• Post Reply Bookmark Topic Watch Topic
  • New Topic

web service and basic authentication.  RSS feed

 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I am writing a webservice that needs authentication. I can find some examples but those examples never specify how to get the Stub from the server in a secure way. I have set my application so that I need to authenticate whenever I do a request. But this means I cannot request my wsdl file without authentication. So I need to be authenticated in order to read the wsdl file. But all the examples use JNDI to download a stub from a server in the authentication examples. In this case I would have to open up the JNDI port as well and I do not want to do this.

Does anybody have any experience with this issue?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not quite sure what you're trying to do - you want to retrieve the WSDL file programmatically? Usually you get the WSDL once -probably manually- and then use that to generate the stub files (you don't download stub files).
If it is secured by basic authentication, you can set the username/password the same way you would for other HTTP basic auth requests (or type them in if you're doing it manually). But I'm getting the feeling that you're after something else, so maybe you can elaborate a bit more.
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Take a look at this code sample :



Using this code sample I do not need the wsdl file on the client side. It is served by my JBOSS server. The code tries to download the wsdl file. I could of course download it manually and refer to that, but using it like this makes sure that I have the latest version. I can create a stub using the wsdl file. Once I have it I can start working on that stub. My problem is when I enable basic authentication in my web app. The server will not allow me to download the wsdl file manually. It requires authentication too. I can not map the WSDL file to be unsecure because it is the same url (with some extra ?wsdl request parameter).

I solved my issue for now by creating a servlet that forwards to the wsdl file. I do not secure that servlet so I can reach the wsdl file in this way. Maybe I'm going all wrong about this? What do you think?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have never seen a web service that needs to refer to the WSDL file once you have implemented the client. What good does that do? The Stub class will not be based on the current WSDL version, so what happens if the WSDL does indeed change incompatibly? That would break your app (if the WSDL was actually used for something, and as I said above, I don't know what that might be).
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the WSDL is used to generate a stub at runtime. I do not have to compile/generate anything beforehand. I just say I want to use a particular webservice and it will generate the stub in real time.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's a neat implementation of web services then.
One approach might be to download the WSDL file using basic authentication, store the file somewhere in your local filesystem, and use a file:/// URL that references it there.
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am actually quite happy with the way it works now. Since I do not have to worry about generating stubs beforehand. In this case I just have to make the WSDL file available to the client app. I have seen many examples using the (jwsdp) generated impl-classes. I've even tried it but I think I prefer this approach.

I have a work-around now for reading my wsdl file (as described before) and I think I'm going to leave it at that for now.
 
priyaruby jose
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use Apache Axis to generate the stub code from the wsdl file.
Apache axis comes with an adminclient which can be used to generate the client side and server side binding and that tool will help you to generate the depoly.wsdd and using which you will be able to deploy the webservice
very easily.

http://ws.apache.org/axis/java/install.html
http://ws.apache.org/axis/java/user-guide.html#Introduction
 
Oleg Mustiazza
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am also trying to secure my webservice using basic http authenication. I'm using WebSphere 6.0 and no matter what i tried I cannot get security to "kick in".

When I secure regular pages then I do get the dialog prompting me to enter a username and password. But when I secure my service url, i.e. http://localhost:9080/project/services/Service1 then security doesn't trigger.

Any clues or pointers to how I can get basic authenication to activate for a webservice?

thanks
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!