This week's book giveaway is in the General Computing forum. We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line! See this thread for details.
I have created stubs using a wsdl (JAX-WS) and posting a message to service. However the service that i am using requires authorization. Authorization is not in the form of username and password. It is basically a encrypted string. How to add authorization string to the request?? Please guide
This does not say much about what kind of security the web service uses. A guess is that it is a token of some kind.
Does the WSDL contain anything (WS_Policy information, for instance) regarding security policies of the service?
If the web service is a SOAP web service, the usual way of conveying a security token is by using SOAP headers.
Best regards!
A request does not contain authorization information. That would be like the client telling the server what the client is allowed to do - not a good scenario.
What the client passes to the server is authentication information - in most cases, username and password. The server then decides -based on information available to it from the user repository- what authorization level the client is entitled to.
If your case works in some other, completely different way, and you're just looking to pass additional information to the server, then maybe a custom SOAP header is the right way to do this, or possible a binary security token (which is supported by the WS-Security standard).
We are using Basic Authentication mechansim and are encrypting the username and password to a single string. We need to add this string to request header.
I tried the following code:
Map<String,String>headers = new HashMap<String,String>();
headers.put("Authorization","Basic encryptedString");
BindingProvider bp = ((BindingProvider) port);
bp.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS, headers);
But its still giving me error:
Exception in thread "main" javax.xml.ws.WebServiceException: request requires HTTP authentication: Unauthorized
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35443
9
posted
0
So what you call "encryptedString" is really the base-64 encoded string "username:password"? You're aware that this isn't encryption, right? It can easily be reversed by anyone who happens to see it.
You really shouldn't use HTTP Authentication with web services theses days; WS-Security offers numerous advantages, and is available as part of all major SOAP stacks.
Deepika Agarwal
Greenhorn
Joined: Jun 24, 2009
Posts: 4
posted
0
@Ulf Dittmer
Ya I do agree. But then is there anyway we can add it to request header?
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35443
9
posted
0
It would seem that the code you posted does add that header. You can inspect what goes over the wire by using a tool like tcpmon or SOAPUI.
0
