axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harrison Tim <Tim.Harri...@aah.co.uk>
Subject RE: basic authentication
Date Mon, 23 May 2005 09:37:04 GMT

Hi 

It's fairly straightforward, here's both the client and server side code to
a test web service, including the code for setting the HTTP basic
authentication parameters and extracting them at the server side. 

They appear in the request as a http header, with the username and password
base64 encoded.

e.g. 
"Authorization: Basic base64(username:password)"

The client looks like this :-


public class ClientCallService
{
  public MyServiceResponseType callWebService(MyServiceRequestType req)
         throws Exception
  {
    MyServiceLocator os           = new MyServiceLocator();
    MyServiceSoapBindingStub stub = (MyServiceSoapBindingStub)
                                       os.getMyService();

   // Set basic authorization parameters on the HTTP request 
   // using the account number + "password"
   stub.setUsername("username");
   stub.setPassword("password");

   return (stub.MyFunction(req));
  }
}


And on the server side, within the class that handles the Axis service being
called, to read the HTTP headers, code looks like this :-

String user      = null;
String password  = null;
String returnStr = null;

// Get the current message context
MessageContext msgContext = MessageContext.getCurrentContext();

// Get the authorization string from the HTTP header
String headerAuth =
(String)msgContext.getProperty(HTTPConstants.HEADER_AUTHORIZATION);

// Trim the string
if (headerAuth != null)
{
   headerAuth = headerAuth.trim();
}      
                       
// Break it down into the decoded username and password
if (headerAuth != null && headerAuth.startsWith("Basic "))
{
  int i;
  headerAuth = new String(Base64.decode(headerAuth.substring(6)));
  log.getLogger().info("Base64 decoded auth string [" + headerAuth + "]");
  i = headerAuth.indexOf( ':' );
  if (i == -1)
  {
    user = headerAuth;
  }
  else
  {
   user = headerAuth.substring(0, i);
  }
  
  if (i != -1)
  {
    password = headerAuth.substring(i+1);
    if (password != null && password.equals(""))
    {
     password = null;
    }
  }
}      

If you print out the username and password values, it should be what was
passed in by the client. You can then choose to authenticate against a
database, XML file or whatever.

Remember to use https as Basic Authorization is unsafe without encrypting
the whole session.

Tim


-----Original Message-----
From: Plorks mail [mailto:plork123@hotmail.com] 
Sent: 23 May 2005 09:37
To: axis-user@ws.apache.org
Subject: basic authentication



Dear all,

I'm trying to access an external web service that requires me to pass a 
valid username and password.  I have some documentation but i'm clear how i 
do this

It says "customers will be authenticated through use of HTTP headers.  
Authenticaton is performed using standard HTTP basic authentication.  Every 
message must have the HTTP authentication header correctly set with 
customer's id and password..."

I'm not sure how i do this

if i call an external function e.g. doSomething, how do i pass the 
credentials through?

Any help much appreciated

_________________________________________________________________
Winks & nudges are here - download MSN Messenger 7.0 today! 
http://messenger.msn.co.uk+

************************************************************************
DISCLAIMER
The information contained in this e-mail is confidential and is intended
for the recipient only.
If you have received it in error, please notify us immediately by reply 
e-mail and then delete it from your system. Please do not copy it or
use it for any other purposes, or disclose the content of the e-mail
to any other person or store or copy the information in any medium. 
The views contained in this e-mail are those of the author and not 
necessarily those of Admenta UK Group.
************************************************************************

Mime
View raw message