Following this link: http://www.unix.org.ua/orelly/java-ent/servlet/ch08_01.htm we can extend the OFBIZ SOAPEventHandler to support basic authentication.
Add the following code snipped to the start of SOAPEventHandler.invoke(..): Map serviceContext = new HashMap(); String auth = request.getHeader("Authorization"); try { // Do we have the authentication information? if (auth == null) { // Send response to get login information response.setHeader("WWW-Authenticate", "BASIC realm=\"users\""); response.sendError(response.SC_UNAUTHORIZED); return null; } } catch(IOException e) { sendError(response, e); throw new EventHandlerException("Error sending " + response.SC_UNAUTHORIZED + " response", e); } // Extract authentication information if (!auth.toUpperCase().startsWith("BASIC ")) { sendError(response, "Only basic authentication is supported!"); throw new EventHandlerException("Only basic authentication is supported!"); } // Get encoded user and password, comes after "BASIC " String userpassEncoded = auth.substring(6); try { // Decode it, using any base 64 decoder sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder(); String userpassDecoded = new String(dec.decodeBuffer(userpassEncoded)); int sepIndex = userpassDecoded.indexOf(":"); String user = userpassDecoded.substring(0, sepIndex); String pwd = userpassDecoded.substring(sepIndex + 1); serviceContext.put("login.password", pwd); serviceContext.put("login.username", user); } catch(IOException e) { sendError(response, e); throw new EventHandlerException("Error decoding authenticated information", e); } Michael -- View this message in context: http://www.nabble.com/Using-Basic-Authentication-with-OFBIZ-tf4487032.html#a12795537 Sent from the OFBiz - User mailing list archive at Nabble.com.