Re: basic authentication
Thanks Guy
I think i'll stick to creating my own headers within the soap envelope - I'm
still new to webservices/axis i don't really understand the wss4j
Thanks for your help
From: Guy Rixon <[EMAIL PROTECTED]>
Reply-To: axis-user@ws.apache.org
To: axis-user@ws.apache.org
Subject: Re: basic authentication
Date: Fri, 26 Aug 2005 15:49:52 +0100 (BST)
Hi,
all my code is for the digital-signature mode of WSS4J. But the project's
own
site has some deployment examples for UsernameToken. See
http://ws.apache.org/wss4j/
and
http://ws.apache.org/wss4j/axis.html
Cheers,
Guy
On Fri, 26 Aug 2005, Plorks mail wrote:
>
>
> Hi Guy
>
> Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J
> example ?
>
> Thanks for your help
>
>
>
>
>
>
> >From: Guy Rixon <[EMAIL PROTECTED]>
> >Reply-To: axis-user@ws.apache.org
> >To: axis-user@ws.apache.org
> >Subject: Re: basic authentication
> >Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST)
> >
> >If you are able to change the WSDL contract, then you can indeed
include
> >the
> >username and password in the SOAP body. Just put them in a message
part,
> >like
> >any other parameter.
> >
> >If you want to put username and password in the SOAP header, then you
can
> >use
> >the UsernameToken mode of WSS4J to be compatible with the WS-Security
> >standard; or you can invent your own header if you don't have to be
> >standard
> >or interoperable. Using WSS4J is probably better.
> >
> >On Fri, 26 Aug 2005, Plorks mail wrote:
> >
> > > hi all
> > >
> > > i'm currntly getting username and password using basic
authentication in
> >my
> > > web service.
> > >
> > > we are using a product that doesn't support basic authentaication in
the
> > > http header, so now i have to re-write my web service. Can anyone
> >suggest
> > > an alternative way to do this?
> > >
> > > Can i set the username and password in the SOAP Envelope/body?
> > >
> > > Thsi is the code i'm curently using
> > > String headerAuth =
> > > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
> > >
> > > if (headerAuth != null)
> > > {
> > >headerAuth = headerAuth.trim();
> > > }
> > >
> > > if (headerAuth != null && headerAuth.startsWith("Basic "))
> > > {
> > > int i;
> > >
> > > headerAuth = new String(Base64.decode(headerAuth.substring(6)));
> > >
> > > String [] userNamePassword = headerAuth.split(":");
> > >
> > > userName = userNamePassword[0];
> > > password = userNamePassword[1];
> > > }
> > >
> > > thanks for any help
> > >
> > > _
> > > Express yourself instantly with MSN Messenger! Download today - it's
> >FREE!
> > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> >
> >Guy Rixon [EMAIL PROTECTED]
> >Institute of Astronomy Tel: +44-1223-337542
> >Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
>
> _
> Winks & nudges are here - download MSN Messenger 7.0 today!
> http://messenger.msn.co.uk
>
Guy Rixon [EMAIL PROTECTED]
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
_
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
Re: basic authentication
Hi,
all my code is for the digital-signature mode of WSS4J. But the project's own
site has some deployment examples for UsernameToken. See
http://ws.apache.org/wss4j/
and
http://ws.apache.org/wss4j/axis.html
Cheers,
Guy
On Fri, 26 Aug 2005, Plorks mail wrote:
>
>
> Hi Guy
>
> Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J
> example ?
>
> Thanks for your help
>
>
>
>
>
>
> >From: Guy Rixon <[EMAIL PROTECTED]>
> >Reply-To: axis-user@ws.apache.org
> >To: axis-user@ws.apache.org
> >Subject: Re: basic authentication
> >Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST)
> >
> >If you are able to change the WSDL contract, then you can indeed include
> >the
> >username and password in the SOAP body. Just put them in a message part,
> >like
> >any other parameter.
> >
> >If you want to put username and password in the SOAP header, then you can
> >use
> >the UsernameToken mode of WSS4J to be compatible with the WS-Security
> >standard; or you can invent your own header if you don't have to be
> >standard
> >or interoperable. Using WSS4J is probably better.
> >
> >On Fri, 26 Aug 2005, Plorks mail wrote:
> >
> > > hi all
> > >
> > > i'm currntly getting username and password using basic authentication in
> >my
> > > web service.
> > >
> > > we are using a product that doesn't support basic authentaication in the
> > > http header, so now i have to re-write my web service. Can anyone
> >suggest
> > > an alternative way to do this?
> > >
> > > Can i set the username and password in the SOAP Envelope/body?
> > >
> > > Thsi is the code i'm curently using
> > > String headerAuth =
> > > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
> > >
> > > if (headerAuth != null)
> > > {
> > >headerAuth = headerAuth.trim();
> > > }
> > >
> > > if (headerAuth != null && headerAuth.startsWith("Basic "))
> > > {
> > > int i;
> > >
> > > headerAuth = new String(Base64.decode(headerAuth.substring(6)));
> > >
> > > String [] userNamePassword = headerAuth.split(":");
> > >
> > > userName = userNamePassword[0];
> > > password = userNamePassword[1];
> > > }
> > >
> > > thanks for any help
> > >
> > > _
> > > Express yourself instantly with MSN Messenger! Download today - it's
> >FREE!
> > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> >
> >Guy Rixon[EMAIL PROTECTED]
> >Institute of Astronomy Tel: +44-1223-337542
> >Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
>
> _
> Winks & nudges are here - download MSN Messenger 7.0 today!
> http://messenger.msn.co.uk
>
Guy Rixon [EMAIL PROTECTED]
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
Re: basic authentication
Hi Guy
Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J
example ?
Thanks for your help
From: Guy Rixon <[EMAIL PROTECTED]>
Reply-To: axis-user@ws.apache.org
To: axis-user@ws.apache.org
Subject: Re: basic authentication
Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST)
If you are able to change the WSDL contract, then you can indeed include
the
username and password in the SOAP body. Just put them in a message part,
like
any other parameter.
If you want to put username and password in the SOAP header, then you can
use
the UsernameToken mode of WSS4J to be compatible with the WS-Security
standard; or you can invent your own header if you don't have to be
standard
or interoperable. Using WSS4J is probably better.
On Fri, 26 Aug 2005, Plorks mail wrote:
> hi all
>
> i'm currntly getting username and password using basic authentication in
my
> web service.
>
> we are using a product that doesn't support basic authentaication in the
> http header, so now i have to re-write my web service. Can anyone
suggest
> an alternative way to do this?
>
> Can i set the username and password in the SOAP Envelope/body?
>
> Thsi is the code i'm curently using
> String headerAuth =
> (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
>
> if (headerAuth != null)
> {
>headerAuth = headerAuth.trim();
> }
>
> if (headerAuth != null && headerAuth.startsWith("Basic "))
> {
> int i;
>
> headerAuth = new String(Base64.decode(headerAuth.substring(6)));
>
> String [] userNamePassword = headerAuth.split(":");
>
> userName = userNamePassword[0];
> password = userNamePassword[1];
> }
>
> thanks for any help
>
> _
> Express yourself instantly with MSN Messenger! Download today - it's
FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
Guy Rixon [EMAIL PROTECTED]
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
_
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk
Re: basic authentication
If you are able to change the WSDL contract, then you can indeed include the
username and password in the SOAP body. Just put them in a message part, like
any other parameter.
If you want to put username and password in the SOAP header, then you can use
the UsernameToken mode of WSS4J to be compatible with the WS-Security
standard; or you can invent your own header if you don't have to be standard
or interoperable. Using WSS4J is probably better.
On Fri, 26 Aug 2005, Plorks mail wrote:
> hi all
>
> i'm currntly getting username and password using basic authentication in my
> web service.
>
> we are using a product that doesn't support basic authentaication in the
> http header, so now i have to re-write my web service. Can anyone suggest
> an alternative way to do this?
>
> Can i set the username and password in the SOAP Envelope/body?
>
> Thsi is the code i'm curently using
> String headerAuth =
> (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
>
> if (headerAuth != null)
> {
>headerAuth = headerAuth.trim();
> }
>
> if (headerAuth != null && headerAuth.startsWith("Basic "))
> {
> int i;
>
> headerAuth = new String(Base64.decode(headerAuth.substring(6)));
>
> String [] userNamePassword = headerAuth.split(":");
>
> userName = userNamePassword[0];
> password = userNamePassword[1];
> }
>
> thanks for any help
>
> _
> Express yourself instantly with MSN Messenger! Download today - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
Guy Rixon [EMAIL PROTECTED]
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
RE: basic authentication
Use the url as follows "http://username:[EMAIL PROTECTED]" -Original Message- From: Plorks mail [mailto:[EMAIL PROTECTED] Sent: Monday, May 23, 2005 2:07 PM To: axis-user@ws.apache.org Subject: basic authentication Dear all, I'm trying to access an external web service that requires me to pass a valid username and password. I have some documentation but i'm clear how i do this It says "customers will be authenticated through use of HTTP headers. Authenticaton is performed using standard HTTP basic authentication. Every message must have the HTTP authentication header correctly set with customer's id and password..." I'm not sure how i do this if i call an external function e.g. doSomething, how do i pass the credentials through? Any help much appreciated _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk
Re: Basic Authentication
I guess,
maybe you can try to set "username" in wsdd file like
and set "passwd" in users.lst file
致
礼!
? huagang
{/-◎◎-\} [EMAIL PROTECTED]
( (oo) ) 2005-05-26
?
62125151-6226
才智,德之资也;德者,才之师也
=== 2005-05-25 05:18:00 您在来信中写道:===
>Hi,
>
> I'm trying to access Microsoft sharepoint webservice from an axis
>client. I need to authenticate using Basic /NTLM authentication. I'm
>trying to set username and password
>call.setUsername("username");
>call.setPassword("passwd");
>
>I also tried -
>call.setProperty("USERNAME_PROPERTY", "username");
>call.setProperty("PASSWORD_PROPERTY", "password");
>
>I still get 401 error Please help me how to deal with this. I have also
>attached the code and error below.
>
>Thanks.
>Jyothi
>
>
>
>--
>log4j:WARN No appenders could be found for logger
>(org.apache.axis.i18n.ProjectResourceBundle)
>log4j:WARN Please initialize the log4j system properly.
>AxisFault
> faultCode: {http://xml.apache.org/axis/}HTTP
> faultSubcode:
> faultString: (401)Unauthorized
> faultActor:
> faultNode:
> faultDetail:
>{}:return code: 401
>401 Unauthorized
>{http://xml.apache.org/axis/}HttpErrorCode:401
>
>(401)Unauthorized
>at
>org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java
>:732)
>at
>org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:143)
>at
>org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j
>ava:32)
>at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
>at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>at org.apache.axis.client.Call.invoke(Call.java:2748)
>at org.apache.axis.client.Call.invoke(Call.java:2424)
>at org.apache.axis.client.Call.invoke(Call.java:2347)
>at org.apache.axis.client.Call.invoke(Call.java:1804)
>at SoapWsdlClient.(SoapWsdlClient.java:23)
>at SoapWsdlClient.main(SoapWsdlClient.java:36)
>Press any key to continue . . .
>
>
>
>
>--
>
>
>
>import java.net.*;
>import org.apache.axis.client.*;
>import javax.xml.namespace.*;
>
>
>public class SoapWsdlClient
>{
>public SoapWsdlClient()
>{
>try
>{
>
>
>String endPointAddress =
>"http:///_vti_bin/search.asmx";
>Service service = new Service();
>Call call = ( Call )service.createCall();
>call.setTargetEndpointAddress( endPointAddress );
>call.setUsername("username");
>call.setPassword("passwd");
>
>call.setSOAPActionURI("urn:Microsoft.Search/Query");
>call.setOperationName( new
>QName("urn:Microsoft.Search.Query", "Query") );
>String returned = ( String) call.invoke( new Object[] { "
>xmlns=\"urn:Microsoft.Search.Query\" Revision=\"1000\">domain=\"QDomain\">urn:Microsoft.Search.Respon
>se.Document.Documentlanguage=\"en-US\" type=\"STRING\">cannot
>print1500
>" } );
>System.out.println( "Soap returned: " + returned );
>
>
>}
>catch (Exception e)
>{
>e.printStackTrace();
>}
>}
>
>public static void main(String[] args)
>{
>SoapWsdlClient SoapWsdlClient = new SoapWsdlClient();
>}
>}
>
>
>-
>Jyothishree Honnavalli
>RightAnswers, LLC
>67 Walnut Avenue
>Suite 210
>Clark, NJ 07066
>Ph: 732-396-9010 Ext. 167
>Fax 732-396-9011
>
>-
>
>
>
>
>AEROSPACE?INFORMATION?CO., LTD.
> virus-free and secure email
>
= = = = = = = = = = = = = = = = = = = =
AEROSPACE INFORMATION CO., LTD.
virus-free and secure email
Re: Basic Authentication
Hi guys, Can anyone tells me how to reject a soap message in Axis Handler? Thanks, Yixing Ma
RE: basic authentication
Thank you
From: Harrison Tim <[EMAIL PROTECTED]>
Reply-To: axis-user@ws.apache.org
To: "'axis-user@ws.apache.org'"
Subject: RE: basic authentication
Date: Mon, 23 May 2005 10:37:04 +0100
Hi
It's fairly straightforward, here's both the client and server side code to
a test web service, including the code for setting the HTTP basic
authentication parameters and extracting them at the server side.
They appear in the request as a http header, with the username and password
base64 encoded.
e.g.
"Authorization: Basic base64(username:password)"
The client looks like this :-
public class ClientCallService
{
public MyServiceResponseType callWebService(MyServiceRequestType req)
throws Exception
{
MyServiceLocator os = new MyServiceLocator();
MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub)
os.getMyService();
// Set basic authorization parameters on the HTTP request
// using the account number + "password"
stub.setUsername("username");
stub.setPassword("password");
return (stub.MyFunction(req));
}
}
And on the server side, within the class that handles the Axis service
being
called, to read the HTTP headers, code looks like this :-
String user = null;
String password = null;
String returnStr = null;
// Get the current message context
MessageContext msgContext = MessageContext.getCurrentContext();
// Get the authorization string from the HTTP header
String headerAuth =
(String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
// Trim the string
if (headerAuth != null)
{
headerAuth = headerAuth.trim();
}
// Break it down into the decoded username and password
if (headerAuth != null && headerAuth.startsWith("Basic "))
{
int i;
headerAuth = new String(Base64.decode(headerAuth.substring(6)));
log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]");
i = headerAuth.indexOf( ':' );
if (i == -1)
{
user = headerAuth;
}
else
{
user = headerAuth.substring(0, i);
}
if (i != -1)
{
password = headerAuth.substring(i+1);
if (password != null && password.equals(""))
{
password = null;
}
}
}
If you print out the username and password values, it should be what was
passed in by the client. You can then choose to authenticate against a
database, XML file or whatever.
Remember to use https as Basic Authorization is unsafe without encrypting
the whole session.
Tim
-Original Message-
From: Plorks mail [mailto:[EMAIL PROTECTED]
Sent: 23 May 2005 09:37
To: axis-user@ws.apache.org
Subject: basic authentication
Dear all,
I'm trying to access an external web service that requires me to pass a
valid username and password. I have some documentation but i'm clear how i
do this
It says "customers will be authenticated through use of HTTP headers.
Authenticaton is performed using standard HTTP basic authentication. Every
message must have the HTTP authentication header correctly set with
customer's id and password..."
I'm not sure how i do this
if i call an external function e.g. doSomething, how do i pass the
credentials through?
Any help much appreciated
_
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk+
DISCLAIMER
The information contained in this e-mail is confidential and is intended
for the recipient only.
If you have received it in error, please notify us immediately by reply
e-mail and then delete it from your system. Please do not copy it or
use it for any other purposes, or disclose the content of the e-mail
to any other person or store or copy the information in any medium.
The views contained in this e-mail are those of the author and not
necessarily those of Admenta UK Group.
_
Be the first to hear what's new at MSN - sign up to our free newsletters!
http://www.msn.co.uk/newsletters
RE: basic authentication
Title: RE: basic authentication
Hi
It's fairly straightforward, here's both the client and server side code to a test web service, including the code for setting the HTTP basic authentication parameters and extracting them at the server side.
They appear in the request as a http header, with the username and password base64 encoded.
e.g.
"Authorization: Basic base64(username:password)"
The client looks like this :-
public class ClientCallService
{
public MyServiceResponseType callWebService(MyServiceRequestType req)
throws Exception
{
MyServiceLocator os = new MyServiceLocator();
MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub)
os.getMyService();
// Set basic authorization parameters on the HTTP request
// using the account number + "password"
stub.setUsername("username");
stub.setPassword("password");
return (stub.MyFunction(req));
}
}
And on the server side, within the class that handles the Axis service being called, to read the HTTP headers, code looks like this :-
String user = null;
String password = null;
String returnStr = null;
// Get the current message context
MessageContext msgContext = MessageContext.getCurrentContext();
// Get the authorization string from the HTTP header
String headerAuth = (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);
// Trim the string
if (headerAuth != null)
{
headerAuth = headerAuth.trim();
}
// Break it down into the decoded username and password
if (headerAuth != null && headerAuth.startsWith("Basic "))
{
int i;
headerAuth = new String(Base64.decode(headerAuth.substring(6)));
log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]");
i = headerAuth.indexOf( ':' );
if (i == -1)
{
user = headerAuth;
}
else
{
user = headerAuth.substring(0, i);
}
if (i != -1)
{
password = headerAuth.substring(i+1);
if (password != null && password.equals(""))
{
password = null;
}
}
}
If you print out the username and password values, it should be what was passed in by the client. You can then choose to authenticate against a database, XML file or whatever.
Remember to use https as Basic Authorization is unsafe without encrypting the whole session.
Tim
-Original Message-
From: Plorks mail [mailto:[EMAIL PROTECTED]]
Sent: 23 May 2005 09:37
To: axis-user@ws.apache.org
Subject: basic authentication
Dear all,
I'm trying to access an external web service that requires me to pass a
valid username and password. I have some documentation but i'm clear how i
do this
It says "customers will be authenticated through use of HTTP headers.
Authenticaton is performed using standard HTTP basic authentication. Every
message must have the HTTP authentication header correctly set with
customer's id and password..."
I'm not sure how i do this
if i call an external function e.g. doSomething, how do i pass the
credentials through?
Any help much appreciated
_
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk+
DISCLAIMER
The information contained in this e-mail is confidential and is intended
for the recipient only.
If you have received it in error, please notify us immediately by reply
e-mail and then delete it from your system. Please do not copy it or
use it for any other purposes, or disclose the content of the e-mail
to any other person or store or copy the information in any medium.
The views contained in this e-mail are those of the author and not
necessarily those of Admenta UK Group.
RE: basic authentication
I think i've managed this
call.setUsername("username");
call.setPassword("password");
From: "Plorks mail" <[EMAIL PROTECTED]>
Reply-To: axis-user@ws.apache.org
To: axis-user@ws.apache.org
Subject: basic authentication
Date: Mon, 23 May 2005 08:36:44 +
Dear all,
I'm trying to access an external web service that requires me to pass a
valid username and password. I have some documentation but i'm clear how i
do this
It says "customers will be authenticated through use of HTTP headers.
Authenticaton is performed using standard HTTP basic authentication. Every
message must have the HTTP authentication header correctly set with
customer's id and password..."
I'm not sure how i do this
if i call an external function e.g. doSomething, how do i pass the
credentials through?
Any help much appreciated
_
Winks & nudges are here - download MSN Messenger 7.0 today!
http://messenger.msn.co.uk
_
Be the first to hear what's new at MSN - sign up to our free newsletters!
http://www.msn.co.uk/newsletters
