• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Basic authentication soap header values?

 
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've been using wsse security. And username and password, could be specified as part of soap header.



Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.

 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Seems no one encountered this problem?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WS-Security does not use Basic Authentication (which is an HTTP mechanism). WSS username/password authentication looks like what you posted.
 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I am not wrong, basic authentication information is sent as part of request header.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="

Refer the last section of my post Basic Auth. It will give a code snippet while using Axis client.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I repeat: Basic Authentication is not used with WS-Security. Let's wait for Amandeep to clarify what he meant by that.
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:I repeat: Basic Authentication is not used with WS-Security. Let's wait for Amandeep to clarify what he meant by that.



Yes, you are right. Basically I was looking, when using basic authentication how does the soap header looked like. Anyhow I can also try to find out the same information using wireshark.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Amandeep Singh wrote:Basically I was looking, when using basic authentication how does the soap header looked like.


Basic Authentication looks like it always does; Nischit already told you what that is. It has no, I repeat: no, bearance on any SOAP headers which are completely independent on it. Furthermore, there is no point in using both Basic Authentication and WS-Security authentication. So why don't you tell us what you're trying to accomplish? Because it seems like you're doing something that is misguided.
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I repeat, I understand there is no point in using wsse and http authentication together.

Basically I was looking, when using basic authentication how does the soap header looked like.



In my context above line makes clear what I am looking for. I'm not sure why you are unable to interpret the above sentence. May be I've Indian English, makes it hard to understand.

Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="



Nischit get it what I meant. Let me dive more.

Assume you are writing a soap request manually not using any library. You know the username password to access web service is this test1/test2. Is it possible by human to write/express username/password in soap message when using basic authentication without using any tool to construct soap message. And here I meant to write soap xml not specifying username/password thru java coding which i know how it can be done. If I assume test1/test2 would be transformed to value "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE=" when using http authentication. Then I can say it's only possible using some library. May be here I'm saying more broad meaning by constructing soap message, but meant to write manually only username/password as part of message.

It's possible to do the same above thing when using wsse security. Refer to my first example, you can clear see the username/password in soap header. I repeat, When using basic authentication, how will the username/password look in the soap message.

 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think it's a language issue. I'm trying to convey that the question you posed does not make sense, as the WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.

It is easy to construct a Basic Auth header: https://coderanch.com/how-to/java/AppletsFaq#authentication

It is certainly possible to construct a SOAP username/password header without the use of any library. Why one would do such a thing, I have no idea. If you look at the SOAP, it's not terribly complicated. The WS-Security spec will tell you for sure what it must contain; it would be part of the SOAP header.

Note that the SOAP header (used by WS-Security) is part of the SOAP, and therefore not part of the HTTP header (which is where Basic Auth info resides), but of the HTTP body.
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.



Thank you. I believe question was clear, that's how I got your answer now .

If you still think it wasn't clear, would you mind rephrasing the question for me, so I can learn too.
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Amandeep Singh wrote:I've been using wsse security. And username and password, could be specified as part of soap header.



Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.



It's answer could have like this example, after i learnt from your post.

When using Basic authentication, username/password is not included as part of a soap message. It is always specified in the http header which is outside soap message.

Http header would like this:

 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So all is clear now?
 
Amandeep Singh
Ranch Hand
Posts: 856
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes Sir, thanks
 
reply
    Bookmark Topic Watch Topic
  • New Topic