• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Adding authorization to access webservice

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have created stubs using a wsdl (JAX-WS) and posting a message to service. However the service that i am using requires authorization. Authorization is not in the form of username and password. It is basically a encrypted string. How to add authorization string to the request?? Please guide
 
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

It is basically a encrypted string.


This does not say much about what kind of security the web service uses. A guess is that it is a token of some kind.
Does the WSDL contain anything (WS_Policy information, for instance) regarding security policies of the service?
If the web service is a SOAP web service, the usual way of conveying a security token is by using SOAP headers.
Best regards!
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A request does not contain authorization information. That would be like the client telling the server what the client is allowed to do - not a good scenario.

What the client passes to the server is authentication information - in most cases, username and password. The server then decides -based on information available to it from the user repository- what authorization level the client is entitled to.

If your case works in some other, completely different way, and you're just looking to pass additional information to the server, then maybe a custom SOAP header is the right way to do this, or possible a binary security token (which is supported by the WS-Security standard).
 
Deepika Agarwal
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

We are using Basic Authentication mechansim and are encrypting the username and password to a single string. We need to add this string to request header.

I tried the following code:

Map<String,String>headers = new HashMap<String,String>();
headers.put("Authorization","Basic encryptedString");
BindingProvider bp = ((BindingProvider) port);
bp.getRequestContext().put(MessageContext.HTTP_REQUEST_HEADERS, headers);

But its still giving me error:
Exception in thread "main" javax.xml.ws.WebServiceException: request requires HTTP authentication: Unauthorized
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So what you call "encryptedString" is really the base-64 encoded string "username:password"? You're aware that this isn't encryption, right? It can easily be reversed by anyone who happens to see it.

You really shouldn't use HTTP Authentication with web services theses days; WS-Security offers numerous advantages, and is available as part of all major SOAP stacks.
 
Deepika Agarwal
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Ulf Dittmer

Ya I do agree. But then is there anyway we can add it to request header?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It would seem that the code you posted does add that header. You can inspect what goes over the wire by using a tool like tcpmon or SOAPUI.
 
Deepika Agarwal
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I tried the following code:

SOAPMessage msg = SOAPMessageContext.getMessage();
msg.getMimeHeaders().addHeader("Authorization","Basic encryptedString");
msg.saveChanges();

And now its working fine without any error.
Thanks
 
reply
    Bookmark Topic Watch Topic
  • New Topic