This week's book giveaway is in the Cloud/Virtualization forum. We're giving away four copies of Mastering Corda: Blockchain for Java Developers and have Jamiel Sheikh on-line! See this thread for details.
Amandeep Singh wrote:Basically I was looking, when using basic authentication how does the soap header looked like.
Basic Authentication looks like it always does; Nischit already told you what that is. It has no, I repeat: no, bearance on any SOAP headers which are completely independent on it. Furthermore, there is no point in using both Basic Authentication and WS-Security authentication. So why don't you tell us what you're trying to accomplish? Because it seems like you're doing something that is misguided.
posted 8 years ago
I repeat, I understand there is no point in using wsse and http authentication together.
Basically I was looking, when using basic authentication how does the soap header looked like.
In my context above line makes clear what I am looking for. I'm not sure why you are unable to interpret the above sentence. May be I've Indian English, makes it hard to understand.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="
Nischit get it what I meant. Let me dive more.
Assume you are writing a soap request manually not using any library. You know the username password to access web service is this test1/test2. Is it possible by human to write/express username/password in soap message when using basic authentication without using any tool to construct soap message. And here I meant to write soap xml not specifying username/password thru java coding which i know how it can be done. If I assume test1/test2 would be transformed to value "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE=" when using http authentication. Then I can say it's only possible using some library. May be here I'm saying more broad meaning by constructing soap message, but meant to write manually only username/password as part of message.
It's possible to do the same above thing when using wsse security. Refer to my first example, you can clear see the username/password in soap header. I repeat, When using basic authentication, how will the username/password look in the soap message.
I don't think it's a language issue. I'm trying to convey that the question you posed does not make sense, as the WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.
It is certainly possible to construct a SOAP username/password header without the use of any library. Why one would do such a thing, I have no idea. If you look at the SOAP, it's not terribly complicated. The WS-Security spec will tell you for sure what it must contain; it would be part of the SOAP header.
Note that the SOAP header (used by WS-Security) is part of the SOAP, and therefore not part of the HTTP header (which is where Basic Auth info resides), but of the HTTP body.
posted 8 years ago
WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.
Thank you. I believe question was clear, that's how I got your answer now .
If you still think it wasn't clear, would you mind rephrasing the question for me, so I can learn too.