File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Adding authorization to  access webservice Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Adding authorization to  access webservice" Watch "Adding authorization to  access webservice" New topic
Author

Adding authorization to access webservice

Deepika Agarwal
Greenhorn

Joined: Jun 24, 2009
Posts: 4
I have created stubs using a wsdl (JAX-WS) and posting a message to service. However the service that i am using requires authorization. Authorization is not in the form of username and password. It is basically a encrypted string. How to add authorization string to the request?? Please guide
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
It is basically a encrypted string.

This does not say much about what kind of security the web service uses. A guess is that it is a token of some kind.
Does the WSDL contain anything (WS_Policy information, for instance) regarding security policies of the service?
If the web service is a SOAP web service, the usual way of conveying a security token is by using SOAP headers.
Best regards!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42281
    
  64
A request does not contain authorization information. That would be like the client telling the server what the client is allowed to do - not a good scenario.

What the client passes to the server is authentication information - in most cases, username and password. The server then decides -based on information available to it from the user repository- what authorization level the client is entitled to.

If your case works in some other, completely different way, and you're just looking to pass additional information to the server, then maybe a custom SOAP header is the right way to do this, or possible a binary security token (which is supported by the WS-Security standard).


Ping & DNS - my free Android networking tools app
Deepika Agarwal
Greenhorn

Joined: Jun 24, 2009
Posts: 4
Hi!

We are using Basic Authentication mechansim and are encrypting the username and password to a single string. We need to add this string to request header.

I tried the following code:

Map<String,String>headers = new HashMap<String,String>();
headers.put("Authorization","Basic encryptedString");
BindingProvider bp = ((BindingProvider) port);
bp.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS, headers);

But its still giving me error:
Exception in thread "main" javax.xml.ws.WebServiceException: request requires HTTP authentication: Unauthorized
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42281
    
  64
So what you call "encryptedString" is really the base-64 encoded string "username:password"? You're aware that this isn't encryption, right? It can easily be reversed by anyone who happens to see it.

You really shouldn't use HTTP Authentication with web services theses days; WS-Security offers numerous advantages, and is available as part of all major SOAP stacks.
Deepika Agarwal
Greenhorn

Joined: Jun 24, 2009
Posts: 4
@Ulf Dittmer

Ya I do agree. But then is there anyway we can add it to request header?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42281
    
  64
It would seem that the code you posted does add that header. You can inspect what goes over the wire by using a tool like tcpmon or SOAPUI.
Deepika Agarwal
Greenhorn

Joined: Jun 24, 2009
Posts: 4
Hi,

I tried the following code:

SOAPMessage msg = SOAPMessageContext.getMessage();
msg.getMimeHeaders().addHeader("Authorization","Basic encryptedString");
msg.saveChanges();

And now its working fine without any error.
Thanks
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Adding authorization to access webservice