Basic authentication soap header values?
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
I've been using wsse security. And username and password, could be specified as part of soap header.
Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.
Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
Seems no one encountered this problem?
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Ulf Dittmer
Rancher
Posts: 42972
73
Nischit Shetty
Greenhorn
Posts: 27
posted 5 years ago
If I am not wrong, basic authentication information is sent as part of request header.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="
Refer the last section of my post Basic Auth. It will give a code snippet while using Axis client.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="
Refer the last section of my post Basic Auth. It will give a code snippet while using Axis client.
Ulf Dittmer
Rancher
Posts: 42972
73
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
Yes, you are right. Basically I was looking, when using basic authentication how does the soap header looked like. Anyhow I can also try to find out the same information using wireshark.
Ulf Dittmer wrote:I repeat: Basic Authentication is not used with WS-Security. Let's wait for Amandeep to clarify what he meant by that.
Yes, you are right. Basically I was looking, when using basic authentication how does the soap header looked like. Anyhow I can also try to find out the same information using wireshark.
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Ulf Dittmer
Rancher
Posts: 42972
73
posted 5 years ago
Basic Authentication looks like it always does; Nischit already told you what that is. It has no, I repeat: no, bearance on any SOAP headers which are completely independent on it. Furthermore, there is no point in using both Basic Authentication and WS-Security authentication. So why don't you tell us what you're trying to accomplish? Because it seems like you're doing something that is misguided.
Amandeep Singh wrote:Basically I was looking, when using basic authentication how does the soap header looked like.
Basic Authentication looks like it always does; Nischit already told you what that is. It has no, I repeat: no, bearance on any SOAP headers which are completely independent on it. Furthermore, there is no point in using both Basic Authentication and WS-Security authentication. So why don't you tell us what you're trying to accomplish? Because it seems like you're doing something that is misguided.
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
I repeat, I understand there is no point in using wsse and http authentication together.
In my context above line makes clear what I am looking for. I'm not sure why you are unable to interpret the above sentence. May be I've Indian English, makes it hard to understand.
Nischit get it what I meant. Let me dive more.
Assume you are writing a soap request manually not using any library. You know the username password to access web service is this test1/test2. Is it possible by human to write/express username/password in soap message when using basic authentication without using any tool to construct soap message. And here I meant to write soap xml not specifying username/password thru java coding which i know how it can be done. If I assume test1/test2 would be transformed to value "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE=" when using http authentication. Then I can say it's only possible using some library. May be here I'm saying more broad meaning by constructing soap message, but meant to write manually only username/password as part of message.
It's possible to do the same above thing when using wsse security. Refer to my first example, you can clear see the username/password in soap header. I repeat, When using basic authentication, how will the username/password look in the soap message.
Basically I was looking, when using basic authentication how does the soap header looked like.
In my context above line makes clear what I am looking for. I'm not sure why you are unable to interpret the above sentence. May be I've Indian English, makes it hard to understand.
Your request header will contain an element as follow "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE="
Nischit get it what I meant. Let me dive more.
Assume you are writing a soap request manually not using any library. You know the username password to access web service is this test1/test2. Is it possible by human to write/express username/password in soap message when using basic authentication without using any tool to construct soap message. And here I meant to write soap xml not specifying username/password thru java coding which i know how it can be done. If I assume test1/test2 would be transformed to value "Authorization: Basic bHdzc3J2MXQ6bHdzQGszeTE=" when using http authentication. Then I can say it's only possible using some library. May be here I'm saying more broad meaning by constructing soap message, but meant to write manually only username/password as part of message.
It's possible to do the same above thing when using wsse security. Refer to my first example, you can clear see the username/password in soap header. I repeat, When using basic authentication, how will the username/password look in the soap message.
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Ulf Dittmer
Rancher
Posts: 42972
73
posted 5 years ago
I don't think it's a language issue. I'm trying to convey that the question you posed does not make sense, as the WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.
It is easy to construct a Basic Auth header: http://www.coderanch.com/how-to/java/AppletsFaq#authentication
It is certainly possible to construct a SOAP username/password header without the use of any library. Why one would do such a thing, I have no idea. If you look at the SOAP, it's not terribly complicated. The WS-Security spec will tell you for sure what it must contain; it would be part of the SOAP header.
Note that the SOAP header (used by WS-Security) is part of the SOAP, and therefore not part of the HTTP header (which is where Basic Auth info resides), but of the HTTP body.
It is easy to construct a Basic Auth header: http://www.coderanch.com/how-to/java/AppletsFaq#authentication
It is certainly possible to construct a SOAP username/password header without the use of any library. Why one would do such a thing, I have no idea. If you look at the SOAP, it's not terribly complicated. The WS-Security spec will tell you for sure what it must contain; it would be part of the SOAP header.
Note that the SOAP header (used by WS-Security) is part of the SOAP, and therefore not part of the HTTP header (which is where Basic Auth info resides), but of the HTTP body.
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
Thank you. I believe question was clear, that's how I got your answer now
.
If you still think it wasn't clear, would you mind rephrasing the question for me, so I can learn too.
WS-Security info and the Basic Auth info are independent of one another. When using Basic Auth, the username/password is on the HTTP headers, not in the SOAP (which is in the HTTP body). Therefore, the SOAP is the same, whether you use Basic Auth or not.
Thank you. I believe question was clear, that's how I got your answer now
.
If you still think it wasn't clear, would you mind rephrasing the question for me, so I can learn too.
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
It's answer could have like this example, after i learnt from your post.
When using Basic authentication, username/password is not included as part of a soap message. It is always specified in the http header which is outside soap message.
Http header would like this:
Amandeep Singh wrote:I've been using wsse security. And username and password, could be specified as part of soap header.
Now since now i will be using basic authentication, how the SOAP header is going to look like? I'm using JAX-WS from JBoss.
It's answer could have like this example, after i learnt from your post.
When using Basic authentication, username/password is not included as part of a soap message. It is always specified in the http header which is outside soap message.
Http header would like this:
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
Amandeep Singh
Ranch Hand
Posts: 850
posted 5 years ago
Yes Sir, thanks
SCJP 1.4, SCWCD 5, SCBCD 5, OCPJWSD 5,SCEA-1, Started Assignment Part 2
My blog- http://rkydesigns.blogspot.com
| It is sorta covered in the JavaRanch Style Guide. |