Title: RE: basic authentication
Hi
It's fairly straightforward, here's both the client and server side code to a test web service, including the code for setting the HTTP basic authentication parameters and extracting them at the server side.
They appear in the request as a http header, with the username and password base64 encoded.
e.g.
"Authorization: Basic base64(username:password)"
The client looks like this :-
public class ClientCallService
{
public MyServiceResponseType callWebService(MyServiceRequestType req)
throws Exception
{
MyServiceLocator os = new MyServiceLocator();
MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub)
os.getMyService();
// Set basic authorization parameters on the HTTP request
// using the account number + "password"
stub.setUsername("username");
stub.setPassword("password");
return (stub.MyFunction(req));
}
}
And on the server side, within the class that handles the Axis service being called, to read the HTTP headers, code looks like this :-
String user = null;
String password = null;
String returnStr = null;
// Get the current message context
MessageContext msgContext = MessageContext.getCurrentContext();
// Get the authorization string from the HTTP header
String headerAuth = (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
// Trim the string
if (headerAuth != null)
{
headerAuth = headerAuth.trim();
}
// Break it down into the decoded username and password
if (headerAuth != null && headerAuth.startsWith("Basic "))
{
int i;
headerAuth = new String(Base64.decode(headerAuth.substring(6)));
log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]");
i = headerAuth.indexOf( ':' );
if (i == -1)
{
user = headerAuth;
}
else
{
user = headerAuth.substring(0, i);
}
if (i != -1)
{
password = headerAuth.substring(i+1);
if (password != null && password.equals(""))
{
password = null;
}
}
}
If you print out the username and password values, it should be what was passed in by the client. You can then choose to authenticate against a database, XML file or whatever.
Remember to use https as Basic Authorization is unsafe without encrypting the whole session.
Tim
-Original Message-
From: Plorks mail [mailto:[EMAIL PROTECTED]]
Sent: 23 May 2005 09:37
To: axis-user@ws.apache.org
Subject: basic authentication
Dear all,
I'm trying to access an external web service that requires me to pass a
valid username and password. I have some documentation but i'm clear how i
do this
It says "customers will be authenticated through use of HTTP headers.
Authenticaton is performed using standard HTTP basic authentication. Every
message must have the HTTP authentication header correctly set with
customer's id and password..."
I'm not sure how i do this
if i call an external function e.g. doSomething, how do i pass the
credentials through?
Any help much appreciated
_
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk+
DISCLAIMER
The information contained in this e-mail is confidential and is intended
for the recipient only.
If you have received it in error, please notify us immediately by reply
e-mail and then delete it from your system. Please do not copy it or
use it for any other purposes, or disclose the content of the e-mail
to any other person or store or copy the information in any medium.
The views contained in this e-mail are those of the author and not
necessarily those of Admenta UK Group.