Re: AXIS2 1.1.1 problem with BASIC AUTH
aassif wrote:
Now moving to the Server side implementation, I was expecting retrieving
the result will be simple so I tried on the lines similar to Axis 1.X,
below is the code listing:
[znip code]
I don't know which is the preferred procedure for extracting authentication
data from incoming SOAP requests. I ended up acquiring the Principal object
(created by the servlet container upon a successful login since I let the
container handle the authentication) from the HTTP request. But then -
platform differences might come into play here. (As stated earlier, I use
OC4J 10.1.3.1.2.)
Here's an example of Principal extraction from the request:
//
:
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
:
:
// acquire the active MessageContext
MessageContext mc = MessageContext.getCurrentMessageContext();
// acquire the active HTTP Request
HttpServletRequest req = (HttpServletRequest)
mc.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
Principal principal = req.getUserPrincipal();
if (principal == null) {
System.out.println(HTTP Request held no principal - user is not
logged in.);
} else {
System.out.println(UserName: + principal.getName());
}
//
Sincerely,
Geir
--
View this message in context:
http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10159661
Sent from the Axis - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Dear Geir, Thank you for your reply. Your solution for OC4J was not working with Tomcat. I managed to make it work after getting ideas from your last reply which was using HttpServletRequest. Below is the working solution, which may help other readers. // acquire the active HTTP Request HttpServletRequest req = (HttpServletRequest) inMesasgeContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST); // Acquiring Authorization Header from servlet request String auth = req.getHeader(Authorization); auth = auth.substring(auth.indexOf( )); // Decoding the authorization header... String decoded = new String(Base64.decode(auth)); // decoded now contains username:password in plain text. int i = decoded.indexOf(:); // so we take the username from it ( everything until the ':' ) String username = decoded.substring(0, i); // and the password String pwd = decoded.substring(i + 1, decoded.length()); // Printing it for confirmation. System.out.println(username + + pwd); Once again thank you for your help. Cheers Asif -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10163886 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Dear Geir Amdal, Thank you for reply. I have one query regarding Basic Authentication. I Axis 1.X, when we use Call.setUserName() or call.setPassword(), the details are encoded and sent to the server as HTTP Headers and which can be seen through TCP monitor. The username and password can be retrieved in the Web Service Handler or Web Service implementation through Message Context. In the case of Axis2 I can't see and difference in the SOAP request with or without BASIC Authentication. I am not creating ServiceClient from scratch rather I am using the Stub generated as result of WSDL2Java and then from the stub I am retrieving the ServiceClient and Options. But I don't think this should make any difference. I believe it has more to do with my poor understanding of Basic Authentication in Axis2. Question is how I can send username and password to the Web Service as HTTP Header rather than SOAP Header in Axis2 similar to Axis 1.X. Reason I am looking for this functionality is for back compatibility. Cheers. Asif -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10137496 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
aassif wrote: I have one query regarding Basic Authentication. I Axis 1.X, when we use Call.setUserName() or call.setPassword(), the details are encoded and sent to the server as HTTP Headers and which can be seen through TCP monitor. The username and password can be retrieved in the Web Service Handler or Web Service implementation through Message Context. In the case of Axis2 I can't see and difference in the SOAP request with or without BASIC Authentication. I just tested TCPMon for my own setup, and verified that an Authorization: Basic (...) header was generated and sent. While the Soap Envelope is not different, the HTTP headers should be. aassif wrote: I am not creating ServiceClient from scratch rather I am using the Stub generated as result of WSDL2Java and then from the stub I am retrieving the ServiceClient and Options. But I don't think this should make any difference. I believe it has more to do with my poor understanding of Basic Authentication in Axis2. Question is how I can send username and password to the Web Service as HTTP Header rather than SOAP Header in Axis2 similar to Axis 1.X. Reason I am looking for this functionality is for back compatibility. If you are using code parallell to what I suggested, you are sending the authorization data as a HTTP (Authorization:) header. If no Authorization header is present among the HTTP headers, I'd suspect the ServiceClient used by the stub was not configured correctly... Like you, I think that your retrieving the ServiceClient and Options from the stub should not make any significant difference. From what I understood, that was the same approach Belunek Karel was (successfully) using. Sincerely, Geir -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10138964 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Hi, Thank you for your reply. I will try again today, but yesterday when I tried with different set of options the HTTP Header remained the same for each Web Service call. I assume that I must be missing something. Thank you for the help. Cheers Asif -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10139025 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Dear Geir, If no Authorization header is present among the HTTP headers, I'd suspect the ServiceClient used by the stub was not configured correctly... One stupid question, do I need to manually configure ServiceClient to use Basic Authorization. Cheers Asif -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10139031 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
aassif wrote: [...] do I need to manually configure ServiceClient to use Basic Authorization. I might be missing the mark here, but are you asking whether you have to instanciate a new ServiceClient or whether you can configure one retrieved from the stub? If so, take a look at Belunek Karel's second post in this thread (April 12th), where the ServiceClient from the stub is retrieved and configured: Options opt = stub._getServiceClient().getOptions(); : : opt.setProperty(HTTPConstants.AUTHENTICATE, authenticator); http://www.nabble.com/forum/ViewPost.jtp?post=9961378 Sincerely, Geir -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10141309 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Dear Geir,
Thank you for your help. I was doing exactly the same what was mentioned
in the Thread and what you suggested today but yesterday I failed to notice
the HTTP headers regarding Authorization: Basic. But today when I executed
the client without any change it was working as required. I assume that it
must be my mistake. I was hoping that Authorization: Basic will be the last
thing in the HTTP Header just before SOAP Message as normally it is the case
for Axis 1.X but infact it was somewhere in the middle of HTTP header for
Axis2.
Now moving to the Server side implementation, I was expecting retrieving the
result will be simple so I tried on the lines similar to Axis 1.X, below is
the code listing:
inMesasgeContext = MessageContext.getCurrentMessageContext();
if(inMesasgeContext == null)
System.out.println(inMesasgeContext is null);
else System.out.println(inMesasgeContext is NOT null); //
MessageContext is not NULL
Options options = inMesasgeContext.getOptions();
HttpTransportProperties.Authenticator authProperties = (
HttpTransportProperties.Authenticator)
options.getProperty(HTTPConstants.AUTHENTICATE);
if(authProperties != null){
System.out.println(UserName: + authProperties.getUsername());
}else {
System.out.println(authProperties is null);
}
But it always print authProperties is null. Once again I must be making
error in casting i.e. casting the Object in wrong class.
Your help is appreciated.
Cheers
Asif
--
View this message in context:
http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10146272
Sent from the Axis - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Dear Geir,
Thank you for your help. I was doing exactly the same what was mentioned
in the Thread and what you suggested today but yesterday I failed to notice
the HTTP headers regarding Authorization: Basic. But today when I executed
the client without any change it was working as required. I assume that it
must be my mistake. I was hoping that Authorization: Basic will be the last
thing in the HTTP Header just before SOAP Message as normally it is the case
for Axis 1.X but infact it was somewhere in the middle of HTTP header for
Axis2.
Now moving to the Server side implementation, I was expecting retrieving the
result will be simple so I tried on the lines similar to Axis 1.X, below is
the code listing:
inMesasgeContext = MessageContext.getCurrentMessageContext();
if(inMesasgeContext == null)
System.out.println(inMesasgeContext is null);
else System.out.println(inMesasgeContext is NOT null); //
MessageContext is not NULL
Options options = inMesasgeContext.getOptions();
HttpTransportProperties.Authenticator authProperties = (
HttpTransportProperties.Authenticator)
options.getProperty(HTTPConstants.AUTHENTICATE);
if(authProperties != null){
System.out.println(UserName: + authProperties.getUsername());
}else {
System.out.println(authProperties is null);
}
But it always print authProperties is null. Once again I must be making
error in casting i.e. casting the Object in wrong class.
Your help is appreciated.
Cheers
Asif
--
View this message in context:
http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10146297
Sent from the Axis - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Hi, I went through the whole discussion and when tried to implement BASIC Authentication I can't find the Authenticator class, the one which I can locate is only HttpTransportProperties.Authenticator. But HttpTransportProperties.Authenticator doesn't have any property BASIC and seems to be different from Authenticator class used in the thread. Cheers Asif Belunek Karel wrote: Geir Amdal napsal(a): On 11. apr. 2007, at 14:52, Belunek Karel wrote: I have Axis2 1.1.1 under Tomcat 5.5.9 and I have correctly working Axis service generated from WSDL file. Now I'm trying to implement BASIC authenticacion. On server side I'have se security constraint on the Tomcat level, it works fine. I have tried it via WWW browser http://user:[EMAIL PROTECTED] But I'm not able to write client with BASIC authentication. Example from documentation does not work because org.apache.axis2.transport.http.HTTPConstants.BASIC_AUTHENTICATE constant simply does not exist. (...) I have tried to replace the constant by HttpTransportProperties.Authenticator.BASIC but it does not work. I configure the Options object as follows in my own ServiceClient-based client implementation (also using Axis2 1.1.1, but on OC4J, not Tomcat): //(...) Authenticator authenticator = new Authenticator(); ListString auth = new ArrayListString(); auth.add(Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(username); authenticator.setPassword(password); options.setProperty(HTTPConstants.AUTHENTICATE, authenticator); //(...) Thanks guys, it solves the problem. Your code snippet with Jarek's modification works. Here is my code snippet: ... //set authentication param Options opt = stub._getServiceClient().getOptions(); Authenticator authenticator = new Authenticator(); ListString auth = new ArrayListString(); auth.add(Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(user); authenticator.setPassword(pass); authenticator.setPreemptiveAuthentication(true); opt.setProperty(HTTPConstants.AUTHENTICATE, authenticator); ... Regards Karel Belunek - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10125068 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
aassif wrote: I went through the whole discussion and when tried to implement BASIC Authentication I can't find the Authenticator class, the one which I can locate is only HttpTransportProperties.Authenticator. It was HttpTransportProperties.Authenticator that was used. My apologies for causing confusion - I should absolutely have used the full notation for the inner class. // Strings 'username' and 'password' presupposed, // as well as an Options object 'options' : HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator(); ListString auth = new ArrayListString(); auth.add(HttpTransportProperties.Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(username); authenticator.setPassword(password); authenticator.setPreemptiveAuthentication(true); options.setProperty(HTTPConstants.AUTHENTICATE, authenticator); : // aassif wrote: But HttpTransportProperties.Authenticator doesn't have any property BASIC and seems to be different from Authenticator class used in the thread. I believe 'BASIC' is a static field of HttpTransportProperties.Authenticator in Axis2 v1.1.1, at least. See http://ws.apache.org/axis2/1_1_1/api/org/apache/axis2/transport/http/HttpTransportProperties.Authenticator.html#field_detail HttpTransportProperties.Authenticator Field Detail . Sincerely, Geir Amdal -- View this message in context: http://www.nabble.com/AXIS2-1.1.1-problem-with-BASIC-AUTH-tf3559184.html#a10128688 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
On 11. apr. 2007, at 14:52, Belunek Karel wrote: I have Axis2 1.1.1 under Tomcat 5.5.9 and I have correctly working Axis service generated from WSDL file. Now I'm trying to implement BASIC authenticacion. On server side I'have se security constraint on the Tomcat level, it works fine. I have tried it via WWW browser http://user:[EMAIL PROTECTED] But I'm not able to write client with BASIC authentication. Example from documentation does not work because org.apache.axis2.transport.http.HTTPConstants.BASIC_AUTHENTICATE constant simply does not exist. (...) I have tried to replace the constant by HttpTransportProperties.Authenticator.BASIC but it does not work. I configure the Options object as follows in my own ServiceClient- based client implementation (also using Axis2 1.1.1, but on OC4J, not Tomcat): //(...) Authenticator authenticator = new Authenticator(); ListString auth = new ArrayListString(); auth.add(Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(username); authenticator.setPassword(password); options.setProperty(HTTPConstants.AUTHENTICATE, authenticator); //(...) Regards, .gAm -- Geir Amdal Java Developer, Center for Information Technology Services The University of Oslo - there is no spool - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
On 12. apr. 2007, at 13:25, Jarek Kucypera wrote: Don't you also need to set the 'preemtive' flag, like this: authenticator.setPreemptiveAuthentication(true); ? Ahh. Valid point. Though I am not sure a 'need' can be generalized for this setting. From what I can tell, setting this flag activates sending of the authentication response even before the server gives an unauthorized response. While it might serve to reduce the overhead of making the connection, I can only assume it also has some security related issues? Or have I misunderstood how the flag works? In the configuration I quoted, using the Authenticator and ServiceClient without preemptive authentication works fine. I'm very interested in the experiences of others on the matter, though. Regards, .gAm -- Geir Amdal Java Developer, Center for Information Technology Services University of Oslo - there is no spool - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 1.1.1 problem with BASIC AUTH
Geir Amdal napsal(a): On 11. apr. 2007, at 14:52, Belunek Karel wrote: I have Axis2 1.1.1 under Tomcat 5.5.9 and I have correctly working Axis service generated from WSDL file. Now I'm trying to implement BASIC authenticacion. On server side I'have se security constraint on the Tomcat level, it works fine. I have tried it via WWW browser http://user:[EMAIL PROTECTED] But I'm not able to write client with BASIC authentication. Example from documentation does not work because org.apache.axis2.transport.http.HTTPConstants.BASIC_AUTHENTICATE constant simply does not exist. (...) I have tried to replace the constant by HttpTransportProperties.Authenticator.BASIC but it does not work. I configure the Options object as follows in my own ServiceClient-based client implementation (also using Axis2 1.1.1, but on OC4J, not Tomcat): //(...) Authenticator authenticator = new Authenticator(); ListString auth = new ArrayListString(); auth.add(Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(username); authenticator.setPassword(password); options.setProperty(HTTPConstants.AUTHENTICATE, authenticator); //(...) Thanks guys, it solves the problem. Your code snippet with Jarek's modification works. Here is my code snippet: ... //set authentication param Options opt = stub._getServiceClient().getOptions(); Authenticator authenticator = new Authenticator(); ListString auth = new ArrayListString(); auth.add(Authenticator.BASIC); authenticator.setAuthSchemes(auth); authenticator.setUsername(user); authenticator.setPassword(pass); authenticator.setPreemptiveAuthentication(true); opt.setProperty(HTTPConstants.AUTHENTICATE, authenticator); ... Regards Karel Belunek - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
