODI_FILERequest>*
  *<ZODI_FILE>*
  *<FILE>/tmp/temp1.txt</FILE>*
  *</ZODI_FILE>*
  *</ZODI_FILERequest>*
  ODI Version 11.1.1.3.0

  I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
  exception on JaxRpc invoke: HTTP transport error:
  javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
  javax.xml.soap.SOAPException: Bad response: 403 Forbidden
  I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
  Any suggestions?
  Thanks for your time.
  Paul Camann

• Get a URL for web service with HTTPS

  Hi,
  After deploying all required configuration for secure WS, I'm trying to generate a wsdl to give to the third party. I m using the Despay WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  Thanks in advance,
  Fred.

  Hi,
  >>>WSDL in Integration Directoryb but that WSDL containt a like staring with the HTTP instead of HTTPS! My question is how to generate a wsdl file with an HTTPS url tot he web service,
  you don't use the URL from ID - you need to create one yourself and put it there in the generator
  Regards,
  Michal Krawczyk

• Web Services with https Security without PI

  Hi experts,
  We wanna create Web Services in SAP CRM 7.0 without using the PI. The Requirement is, that we have to use https. I haven't found much (and no clear) Information about this isue.
  Does anybody know if it is possible to use https and can you provide information how to do so?
  Thanks and regards,
  Sebastian

  yes its possible.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0d0a250-ccd1-2c10-9e9f-b9d5cf259a6d?QuickLink=index&overridelayout=true
  http://help.sap.com/saphelp_nw70ehp1/Helpdata/EN/e9/ae1b9a5d2cef4ea4b579f19d902871/content.htm
  Way you create webservice from function module is same in ECC and CRM so if you google, you would find all required information.
  Regards,
  BJ

• Using HTTP basic auth in WebService

  Hi,
  I am writing a flex app that needs to talk to a pre-existing
  SOAP web service. Unfortunately the web service uses http basic
  auth to authenticate a user. I am trying to figure out exactly how
  this is accomplished but I cannot find any substantive data on the
  subject. So I was hoping someone here could point me in the right
  direction or possibly answer the question outright.
  I DID find reference to using the useProxy attribute on the
  WebService element (and that I would need to make some changes to a
  flex-config.xml) but I could not get this to work, nor could I find
  any explanation as to what exactly I was doing. I, as a workaround,
  attempted to place the auth info in the url (e.g.
  http://user:passwordhash@host:port/wsdl)
  but this did not work either as the request never made it to the
  server, I am assuming actionscript doesn't like this format?
  Anyway, does anyone have any advice/pointers? Any help would
  be appreciated.

  Hi,
  I am writing a flex app that needs to talk to a pre-existing
  SOAP web service. Unfortunately the web service uses http basic
  auth to authenticate a user. I am trying to figure out exactly how
  this is accomplished but I cannot find any substantive data on the
  subject. So I was hoping someone here could point me in the right
  direction or possibly answer the question outright.
  I DID find reference to using the useProxy attribute on the
  WebService element (and that I would need to make some changes to a
  flex-config.xml) but I could not get this to work, nor could I find
  any explanation as to what exactly I was doing. I, as a workaround,
  attempted to place the auth info in the url (e.g.
  http://user:passwordhash@host:port/wsdl)
  but this did not work either as the request never made it to the
  server, I am assuming actionscript doesn't like this format?
  Anyway, does anyone have any advice/pointers? Any help would
  be appreciated.

• Accessing IRM Web Services with Coldfsuion

  We are looking to use the IRM web services with Coldfusion. Coldfusion abstracts Web Services calls through Java calls to the point of just setting up structures and calling the functions.
  My question is about the process for building the correct parameters for the IRM services. I have the JDeveloper examples working but I can't make enough sense of what is goin on through all the calls to build the proper information.
  What I don't understand yet are things like where do I get the server key and at what point do I authenticate? Do I need to do separate calls for these things.
  I've captured a soap transaction for the update user example in JDeveloper and see there is a serverKey but no other authentication. Is this all I need?
  The web services documentation mentions authentication needs to be basic authentication. Other than that there is not more info. Is there any other source of info?

  Hi
  Sorry, things are a bit confused when it comes to Web Services (WS) documentation. At the moment (in 10g), it's mixed up with the older stuff in the Component API Help file. Also, apart from a few snippets and the JDeveloper examples, there is no WS sample code. We hope to address this in 11g.
  The web services required HTTP basic authentication details to be set before the call is invoked. This will be the username and password of the sealing user, so that user will need to be configured to use Standard Auth, rather than NT Auth. How to set this depends on the web service stack used on the client, but with JAX-RPC there are APIs that allow the user name and password to be specified. e.g.
  +// User name for authentication purposes+
  contextServices._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY,args[1]);
  +// Password for authentication purposes+
  contextServices._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY,args[2]);
  This snippet is in the Help file under the header "Authentication", or directly via:
  mk:@MSITStore:C:\Program%20Files\SealedMedia\Enterprise%20APIs%20SDK\Components%20SDK\Docs\smcomponents.chm::/ws_documentation_authentication.htm
  As for the Server Key, each IRM Server has a unique UUID value. The easiest way to get this is to call the following web service method on the “ServerServices” web service port.
  LicenseServer_ref reference = serverServices.getLicenseServerReference();
  System.out.println(reference.getServerKey());
  One you’ve obtained this it will never change (for the server you are using) and can be cached or stored for all future web service calls.
  I think you need to have the auth properties set, and the Server Key handy, for most WS methods to work, but I don't think it matters in which order you get them.
  Hope this helps,
  David

• Invoke web service with DTO

  Hey guys,
  I am quite new in using BPEL. My first test worked fine, but know I have an issue, which I can not solve. Invoking web services with a basic return value is no problem. I could also you a dto object including some basic variables in order to invoke the web service without having problems.
  But when I have a dto object as return value, I get the following exception.
  Could someone give me a hint to fix my problem...that would be great!
  Thanks alot!
  Sven
  <messages>
  - <input>
  - <carReserveRequest>
  - <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="in0">
  - <in0 xmlns="" xmlns:def="urn:TravelBooking" xsi:type="def:CarReservationDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <carType>
  Mini
  </carType>
  <customerName>
  9
  </customerName>
  <customerPhone>
  9
  </customerPhone>
  <reservationEnd>
  2030-12-12T00:00:00.000+01:00
  </reservationEnd>
  <reservationStart>
  2029-12-12T00:00:00.000+01:00
  </reservationStart>
  </in0>
  </part>
  </carReserveRequest>
  </input>
  - <fault>
  - <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
  - <part name="summary">
  <summary>
  exception on JaxRpc invoke: trailing block elements must have an id attribute
  </summary>
  </part>
  </remoteFault>
  </fault>
  </messages
  Message was edited by:
  user606281

  Here is more information. Below are the relevant sections of the web service's WSDL which I am trying to call from BPEL:
  - <wsdl:message name="getNextIDResponse">
  <wsdl:part name="part1" element="ns0:getNextIDResponse" />
  </wsdl:message>
  - <wsdl:message name="getNextIDFault">
  <wsdl:part name="part1" element="ns0:SOAPExceptionFault" />
  </wsdl:message>
  <wsdl:message name="getNextIDMessage" />
  - <wsdl:portType name="GetUniqueIDPortType">
  - <wsdl:operation name="getNextID">
  <wsdl:input message="axis2:getNextIDMessage" wsaw:Action="urn:getNextID" />
  <wsdl:output message="axis2:getNextIDResponse" />
  <wsdl:fault name="getNextIDFault" message="axis2:getNextIDFault" />
  </wsdl:operation>
  </wsdl:portType>

• Get authenticated user name (HTTP basic auth)

  Hi.
  How can I get the authenticated user name from a BPEL process when the service is protected with HTTP basic auth?
  I'm running SOA Suite 11.1.1.5.
  Thanks in advance.
  Mick

  Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
  All in all does this setup sound right?

• Securing Web Applications by HTTP Basic Authentication

  We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General  TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
  regards,
  J.Iswaryal
  K.Brinda

  Hi J.Iswaryal,
  I guess two things based on your post.
  1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
  2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
  <b>For, point one,</b>
  After creating web service goto webservice perspective in NWDS. there, choose your web service project.
  Now, open Web service configuration file recided in your project.
  Here, go under config1-> security and double click on it.
  It will display security options for this web service.
  Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
  Now, save this, rebuild this and deploy on server.
  <b>For point 2,</b>
  Make model for your web service.
  before calling your web service, set your username and password in code as shown below.
  wdContext.current<web service model node>element().modelobject()._setusername(<username>);
  wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
  Rehards,
  Bhavik

• HTTP Basic Auth and Username Authentication with Symmetric Key

  Hi,
  I have a webservice happily running on tomcat 5.5 using "Username Authentication with Symmetric Key" I have certificates setup and everything works fine. I can even connect a .net client and use the service.
  Now I have an additional requirement of authorization per operation basis so I'm planning on using the roles. My current setup uses tomcat-users.xml to configure users but I seem unable to identify the role of the user from within my code as wsContext.isUserInRole("briefing") always returns false even when it clearly isn't. Where wsContext = @Resource private WebServiceContext wsContext.
  So I figure perhaps I need to add HTTP Basic Auth to tomcat for it to gather this information so I added security-constraints to the web.xml and this seems to do the trick: at least it does for my .net client.
  If I do:
    Service service = new Service();
    Port client = service.getPort();
    BindingProvider bp = (BindingProvider)client;
    bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "myusername");
    bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "mypassword");Then it all works fine. However, I'd like a little less transparency: I don't want to have to do this every time I make a call.
  My question(s) is:
  1) Am I going about this the right way (perhaps I am somehow getting the incorrect reference to the WebServiceContext)
  2) If I am going about this the right way I imagine the whole BindingProvider code needs to be added to as a policy configuration but I'm really not sure where to start especially as I'm using wsimport to generate everything: I'm not even sure where to configure this so it will not get overwritter.
  Thanks for any help.

  Doh! Ok So I've added a SOAP Handler to automatically add the username and password for the HTTP Basic Auth.
  All in all does this setup sound right?

• Calling web service with basic authentication from EP "unauthorized"

  Hello,
  I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
  <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
  Problem in server response: [Unauthorized].</b>
  I'm using the following code for calling the .NET web service:
  <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
  lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
  ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
  ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
  Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
  I've also configured a http system in the portal system landscape using the following parameters:
  <i>Authentication Method : Basic Authentication
  Authentication Type : Server
  User Mapping Type : admin,user</i>
  The user mapping is also personalized for this system!
  What's wrong? Please help! This is really urgent!
  Kind Regards
  Joerg Loechner

  Hello Renjith,
  here is a small cutout of my "portapp.xml";
  <services>
    <service alias="LicenceManager" name="LicenceManager">
      <service-config>
        <property name="className" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager"/>
        <property name="startup" value="false"/>
        <property name="WebEnable" value="false"/>
        <property name="WebProxy" value="true"/>
        <property name="SecurityZone" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager/
                 DefaultSecurity"/>
      </service-config>
      <service-profile>
        <property name="SystemAlias" value="LicMan_NET"/
      </service-profile>
    </service>
  </services>
  I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
  Regards
  Joerg Loechner