GeeCON Prague 2014*
The moose likes Web Services and the fly likes Basic authentication soap header values? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Web Services
Bookmark "Basic authentication soap header values?" Watch "Basic authentication soap header values?" New topic
Author

Basic authentication soap header values?

Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
I've been using wsse security. And username and password, could be specified as part of soap header.



Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.


SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
Seems no one encountered this problem?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
WS-Security does not use Basic Authentication (which is an HTTP mechanism). WSS username/password authentication looks like what you posted.


Ping & DNS - my free Android networking tools app
Nischit Shetty
Greenhorn

Joined: Feb 21, 2007
Posts: 25
If I am not wrong, basic authentication information is sent as part of request header.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="

Refer the last section of my post Basic Auth. It will give a code snippet while using Axis client.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
I repeat: Basic Authentication is not used with WS-Security. Let's wait for Amandeep to clarify what he meant by that.
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
Ulf Dittmer wrote:I repeat: Basic Authentication is not used with WS-Security. Let's wait for Amandeep to clarify what he meant by that.


Yes, you are right. Basically I was looking, when using basic authentication how does the soap header looked like. Anyhow I can also try to find out the same information using wireshark.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
Amandeep Singh wrote:Basically I was looking, when using basic authentication how does the soap header looked like.

Basic Authentication looks like it always does; Nischit already told you what that is. It has no, I repeat: no, bearance on any SOAP headers which are completely independent on it. Furthermore, there is no point in using both Basic Authentication and WS-Security authentication. So why don't you tell us what you're trying to accomplish? Because it seems like you're doing something that is misguided.
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
I repeat, I understand there is no point in using wsse and http authentication together.

Basically I was looking, when using basic authentication how does the soap header looked like.


In my context above line makes clear what I am looking for. I'm not sure why you are unable to interpret the above sentence. May be I've Indian English, makes it hard to understand.

Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="


Nischit get it what I meant. Let me dive more.

Assume you are writing a soap request manually not using any library. You know the username password to access web service is this test1/test2. Is it possible by human to write/express username/password in soap message when using basic authentication without using any tool to construct soap message. And here I meant to write soap xml not specifying username/password thru java coding which i know how it can be done. If I assume test1/test2 would be transformed to value "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE=" when using http authentication. Then I can say it's only possible using some library. May be here I'm saying more broad meaning by constructing soap message, but meant to write manually only username/password as part of message.

It's possible to do the same above thing when using wsse security. Refer to my first example, you can clear see the username/password in soap header. I repeat, When using basic authentication, how will the username/password look in the soap message.

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
I don't think it's a language issue. I'm trying to convey that the question you posed does not make sense, as the WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.

It is easy to construct a Basic Auth header: http://www.coderanch.com/how-to/java/AppletsFaq#authentication

It is certainly possible to construct a SOAP username/password header without the use of any library. Why one would do such a thing, I have no idea. If you look at the SOAP, it's not terribly complicated. The WS-Security spec will tell you for sure what it must contain; it would be part of the SOAP header.

Note that the SOAP header (used by WS-Security) is part of the SOAP, and therefore not part of the HTTP header (which is where Basic Auth info resides), but of the HTTP body.
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.


Thank you. I believe question was clear, that's how I got your answer now .

If you still think it wasn't clear, would you mind rephrasing the question for me, so I can learn too.
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
Amandeep Singh wrote:I've been using wsse security. And username and password, could be specified as part of soap header.



Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.



It's answer could have like this example, after i learnt from your post.

When using Basic authentication, username/password is not included as part of a soap message. It is always specified in the http header which is outside soap message.

Http header would like this:

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
So all is clear now?
Amandeep Singh
Ranch Hand

Joined: Jul 17, 2008
Posts: 844
Yes Sir, thanks
 
GeeCON Prague 2014
 
subject: Basic authentication soap header values?