Menu
I have created a JAX-WS Web Service on top of Glassfish which requires basic HTTP authentication.
Now I want to create a standalone java application client for that Web Service but I don't have a clue of how to pass the username and password.
It works with Eclipse's Web Service explorer, and examining the wire I found this:
POST /SnaProvisioning/SnaProvisioningV1_0 HTTP/1.1 Host: localhost:8080 Content-Type: text/xml; charset=utf-8 Content-Length: 311 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: IBM Web Services Explorer Cache-Control: no-cache Pragma: no-cache SOAPAction: "" Authorization: Basic Z2VybWFuOmdlcm1hbg== Connection: close <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:q0="http://ngin.ericsson.com/sna/types/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <q0:listServiceScripts/> </soapenv:Body> </soapenv:Envelope> How do I pass the username and password in this "Authorization" header using java code? Is it hashed or something like that? What is the algorithm?
Without security involved I have a working standalone java client:
SnaProvisioning myPort = new SnaProvisioning_Service().getSnaProvisioningV10Port(); myPort.listServiceScripts(); 
810
Authentication can be with username/password - with UsernameToken or certificate based. Since you are Java based - you can use the open source WSO2 Application Server to deploy your service and with few clicks you can secure your service.
HTTP basic authentication uses a user name and password to authenticate a service client to a secure endpoint. The basic authentication is encoded in the HTTP request that carries the SOAP message.
The JAX-WS way for basic authentication is
Service s = new Service(); Port port = s.getPort(); BindingProvider prov = (BindingProvider)port; prov.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "myusername"); prov.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "mypassword"); port.call(); It turned out that there's a simple, standard way to achieve what I wanted:
import java.net.Authenticator; import java.net.PasswordAuthentication; Authenticator myAuth = new Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication("german", "german".toCharArray()); } }; Authenticator.setDefault(myAuth); No custom "sun" classes or external dependencies, and no manually encode anything.
I'm aware that BASIC security is not, well, secure, but we are also using HTTPS.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With