Re: basic authentication
Thanks Guy I think i'll stick to creating my own headers within the soap envelope - I'm still new to webservices/axis i don't really understand the wss4j Thanks for your help From: Guy Rixon <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: axis-user@ws.apache.org Subject: Re: basic authentication Date: Fri, 26 Aug 2005 15:49:52 +0100 (BST) Hi, all my code is for the digital-signature mode of WSS4J. But the project's own site has some deployment examples for UsernameToken. See http://ws.apache.org/wss4j/ and http://ws.apache.org/wss4j/axis.html Cheers, Guy On Fri, 26 Aug 2005, Plorks mail wrote: > > > Hi Guy > > Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J > example ? > > Thanks for your help > > > > > > > >From: Guy Rixon <[EMAIL PROTECTED]> > >Reply-To: axis-user@ws.apache.org > >To: axis-user@ws.apache.org > >Subject: Re: basic authentication > >Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST) > > > >If you are able to change the WSDL contract, then you can indeed include > >the > >username and password in the SOAP body. Just put them in a message part, > >like > >any other parameter. > > > >If you want to put username and password in the SOAP header, then you can > >use > >the UsernameToken mode of WSS4J to be compatible with the WS-Security > >standard; or you can invent your own header if you don't have to be > >standard > >or interoperable. Using WSS4J is probably better. > > > >On Fri, 26 Aug 2005, Plorks mail wrote: > > > > > hi all > > > > > > i'm currntly getting username and password using basic authentication in > >my > > > web service. > > > > > > we are using a product that doesn't support basic authentaication in the > > > http header, so now i have to re-write my web service. Can anyone > >suggest > > > an alternative way to do this? > > > > > > Can i set the username and password in the SOAP Envelope/body? > > > > > > Thsi is the code i'm curently using > > > String headerAuth = > > > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); > > > > > > if (headerAuth != null) > > > { > > >headerAuth = headerAuth.trim(); > > > } > > > > > > if (headerAuth != null && headerAuth.startsWith("Basic ")) > > > { > > > int i; > > > > > > headerAuth = new String(Base64.decode(headerAuth.substring(6))); > > > > > > String [] userNamePassword = headerAuth.split(":"); > > > > > > userName = userNamePassword[0]; > > > password = userNamePassword[1]; > > > } > > > > > > thanks for any help > > > > > > _ > > > Express yourself instantly with MSN Messenger! Download today - it's > >FREE! > > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > > > >Guy Rixon [EMAIL PROTECTED] > >Institute of Astronomy Tel: +44-1223-337542 > >Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 > > _ > Winks & nudges are here - download MSN Messenger 7.0 today! > http://messenger.msn.co.uk > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 _ Want to block unwanted pop-ups? Download the free MSN Toolbar now! http://toolbar.msn.co.uk/
Re: basic authentication
Hi, all my code is for the digital-signature mode of WSS4J. But the project's own site has some deployment examples for UsernameToken. See http://ws.apache.org/wss4j/ and http://ws.apache.org/wss4j/axis.html Cheers, Guy On Fri, 26 Aug 2005, Plorks mail wrote: > > > Hi Guy > > Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J > example ? > > Thanks for your help > > > > > > > >From: Guy Rixon <[EMAIL PROTECTED]> > >Reply-To: axis-user@ws.apache.org > >To: axis-user@ws.apache.org > >Subject: Re: basic authentication > >Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST) > > > >If you are able to change the WSDL contract, then you can indeed include > >the > >username and password in the SOAP body. Just put them in a message part, > >like > >any other parameter. > > > >If you want to put username and password in the SOAP header, then you can > >use > >the UsernameToken mode of WSS4J to be compatible with the WS-Security > >standard; or you can invent your own header if you don't have to be > >standard > >or interoperable. Using WSS4J is probably better. > > > >On Fri, 26 Aug 2005, Plorks mail wrote: > > > > > hi all > > > > > > i'm currntly getting username and password using basic authentication in > >my > > > web service. > > > > > > we are using a product that doesn't support basic authentaication in the > > > http header, so now i have to re-write my web service. Can anyone > >suggest > > > an alternative way to do this? > > > > > > Can i set the username and password in the SOAP Envelope/body? > > > > > > Thsi is the code i'm curently using > > > String headerAuth = > > > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); > > > > > > if (headerAuth != null) > > > { > > >headerAuth = headerAuth.trim(); > > > } > > > > > > if (headerAuth != null && headerAuth.startsWith("Basic ")) > > > { > > > int i; > > > > > > headerAuth = new String(Base64.decode(headerAuth.substring(6))); > > > > > > String [] userNamePassword = headerAuth.split(":"); > > > > > > userName = userNamePassword[0]; > > > password = userNamePassword[1]; > > > } > > > > > > thanks for any help > > > > > > _ > > > Express yourself instantly with MSN Messenger! Download today - it's > >FREE! > > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > > > >Guy Rixon[EMAIL PROTECTED] > >Institute of Astronomy Tel: +44-1223-337542 > >Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 > > _ > Winks & nudges are here - download MSN Messenger 7.0 today! > http://messenger.msn.co.uk > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
Re: basic authentication
Hi Guy Thanks fr getting back to me. Do you haveor can you lead me to an WSS4J example ? Thanks for your help From: Guy Rixon <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: axis-user@ws.apache.org Subject: Re: basic authentication Date: Fri, 26 Aug 2005 14:47:05 +0100 (BST) If you are able to change the WSDL contract, then you can indeed include the username and password in the SOAP body. Just put them in a message part, like any other parameter. If you want to put username and password in the SOAP header, then you can use the UsernameToken mode of WSS4J to be compatible with the WS-Security standard; or you can invent your own header if you don't have to be standard or interoperable. Using WSS4J is probably better. On Fri, 26 Aug 2005, Plorks mail wrote: > hi all > > i'm currntly getting username and password using basic authentication in my > web service. > > we are using a product that doesn't support basic authentaication in the > http header, so now i have to re-write my web service. Can anyone suggest > an alternative way to do this? > > Can i set the username and password in the SOAP Envelope/body? > > Thsi is the code i'm curently using > String headerAuth = > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); > > if (headerAuth != null) > { >headerAuth = headerAuth.trim(); > } > > if (headerAuth != null && headerAuth.startsWith("Basic ")) > { > int i; > > headerAuth = new String(Base64.decode(headerAuth.substring(6))); > > String [] userNamePassword = headerAuth.split(":"); > > userName = userNamePassword[0]; > password = userNamePassword[1]; > } > > thanks for any help > > _ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk
Re: basic authentication
If you are able to change the WSDL contract, then you can indeed include the username and password in the SOAP body. Just put them in a message part, like any other parameter. If you want to put username and password in the SOAP header, then you can use the UsernameToken mode of WSS4J to be compatible with the WS-Security standard; or you can invent your own header if you don't have to be standard or interoperable. Using WSS4J is probably better. On Fri, 26 Aug 2005, Plorks mail wrote: > hi all > > i'm currntly getting username and password using basic authentication in my > web service. > > we are using a product that doesn't support basic authentaication in the > http header, so now i have to re-write my web service. Can anyone suggest > an alternative way to do this? > > Can i set the username and password in the SOAP Envelope/body? > > Thsi is the code i'm curently using > String headerAuth = > (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); > > if (headerAuth != null) > { >headerAuth = headerAuth.trim(); > } > > if (headerAuth != null && headerAuth.startsWith("Basic ")) > { > int i; > > headerAuth = new String(Base64.decode(headerAuth.substring(6))); > > String [] userNamePassword = headerAuth.split(":"); > > userName = userNamePassword[0]; > password = userNamePassword[1]; > } > > thanks for any help > > _ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
RE: basic authentication
Use the url as follows "http://username:[EMAIL PROTECTED]" -Original Message- From: Plorks mail [mailto:[EMAIL PROTECTED] Sent: Monday, May 23, 2005 2:07 PM To: axis-user@ws.apache.org Subject: basic authentication Dear all, I'm trying to access an external web service that requires me to pass a valid username and password. I have some documentation but i'm clear how i do this It says "customers will be authenticated through use of HTTP headers. Authenticaton is performed using standard HTTP basic authentication. Every message must have the HTTP authentication header correctly set with customer's id and password..." I'm not sure how i do this if i call an external function e.g. doSomething, how do i pass the credentials through? Any help much appreciated _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk
Re: Basic Authentication
I guess, maybe you can try to set "username" in wsdd file like and set "passwd" in users.lst file 致 礼! ? huagang {/-◎◎-\} [EMAIL PROTECTED] ( (oo) ) 2005-05-26 ? 62125151-6226 才智,德之资也;德者,才之师也 === 2005-05-25 05:18:00 您在来信中写道:=== >Hi, > > I'm trying to access Microsoft sharepoint webservice from an axis >client. I need to authenticate using Basic /NTLM authentication. I'm >trying to set username and password >call.setUsername("username"); >call.setPassword("passwd"); > >I also tried - >call.setProperty("USERNAME_PROPERTY", "username"); >call.setProperty("PASSWORD_PROPERTY", "password"); > >I still get 401 error Please help me how to deal with this. I have also >attached the code and error below. > >Thanks. >Jyothi > > > >-- >log4j:WARN No appenders could be found for logger >(org.apache.axis.i18n.ProjectResourceBundle) >log4j:WARN Please initialize the log4j system properly. >AxisFault > faultCode: {http://xml.apache.org/axis/}HTTP > faultSubcode: > faultString: (401)Unauthorized > faultActor: > faultNode: > faultDetail: >{}:return code: 401 >401 Unauthorized >{http://xml.apache.org/axis/}HttpErrorCode:401 > >(401)Unauthorized >at >org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java >:732) >at >org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:143) >at >org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j >ava:32) >at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) >at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) >at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) >at org.apache.axis.client.Call.invokeEngine(Call.java:2765) >at org.apache.axis.client.Call.invoke(Call.java:2748) >at org.apache.axis.client.Call.invoke(Call.java:2424) >at org.apache.axis.client.Call.invoke(Call.java:2347) >at org.apache.axis.client.Call.invoke(Call.java:1804) >at SoapWsdlClient.(SoapWsdlClient.java:23) >at SoapWsdlClient.main(SoapWsdlClient.java:36) >Press any key to continue . . . > > > > >-- > > > >import java.net.*; >import org.apache.axis.client.*; >import javax.xml.namespace.*; > > >public class SoapWsdlClient >{ >public SoapWsdlClient() >{ >try >{ > > >String endPointAddress = >"http:///_vti_bin/search.asmx"; >Service service = new Service(); >Call call = ( Call )service.createCall(); >call.setTargetEndpointAddress( endPointAddress ); >call.setUsername("username"); >call.setPassword("passwd"); > >call.setSOAPActionURI("urn:Microsoft.Search/Query"); >call.setOperationName( new >QName("urn:Microsoft.Search.Query", "Query") ); >String returned = ( String) call.invoke( new Object[] { " >xmlns=\"urn:Microsoft.Search.Query\" Revision=\"1000\">domain=\"QDomain\">urn:Microsoft.Search.Respon >se.Document.Documentlanguage=\"en-US\" type=\"STRING\">cannot >print1500 >" } ); >System.out.println( "Soap returned: " + returned ); > > >} >catch (Exception e) >{ >e.printStackTrace(); >} >} > >public static void main(String[] args) >{ >SoapWsdlClient SoapWsdlClient = new SoapWsdlClient(); >} >} > > >- >Jyothishree Honnavalli >RightAnswers, LLC >67 Walnut Avenue >Suite 210 >Clark, NJ 07066 >Ph: 732-396-9010 Ext. 167 >Fax 732-396-9011 > >- > > > > >AEROSPACE?INFORMATION?CO., LTD. > virus-free and secure email > = = = = = = = = = = = = = = = = = = = = AEROSPACE INFORMATION CO., LTD. virus-free and secure email
Re: Basic Authentication
Hi guys, Can anyone tells me how to reject a soap message in Axis Handler? Thanks, Yixing Ma
RE: basic authentication
Thank you From: Harrison Tim <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: "'axis-user@ws.apache.org'" Subject: RE: basic authentication Date: Mon, 23 May 2005 10:37:04 +0100 Hi It's fairly straightforward, here's both the client and server side code to a test web service, including the code for setting the HTTP basic authentication parameters and extracting them at the server side. They appear in the request as a http header, with the username and password base64 encoded. e.g. "Authorization: Basic base64(username:password)" The client looks like this :- public class ClientCallService { public MyServiceResponseType callWebService(MyServiceRequestType req) throws Exception { MyServiceLocator os = new MyServiceLocator(); MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub) os.getMyService(); // Set basic authorization parameters on the HTTP request // using the account number + "password" stub.setUsername("username"); stub.setPassword("password"); return (stub.MyFunction(req)); } } And on the server side, within the class that handles the Axis service being called, to read the HTTP headers, code looks like this :- String user = null; String password = null; String returnStr = null; // Get the current message context MessageContext msgContext = MessageContext.getCurrentContext(); // Get the authorization string from the HTTP header String headerAuth = (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); // Trim the string if (headerAuth != null) { headerAuth = headerAuth.trim(); } // Break it down into the decoded username and password if (headerAuth != null && headerAuth.startsWith("Basic ")) { int i; headerAuth = new String(Base64.decode(headerAuth.substring(6))); log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]"); i = headerAuth.indexOf( ':' ); if (i == -1) { user = headerAuth; } else { user = headerAuth.substring(0, i); } if (i != -1) { password = headerAuth.substring(i+1); if (password != null && password.equals("")) { password = null; } } } If you print out the username and password values, it should be what was passed in by the client. You can then choose to authenticate against a database, XML file or whatever. Remember to use https as Basic Authorization is unsafe without encrypting the whole session. Tim -Original Message- From: Plorks mail [mailto:[EMAIL PROTECTED] Sent: 23 May 2005 09:37 To: axis-user@ws.apache.org Subject: basic authentication Dear all, I'm trying to access an external web service that requires me to pass a valid username and password. I have some documentation but i'm clear how i do this It says "customers will be authenticated through use of HTTP headers. Authenticaton is performed using standard HTTP basic authentication. Every message must have the HTTP authentication header correctly set with customer's id and password..." I'm not sure how i do this if i call an external function e.g. doSomething, how do i pass the credentials through? Any help much appreciated _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk+ DISCLAIMER The information contained in this e-mail is confidential and is intended for the recipient only. If you have received it in error, please notify us immediately by reply e-mail and then delete it from your system. Please do not copy it or use it for any other purposes, or disclose the content of the e-mail to any other person or store or copy the information in any medium. The views contained in this e-mail are those of the author and not necessarily those of Admenta UK Group. _ Be the first to hear what's new at MSN - sign up to our free newsletters! http://www.msn.co.uk/newsletters
RE: basic authentication
Title: RE: basic authentication Hi It's fairly straightforward, here's both the client and server side code to a test web service, including the code for setting the HTTP basic authentication parameters and extracting them at the server side. They appear in the request as a http header, with the username and password base64 encoded. e.g. "Authorization: Basic base64(username:password)" The client looks like this :- public class ClientCallService { public MyServiceResponseType callWebService(MyServiceRequestType req) throws Exception { MyServiceLocator os = new MyServiceLocator(); MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub) os.getMyService(); // Set basic authorization parameters on the HTTP request // using the account number + "password" stub.setUsername("username"); stub.setPassword("password"); return (stub.MyFunction(req)); } } And on the server side, within the class that handles the Axis service being called, to read the HTTP headers, code looks like this :- String user = null; String password = null; String returnStr = null; // Get the current message context MessageContext msgContext = MessageContext.getCurrentContext(); // Get the authorization string from the HTTP header String headerAuth = (String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION); // Trim the string if (headerAuth != null) { headerAuth = headerAuth.trim(); } // Break it down into the decoded username and password if (headerAuth != null && headerAuth.startsWith("Basic ")) { int i; headerAuth = new String(Base64.decode(headerAuth.substring(6))); log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]"); i = headerAuth.indexOf( ':' ); if (i == -1) { user = headerAuth; } else { user = headerAuth.substring(0, i); } if (i != -1) { password = headerAuth.substring(i+1); if (password != null && password.equals("")) { password = null; } } } If you print out the username and password values, it should be what was passed in by the client. You can then choose to authenticate against a database, XML file or whatever. Remember to use https as Basic Authorization is unsafe without encrypting the whole session. Tim -Original Message- From: Plorks mail [mailto:[EMAIL PROTECTED]] Sent: 23 May 2005 09:37 To: axis-user@ws.apache.org Subject: basic authentication Dear all, I'm trying to access an external web service that requires me to pass a valid username and password. I have some documentation but i'm clear how i do this It says "customers will be authenticated through use of HTTP headers. Authenticaton is performed using standard HTTP basic authentication. Every message must have the HTTP authentication header correctly set with customer's id and password..." I'm not sure how i do this if i call an external function e.g. doSomething, how do i pass the credentials through? Any help much appreciated _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk+ DISCLAIMER The information contained in this e-mail is confidential and is intended for the recipient only. If you have received it in error, please notify us immediately by reply e-mail and then delete it from your system. Please do not copy it or use it for any other purposes, or disclose the content of the e-mail to any other person or store or copy the information in any medium. The views contained in this e-mail are those of the author and not necessarily those of Admenta UK Group.
RE: basic authentication
I think i've managed this call.setUsername("username"); call.setPassword("password"); From: "Plorks mail" <[EMAIL PROTECTED]> Reply-To: axis-user@ws.apache.org To: axis-user@ws.apache.org Subject: basic authentication Date: Mon, 23 May 2005 08:36:44 + Dear all, I'm trying to access an external web service that requires me to pass a valid username and password. I have some documentation but i'm clear how i do this It says "customers will be authenticated through use of HTTP headers. Authenticaton is performed using standard HTTP basic authentication. Every message must have the HTTP authentication header correctly set with customer's id and password..." I'm not sure how i do this if i call an external function e.g. doSomething, how do i pass the credentials through? Any help much appreciated _ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk _ Be the first to hear what's new at MSN - sign up to our free newsletters! http://www.msn.co.uk/newsletters