Web srevicesHTTP Basic Authentication in Creator2

Creator2 does not seem to be generating stubs that support the setUsername and setPassword methods of Stub. When I try to use them I get a null pointer exception. Is anyone else having this problem?

Hi,
Please post your queries related to Creator 2 EA in the connect tool. The URL is https://feedbackprograms.sun.com/login.html
regards
MJ

Similar Messages

EJB3 Web Service - basic authentication

I have a very simple EJB @WebService in an EJB jar and placed in an EAR. The web service has an @RolesAllowed annotation on a role called WSS_USER.
I have a weblogic-ejb-jar.xml file containing..
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.bea.com/ns/weblogic/10.0" xsi:schemaLocation="http://www.bea.com/ns/weblogic/10.0 http://www.bea.com/ns/weblogic/10.0/weblogic-ejb-jar.xsd">
<weblogic-enterprise-bean>
<ejb-name>TestWebServiceEJB</ejb-name>
<enable-call-by-reference>True</enable-call-by-reference>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>WSS_USER</role-name>
<principal-name>WSS_USER</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
I have created the correct WSS_USER principal within Weblogic.
If I test the web service using SoapUI I get:
<message>[EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=Test, module=Bedrock.server.services.local.jar, ejb=TestWebServiceEJB, method=test, methodInterface=ServiceEndpoint, signature={}.</message>
How do I get basic authentication working with this web service?
In glassfish I add the following into sun-ejb-jar.xml and it works fine:
<ejb>
<ejb-name>TestWebServiceEJB</ejb-name>
<webservice-endpoint>
<port-component-name>TestWebServiceEJB</port-component-name>
<endpoint-address-uri>ctx/TestWebServiceEJB</endpoint-address-uri>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</webservice-endpoint>
</ejb>
Is there an equivalent in weblogic?
Thanks,
Matt

I was hoping it could be achieved without weblogic specific annotations?
What I'm after is an example of a simple EJB3 web service in a jar, inside an ear, with no war file.
I'd then like BASIC authentication on that web service.
Something that can be dropped into any app server.
Matt

Web service basic authentication

I'm trying to setup a web service manually and I have the WSDL. I want to try to leverage the basic authentication option but the controls to activate this for the manual web service definition are disabled. Anyone have any idea why? Or better yet, how to enable them?
Earl

The username name bassword is for HTTP Basic Authentication. I am not sure that your Web service is requesting basic authentication. It looks like it is expecting credentials to be passed in the SOAP header.
If that is the case, the WSDL should describe what the parameters in the SOAP header should be. Can you post the WSDL?

How to access SOAP web service with authentication, HTTP basic Authentication

Dear All
i use Flash Builder 4.5, flex 4..1, i am developing a flex client to soap webservices hosted over Glassfish 2 Java server, the web services is protected by HTTP Basic Authentication, everythime i run my code , the prombt for username and password show up, i need to pass user name and password through action script, i followed the flollowing (but was for http web service, not soap) but really did not work.
http://stackoverflow.com/questions/490806/http-basic-authentication-wi th-httpservice-objects-in-adobe-flex-air
http://forums.adobe.com/message/4262868
private function authAndSend(service:HTTPService):void
        var encoder:Base64Encoder = new Base64Encoder();
        encoder.insertNewLines = false; // see below for why you need to do this
        encoder.encode("someusername:somepassword");
        service.headers = {Authorization:"Basic " +encoder.toString()};
        service.send();
Also i noticed in debug mode, always that WARNNING raised up
Warning: Ignoring 'secure' attribute in policy file from http://fpdownload.adobe.com/pub/swz/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.
any idea ?

Hello,
I don't know if this could help.
Another way to connect to a web service by SOAP and WSDL is to click on the Data/Services panel, then click on "Connect to Data/Services" and then select the "Web Service" (WSDL) icon. This could help as well.

Web Service Call with Basic Authentication does not work

If I try to use Basic Authentication in my Web Service Client with the automatically created methods
setUsername(inUserName)
setPassword(inPassword)
setAddress(inAddress)
the application does not make a call. Did I forget something?
Is it possible to use "Test Method" with Basic Authentication?
Thank you.

Thank you for your answer.
But: I already read this article. And it doesn't help me.
I use the following code:
            getMyServiceClient1().setUsername(inUserName);
            getMyServiceClient1().setPassword(inPassword);With this code I always get a java.lang.NullPointerException.
The methods setUsername and setPassword are definded as follows:
public void setUsername(String inUserName) {
        myStub._setProperty(Stub.USERNAME_PROPERTY, inUserName);
public void setPassword(String inPassword) {
        myStub._setProperty(Stub.PASSWORD_PROPERTY, inPassword);
}But if I look at the methods which are generated automatically by Sun Java Studio Creator I cannot find _setProperty.
I also found this thread in your forum:
http://swforum.sun.com/jive/thread.jspa?forumID=123&threadID=54773

Invoking an external web service through a JCD with Basic Authentication

Group,
I am trying to invoke an external web service (written in ASP.Net) from a jcd (5.1.2). The web service is guarded by Basic Authentication. I have entered the crudentials into the External Web service environment component and deployed the project. I receive the following error from the .invoke() method:
request requires HTTP authentication: Unauthorized
I have tried the same request through SoapUI using the same crudentials and get back the response correctly. Has anyone tried invoking an external web service with basic authentication through a jcd in 5.1.2 before?
One other item of note. I have another jcd calling a different external web service deployed on the same domain. I hope that this isn't interfering with the execution of this service as it doesn't require any crudentials to execute.

Hey Chris.
I am just starting to write a jcd that calls an external web service but cannot find any sample code nor instructions on how to do it in the supplied documentation. Could you send me a code sample from your one?
Cheers
Matt

How to call a web service from BPEL that requires HTTP basic authentication

Hi All,
I need to calling some Web Services from BPEL (SOA 10.1.3.1 production running on XP machine). The services require HTTP basic authentication.
I have tried adding httpUsername and httpPassword properties to the ParnterLink, and I see in BPEL Console that they are deployed by checking the descriptor page. But I still get a SOAP fault, HTTP 401: Unathenticated.
I have also tried using basicHeaders (from memory) = credentials, httpBasicUsername, and httpBasicPassword. Same result.
I have done a packet trace using Ethereal, and the headers do not seem to contain the userid and password at all.
Can anyone help?
Thanks,
Mark Nelson

Thanks Bas,
I have resolved the issue. The provider of the Web Service had not configured if for Basic Authentication. For some reason it worked when they tested, or maybe the did not test. The only thing I had to change was to use:
<property name="basicHeaders">credentials</property>
<property name="basicUsername">WMDATA</property>
<property name="basicPassword">WMDATA</property>
Instead of:
<property name="httpUsername">WMDATA</property>
<property name="httpPassword">WMDATA</property>
I don’t know why this is, maybe because it is an Axis Web Service.
Sorry for wasting your time.
Regards Pete

Securing Web Applications by HTTP Basic Authentication

We are working on providing security for web applications in Webdynpro.We downloaded the material from net regarding this.In that it was mentioned to open the webdynpro project's web.xml file in the Netweaver Developer Studio.In the material,we are asked to click the General TAb and check "Login Configuration".But there is no such checkbox in our general tab screen.Also many tabs are missing like Context,Resources,mapping,Environment,EJB's,Web objects.How to enable/display these tabs?Is there any means of setting properties in the server to get these tabs?
regards,
J.Iswaryal
K.Brinda

Hi J.Iswaryal,
I guess two things based on your post.
1. You have created one wer service and you want to make secure this web service using HTTP basic authentication.
2. You have such wweb service and you want to consume this web service lets say in webdynpro application.
For, point one,
After creating web service goto webservice perspective in NWDS. there, choose your web service project.
Now, open Web service configuration file recided in your project.
Here, go under config1-> security and double click on it.
It will display security options for this web service.
Choose transport protocol as HTTP, Authentication mechanism as HTTP authentication and choose Basic radio button.
Now, save this, rebuild this and deploy on server.
For point 2,
Make model for your web service.
before calling your web service, set your username and password in code as shown below.
wdContext.current<web service model node>element().modelobject()._setusername(<username>);
wdContext.current<web service model node>element().modelobject()._setPassword(<password>);
Rehards,
Bhavik

Ignoring Http basic authentication header in wls 7.0.sp2 web service servlet (weblogic.webservice.server.servlet.WebServiceServlet)

Hi!
We need to implement authentication using our own methods, and the authentication
information is provided to the web service implementation in a basic authentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles web services
in
wls 7.0.sp2, always attempts to perform authentication, if the header is present.
Is there any way to circumvent this, because we want to implement authentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for our own
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet, which
would
remove the basic authentication header, and put the authentication info in custom
headers, such as x-auth: <user:password>, or smthng similar, and after successful
authentication, make a call to bea's servlet weblogic.webservice.server.servlet.WebServiceServlet.
But still, I'd like to know if there is any way to tell bea's servlet to ignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Currently there is no option to turn off security check.
I think you can use a servlet filter mapped to the URL
of your service, instead of a proxy servlet?
Regards,
-manoj
http://manojc.com
"Toni Nykanen" <[email protected]> wrote in message
news:3ef1577b$[email protected]..
>
Hi!
We need to implement authentication using our own methods, and theauthentication
information is provided to the web service implementation in a basicauthentication
header. The problem is, that the servlet
weblogic.webservice.server.servlet.WebServiceServlet, which handles webservices
in
wls 7.0.sp2, always attempts to perform authentication, if the header ispresent.
Is there any way to circumvent this, because we want to implementauthentication
on our own?
I already know two workarounds:
The best would of course be to implement a custom security realm for ourown
authentication system. This is not an option, implementing an own security
realm is overkill for this specific web service.
The other way would be to route the requests by way of a custom servlet,which
would
remove the basic authentication header, and put the authentication info incustom
headers, such as x-auth: <user:password>, or smthng similar, and aftersuccessful
authentication, make a call to bea's servletweblogic.webservice.server.servlet.WebServiceServlet.
>
But still, I'd like to know if there is any way to tell bea's servlet toignore
the basic
authentication header?
Oh yeah, by the way, this is URGENT, as always. (really!! ;)
Toni Nykanen

Calling web service with basic authentication from EP "unauthorized"

Hello,
I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
Problem in server response: [Unauthorized].
I'm using the following code for calling the .NET web service:
...Licence_GetList lParameter = new Licence_GetList();
lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);...
I've also configured a http system in the portal system landscape using the following parameters:
Authentication Method : Basic Authentication
Authentication Type : Server
User Mapping Type : admin,user
The user mapping is also personalized for this system!
What's wrong? Please help! This is really urgent!
Kind Regards
Joerg Loechner

Hello Renjith,
here is a small cutout of my "portapp.xml";
<services>
<service alias="LicenceManager" name="LicenceManager">
 <service-config>
 <property name="className" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager"/>
 <property name="startup" value="false"/>
 <property name="WebEnable" value="false"/>
 <property name="WebProxy" value="true"/>
 <property name="SecurityZone" value="de.camelotidpro.
 pct.xi.scm.webservice.LicenceManager/
 DefaultSecurity"/>
 </service-config>
 <service-profile>
 <property name="SystemAlias" value="LicMan_NET"/
 </service-profile>
</service>
</services>
I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
Regards
Joerg Loechner

Consuming a Web Service via SSL with Basic Authentication

Hello,
I have a simple web service (returns a parameter value) and want to consume it. Therefore I have generated a proxy for its in Netweaver Studio SP13.
When I set up the web service to be accessed via HTTP and Basic Authentication (Username/Password), everything is fine. When I set up the web service to communicate via HTTPS, I get the following error message in my client:
java.rmi.RemoteException: Service call exception; nested exception is:
 java.lang.NullPointerException
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:87)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:96)
 at priv.se.wsclient.MultiSecSSL.main(MultiSecSSL.java:38)
Caused by: java.lang.NullPointerException
 at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.disconnect(HTTPSocket.java:625)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.closeSession(HTTPTransport.java:396)
 at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1312)
 at priv.senw04.wsproxy.multisec_ssl.SSLBindingStub.pingText(SSLBindingStub.java:80)
 ... 2 more
Testing the web service with WebServiceNavigator and/or by using a generated WebDynpro Client results in the following error:
000D604C66BE004E0000001300000AFC00040922E0160632 : An error occurred during processing the timestamp. The error was: com.sap.security.core.ws.wss.NoSecurityHeaderException No wsse:Security header has been defined for role soap:finalActor. Please verify the policy configuration..
But my main focus is on the client implementation based on a proxy. Here comes the client's code:
public class MultiSecSSL {
 public static void main(String[] args) {
 try {
 MultiSecuritySSLAuthImpl serviceInterface = new MultiSecuritySSLAuthImpl();
 SSLBindingStub service = (SSLBindingStub)serviceInterface.getLogicalPort(MultiSecuritySSLAuthViDocument.class);
 SecurityProtocol protocol = (SecurityProtocol) service._getGlobalProtocols().getProtocol("SecurityProtocol");
 AuthenticationContext auth = protocol.getAuthenticationContext();
 auth.setIgnoreSSLServerCertificate(true);
 auth.setUsername("cfpcompany");
 auth.setPassword("demo");
 String ret = service.pingText("Called service MultiSecurity via SSL");
 System.out.println(ret);
 } catch (Exception e) {
 e.printStackTrace(System.out);
Here comes the logical port information of the generated proxy:
<?xml version="1.0" encoding="UTF-8"?>
<LogicalPorts Name='MultiSecuritySSLAuth' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuth'>
<LogicalPort Name='SSLPort_Document' Endpoint='https://192.168.129.76:50001/MultiSecuritySSLAuth/SSL?style=document' BindingName='SSLBinding' BindingUri='urn:MultiSecuritySSLAuthWsd/SSL/document' BindingImplementation='SOAP 1.1 HTTP Binding with Attachments' StubName='priv.senw04.wsproxy.multisec_ssl.SSLBindingStub' Default='true' InterfaceName='priv.senw04.wsproxy.multisec_ssl.MultiSecuritySSLAuthViDocument' Original='true' Valid='true'>
 <globalFeatures>
 <Feature Name='http://www.sap.com/webas/630/soap/features/headers/' Provider='SoapHeadersProtocol' Original='false'>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/session/' Provider='SessionProtocol' Original='false'>
 <Property Name='SessionMethod' Value='httpCookies'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/authentication' Provider='SecurityProtocol' Original='true'>
 <Property Name='AuthenticationLevel' Value='None'>
 </Property>
 <Property Name='AuthenticationMechanism' Value='HTTP'>
 </Property>
 <Property Name='AuthenticationMethod' Value='BasicAuth'>
 </Property>
 <Property Name='SupportsSSO2Authentication' Value='false'>
 </Property>
 </Feature>
 <Feature Name='http://www.sap.com/webas/630/soap/features/transportguarantee' Original='true'>
 <Property Name='Level' Value='No'>
 </Property>
 <Property Name='TLSType' Value='SSL'>
 </Property>
 </Feature>
 </globalFeatures>
 <localFeatures>
 <Operation Name='pingText'>
 <Feature Name='http://www.sap.com/webas/630/soap/features/wss' Original='true'>
 <Property Name='RequestPolicy' Value='Signature'>
 </Property>
 <Property Name='ResponsePolicy' Value='None'>
 </Property>
 </Feature>
 <Feature Name='http://sap.com/webservices/authorization' Original='true'>
 </Feature>
 </Operation>
 </localFeatures>
</LogicalPort>
</LogicalPorts>
To me, this looks consistent. Any idea, what is misconfigured on my machine ?

Hi Martin,
that is exactly, what I did.
- Change Web Service Configuration in IDE
- Build and Deploy the Service to my local Server
- Check Service in Visual Administrator
- Deleted and Regenerated the Standalone Proxy
- Deleted and Recreated the link between CLient and Proxy Project in IDE
- Started Client
Here comes the section of the ws-deployment-descriptor.xml of the service. For me, it matches, what the proxy generated.
<webservice>
 <guid>ed8363_10876a54b6d__7fe9_192_168_129_76_1135862193037</guid>
 <ejb-name-temp>MultiSecWSBean</ejb-name-temp>
 <webservice-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuth</localName>
 </webservice-name>
 <webservice-internal-name>MultiSecuritySSLAuth</webservice-internal-name>
 <standard-namespaceURI>urn:MultiSecuritySSLAuthWsd</standard-namespaceURI>
 <ws-configuration>
 <configuration-name>SSL</configuration-name>
 <ejb-name>MultiSecWSBean</ejb-name>
 <service-endpoint-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLPort</localName>
 </service-endpoint-name>
 <wsdl-porttype-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>MultiSecuritySSLAuthVi</localName>
 </wsdl-porttype-name>
 <webservice-definition-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthWsd.wsdef</name>
 </webservice-definition-ref>
 <service-endpoint-vi-ref>
 <package>com.technidata.cfp.i3rdparty.cfpxml</package>
 <name>MultiSecuritySSLAuthVi.videf</name>
 </service-endpoint-vi-ref>
 <transport-binding name="SOAPHTTP_TransportBinding">
 <wsdl-binding-name>
 <namespaceURI>urn:MultiSecuritySSLAuthWsd</namespaceURI>
 <localName>SSLBinding</localName>
 </wsdl-binding-name>
 </transport-binding>
 <transport-address>/MultiSecuritySSLAuth/SSL</transport-address>
 <global-features>
 <feature name="http://www.sap.com/webas/630/soap/features/transportguarantee" protocol="SecurityProtocol">
 <property name="TLSType" value="SSL"/>
 </feature>
 <feature name="http://www.sap.com/webas/630/soap/features/authorization" protocol="SecurityProtocol"/>
 <feature name="http://www.sap.com/webas/630/soap/features/authentication" protocol="SecurityProtocol">
 <property name="AuthenticationMethod" value="BasicAuth"/>
 <property name="AuthenticationMechanism" value="HTTP"/>
 <property name="SupportsSSO2Authentication" value="false"/>
 </feature>
 </global-features>
 <operation-configuration uniqueViName="pingText(java.lang.String)">
 <transport-binding-configuration>
 <input>
 <property name="soapAction" value=""/>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </input>
 <output>
 <property name="encodingStyle" value="http://schemas.xmlsoap.org/soap/encoding/"/>
 </output>
 </transport-binding-configuration>
 <feature name="http://www.sap.com/webas/630/soap/features/wss" protocol="SecurityProtocol">
 <property name="RequestPolicy" value="None"/>
 <property name="ResponsePolicy" value="None"/>
 </feature>
 <feature name="http://sap.com/webservices/authorization" protocol="SecurityProtocol">
 <property name="security-roles">
 <property name="role1" value="use_multisec_service"/>
 </property>
 </feature>
 </operation-configuration>
 </ws-configuration>
</webservice>
Regards,
Stefan

BASIC authentication and web client problems

I have a very simple web service that is working. Now before attempting to use
SSL, I want to test authenticating using BASIC authentication. I’ve made the
changes to web.xml and even though the other web service pages authenticate ok
(ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
Has anyone completed this and if so, how does it work? I must have missed something
simple.
First, I setup the security constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>file-exchange-resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<description>An administrators</description>
<role-name>Administrators</role-name>
</security-role>
That allows me to secure / authenticate to the JSPs in the web service test app
provided. Then I tried working with the admin server console to setup roles /
privileges. I couldn’t get this to work but I easily could have done something
wrong since there are no step by step examples other than the general docs in
the programming guide.
Next, since the web service deploys as a web application, I figured the problem
must be that the internal WLS servlet needs security information defined in web.xml.
I saw the programming guide listed the servlet name and discussed servlet mapping
so I added the normal security entries for a servlet as follows and re-jarred
the WAR and EAR.
<servlet>
<servlet-name>WebServiceServlet</servlet-name>
<servlet-class>
weblogic.webservice.server.servlet.WebServiceServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServiceServlet</servlet-name>
<url-pattern>/FileExchangeFacade/*</url-pattern>
<security-role-ref>
<role-name>Administrators</role-name>
<role-link>Administrators</role-link>
</security-role-ref>
</servlet-mapping>
It still doesn’t work. Any idea on how to get it to authenticate?
Thanks,
Dave

Ok, this looks like an issue with the test page.
When the test page gets a request to invoke a
web service, it creates a client proxy and call invoke
on the proxy. This will case the client proxy to
create a new HTTP post connection to the server.
Test page pulls out the username/passwd from the
GET request from the browser and pass it to the
POST request it makes to the web service. I think,
the test page needs to do the same for realm. I will
file a CR for this (CR105320).
Please contact support with the case number if you
need a patch for this.
http://manojc.com
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
One more thing.
I took out explicit realm mapping and noticed that the firstauthentication
challenge was for the WebLogic standard realm which was fine and
authentication was successful. (i.e. I got to the web service "homepage").
Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
When I stepped into the web service method and pressed the Invoke buttonon
the web service methods the realm was "default" and authenticationfailed.
Why does the domain change and how do I cover this?Is was actually listed as "Default".
However this is the same domain I believe because I've done a further
experiment and set the domains explicitely
in the deployment WAR deployment (Other tab) and in the web.xml file. The
second challange is then asking for re-authentication in the correctdomain
(myrealm) but it does not accept the valid user/password and just re
challenges until 3 attempts then it displays the SOAP message and theserver
log file has the following exception:
java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
'http://localhost:7001/webservice/TraderService?WSDL'
at
weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
2)
at java.net.URL.openStream(URL.java:793)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:73)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
108)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
84)
at
weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
ava:230)
at
weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
iceServlet.java:306)
at
weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
8)
at
weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
at
weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
.java:224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5412)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3086)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

Basic authentication when calling a web service

I am attempting to call a web service using ActionScript. The
web service provider requires that I use HTTP Basic Authentication
to communicate my SOAP requests. I cannot seem to get this done in
ActionScript. If I instantiate a WebService object and call its
SetCredentials method, I get an error "Authentication not supported
on DirectHTTPChannel (no proxy)". I have the WebService object's
useProxy property set to true. HELP!

I know this is five years later on this forum but there's no solution here or on any other forum. So after two day's of hammering this out I was able to produce a workable solution. Create a new user account for testing.
Wu_Xiao's explanation of the issue was dead on. The WebService does a GET then a POST and for the GET we are unable to supply the Authorization in the header and this is why we get the popup. The POST has the Authorization but it already to late.
Take these actions
1 Create a new user on the machine with the web services. Start with a simple name and password (text only) I had issues with different users. Start clean and simple.
2 Copy your web services a second usable service. You'll see in my example below i have Ive copied ServicesSECURE/Services1.asmx?WSDL to ServicesDEFINITION/Services1.asmx?WSDL
3 Remove all of the code inside of your services making the new set of service like a definition service. Make sure all of the inputs and outputs are the same. ServicesDEFINITION will have no coding and empty returns.
Example
[WebMethod]
        public String CountUsers(string group)
            return "";
4 Implement the code below. Call the init() right away to instantiate the web service and wait until it loads to use any of the services. I use a button event to test.
private var testws:WebService = new WebService;
private function init():void
testws.wsdl="http://test.com/ServicesDEFINITION/Services1.asmx?WSDL";
var encoder:Base64Encoder= new Base64Encoder();
encoder.insertNewLines = false; // see below for why you need to do this
encoder.encode("USERNAME:PASSWORD");
testws.httpHeaders = {Authorization:" Basic " + encoder.toString()};
testws.loadWSDL();
testws.addEventListener("load", wsdlLoadHandler);
protected function test_clickHandler(event:MouseEvent):void
testws["CountUsers"].addEventListener(mx.rpc.events.FaultEvent.FAULT,testFaultHandler);
testws["CountUsers"].addEventListener(mx.rpc.events.ResultEvent.RESULT,testResultHandler) ;
testws.endpointURI="http://test.com/ServicesSECURE/Services1.asmx?WSDL";
testws.getOperation("CountUsers").send("Test");
protected function wsdlLoadHandler (event:LoadEvent) : void
//the service has to load before using the getOperation function
//you could try using mx.core.UIComponent.callLater from
//this listener and call the gettestws.getOperation("Co....
So you'll see that the ServicesDEFINITION (GET) is called and grabs the definition of the Service1 service but this unsecured services is useless because we've removed all of the code. After the definition GET is called we can change the end point using endpointURI and perform the POST against our secure ServicesSECURE.

Basic Authentication SSO, Web proxy, Rewriter issue

I have iPS 3.0 SP4.
I have configured the Gateway to do single signon for HTTP Basic Authentication. My external application also requires a web proxy to connect, so I added the proxy to the "DNS Domain and Subdomains" list. My "Rewrite all URLs Enabled" is not checked.
I added a link to the external application in the Bookmark channel. When I click on the link, a new browser window is launched, SSO happened (verified from iwtGateway log), but the contents kept going back to the Portal Desktop instead of the external aplication.
I found out that the external application is using the URL location information of the browser to extract the protocol, host and port info to construct the target page using JavaScript. By the Gateway rewriting the URL, the JavaScript is incorrectly using the Gateway host and port, instead of the application host and port.
How do I setup the Gateway to do Basic Auth SSO, use a web proxy to fetch the content, but do NOT do URL rewriting? Our users have access to the application directly, so we do not need to run the app behind the Gateway. But I need to use the Gateway to to the SSO. Also, since the "DNS Domain and Subdomains" list is used for both proxy definition and rewriting, how do I make them mutually exclusive - i.e. want to use web proxy but do not want rewriting?
Can you also suggest other ways of doing Basic Authentication SSO without using the Gateway? I have seen some discussions on using the Authenticator class and a separate Servlet. Please post me an example.
Thanks.

Yes, I have already tried the option you suggested. I had previously created a JSP channel that has a link invoking my servlet. This servlet, reads the user profile from an external LDAP and sends the Authorization header on a URLConnection object, just like you described it.
However, I cannot just simply render the returned content on the InputStream of the URLConnection. The browser/client is actually connected to the servlet - so presenting the images and links directly will be relative to the servlet machine, not the external app. So the images and links do not work.
If I do a request.sendRedirect(...), the external application will ask for the auth header again. The browser has not captured the auth header that was sent earlier by the servlet.
How do you tell the browser to keep the auth header for all subsequent request? Is the Gateway SSO approach telling the browser to keep sending the auth header, or is the Gateway programmatically adding the auth header for each request?

Basic Authentication for Web Services

I have build Web Service according to the weblogic 6.1 examples
successfully deploying the .ear file etc.
Now I want to add security to the WebService uri.
I have added a <web-resource-collection> tag to the web.xml file, but
what should I put for the <url-pattern> ?
Am I obliged to 'manually' add <servlet> tags to the web.xml file in
order to add a security constraint to a WebService deployed thru a
.ear ?
Taking WebLogic's own statelessSession.Weather example, what is the
minimum I need to add to the web.xml file to have basic authentication
on the weatheruri ?
Thanks,
Adam

Ok, now I'm confused. Is this a Flex app (runs in the browser) or an AIR app? This makes a difference because in the browser, Flash Player/Flex uses the browser's http mechanism for transport, while AIR implements it directly. The original posted indicated some difference between Firefox and IE, which led me to believe it was a Flex browser app. Difference between these two would make me think something was wrong with the server response, and the two browsers were passing it (the problem) back to Flash Player differently.
Mark

Web srevicesHTTP Basic Authentication in Creator2

Similar Messages

Maybe you are looking for