-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Lothar,
Thank you for bringing "Http Basic Authentication" to Axis2's attention.
We've added Preemptive Basic Authentication schema to Axis2 codebase via
HttpClient.
For ex:
/////////////////////////////////////////////////////////////////
Options options = new Options();
options.setTo(targetEPR);
HttpTransportProperties.BasicAuthentication
basicAuthentication = new HttpTransportProperties().new
BasicAuthentication();
basicAuthentication.setUsername("username");
basicAuthentication.setPassword("password");
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.BASIC_AUTHENTICATION,basicAuthentication);
//Blocking invocation
ServiceClient sender = new ServiceClient();
sender.setOptions(options);
OMElement result = sender.sendReceive(payload);
//////////////////////////////////////////////////////////////
In addition to you can set server credentials such as port, host and
realm as well.
So if you monitor the messages with basic authentication through tcp
monitor you will able to see the {Authorization: Basic SOME_HEX_CODE}
http header.
Unfortunately the SVN has been down for two days and i could not be able
to commit the code. Thus, I've attached a diff here for you attention
and apply it to your code base for make the scenario work. I will commit
the code and updated the docs as soon as the SVN is up. Please play with
it and let we know the results. Apply the patch at
{axis2.home}/modules/core/src/org/apache/axis2/transport.
Thank you
Saminda
Saminda Abeyruwan wrote:
>
> Saminda Abeyruwan wrote:
>
>>>Lothar Nieswandt wrote:
>>>
>>>
>>>>>Hello all,
>>>>>
>>>>>I am trying to write a *simple* web service client with axis2. The server
>>>>>side requires http basic authentication. I can't find out how this is done
>>>>>*easily* with axis2. Somebody on the list advised to do
>>>>>
>>>>>call.setProperty(Call.USERNAME_PROPERTY, "user");
>>>>>call.setProperty(Call.PASSWORD_PROPERTY, "pass");
>>>>>
>>>>>but this seems to be deprecated. What is the proper way of doing this?
>>>>>
>>>>>I took a look at the security example and read something about password
>>>>>callbacks but that seemed too complicated.
>>>>>
>>>>>Any hints?
>>>>>
>>>>>Thanks in advance,
>>>>>Lothar
>>>>>
>>>
>>>
>>>Hi Lothar,
>>>
>>>Axis2 does transport level basic authentication as follows.
>>>///// code snipet
>>>
>>>OMElement payload = TestingUtils.createDummyOMElement();
>>> /**
>>> * Proxy setting in runtime
>>> */
>>> HttpTransportProperties.ProxyProperties proxyproperties = new
>>> HttpTransportProperties().new ProxyProperties();
>>> proxyproperties.setProxyName("localhost");
>>> proxyproperties.setProxyPort(5555);
>>> proxyproperties.setDomain("domain");
>>> proxyproperties.setPassWord("password");
>>> proxyproperties.setUserName("userName");
>>>
>>> Options options = new Options();
>>> options.setProperty(HTTPConstants.PROXY, proxyproperties);
>>> options.setTo(targetEPR);
>>> options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
>>> ConfigurationContext configContext =
>>>
>>>ConfigurationContextFactory.createConfigurationContextFromFileSystem(
>>> null, null);
>>> ServiceClient sender = new ServiceClient(configContext, null);
>>> sender.setOptions(options);
>>>
>>> OMElement result = sender.sendReceive(payload);
>>>
>>> TestingUtils.campareWithCreatedOMElement(result);
>>>
>>>For more information please see the test case,
>>>http://svn.apache.org/viewcvs.cgi/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/engine/EchoRawRuntimeProxyTest.java?view=markup
>>>
>>>documentation,
>>>http://ws.apache.org/axis2/1_0/http-transport.html
>>>
>>>Thank you
>>>
>>>Saminda
>>>
>>>
>
>
> Hi Lothar,
>
> Sorry for misinterpretation. In Axis2 1.0 we do proxy authentication.
> For http server authentication we'll have to do a little fix.
> I'll attend to this asap.
>
> Saminda
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEZDgZYmklbLuW6wYRAnxcAKDBfjAK6xW2QPNoNM6InL0fp6YfBACeKgi2
X2SigV+b2q9yljBGXUkoOLU=
=1X+T
-----END PGP SIGNATURE-----
Index: http/AbstractHTTPSender.java
===================================================================
--- http/AbstractHTTPSender.java (revision 405764)
+++ http/AbstractHTTPSender.java (working copy)
@@ -270,6 +270,8 @@
URL targetURL)
throws AxisFault {
boolean isHostProxy = isProxyListed(msgCtx); // list the proxy
+
+ boolean basicAuthenticationEnabled = serverBasicPreemtiveAuthentication(msgCtx); // server authentication
int port = targetURL.getPort();
if (port == -1) {
@@ -279,8 +281,11 @@
// to see the host is a proxy and in the proxy list - available in axis2.xml
HostConfiguration config = new HostConfiguration();
- if (!isHostProxy) {
+ if (!isHostProxy && !basicAuthenticationEnabled) {
config.setHost(targetURL.getHost(), port, targetURL.getProtocol());
+ }else if(basicAuthenticationEnabled){
+ // premtive authentication
+ this.configServerPreemtiveAuthenticaiton(client,msgCtx,config,targetURL);
} else {
// proxy and NTLM configuration
@@ -291,6 +296,42 @@
return config;
}
+ private void configServerPreemtiveAuthenticaiton(HttpClient agent,
+ MessageContext msgCtx,
+ HostConfiguration config,
+ URL targetURL) {
+ config.setHost(targetURL.getHost(), targetURL.getPort(),
+ targetURL.getProtocol());
+
+ agent.getParams().setAuthenticationPreemptive(true);
+
+ HttpTransportProperties.BasicAuthentication basicAuthentication =
+ (HttpTransportProperties.BasicAuthentication) msgCtx
+ .getProperty(HTTPConstants.BASIC_AUTHENTICATION);
+ Credentials defaultCredentials = new UsernamePasswordCredentials(
+ basicAuthentication.getUsername(),
+ basicAuthentication.getPassword());
+ if (basicAuthentication.getPort() == -1 ||
+ basicAuthentication.getHost() == null) {
+ agent.getState().setCredentials(AuthScope.ANY, defaultCredentials);
+ } else {
+ if (basicAuthentication.getRealm() == null) {
+ agent.getState().setCredentials(new AuthScope(
+ basicAuthentication.getHost(),
+ basicAuthentication.getPort(),
+ AuthScope.ANY_REALM), defaultCredentials);
+
+ } else {
+ agent.getState().setCredentials(new AuthScope(
+ basicAuthentication.getHost(),
+ basicAuthentication.getPort(),
+ basicAuthentication.getRealm()), defaultCredentials);
+ }
+ }
+
+
+ }
+
/**
* This is used to get the dynamically set time out values from the
* message context. If the values are not available or invalid then
@@ -323,6 +364,14 @@
}
}
+ //Server Preemptive Authentication RUNTIME
+
+ private boolean serverBasicPreemtiveAuthentication(MessageContext msgContext) {
+
+ return msgContext.getProperty(HTTPConstants.BASIC_AUTHENTICATION) !=
+ null;
+ }
+
private boolean isProxyListed(MessageContext msgCtx) throws AxisFault {
boolean returnValue = false;
Parameter par = null;
Index: http/HttpTransportProperties.java
===================================================================
--- http/HttpTransportProperties.java (revision 405764)
+++ http/HttpTransportProperties.java (working copy)
@@ -115,4 +115,51 @@
this.userName = userName;
}
}
+ public class BasicAuthentication{
+ private String host;
+ private int port = -1;
+ private String realm;
+ private String username;
+ private String password;
+
+ public String getHost() {
+ return host;
+ }
+
+ public void setHost(String host) {
+ this.host = host;
+ }
+
+ public int getPort() {
+ return port;
+ }
+
+ public void setPort(int port) {
+ this.port = port;
+ }
+
+ public String getRealm() {
+ return realm;
+ }
+
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public void setPassword(String password) {
+ this.password = password;
+ }
+ }
}
Index: http/HTTPConstants.java
===================================================================
--- http/HTTPConstants.java (revision 405764)
+++ http/HTTPConstants.java (working copy)
@@ -370,6 +370,7 @@
*/
public static final byte SENDER[] = "400".getBytes();
public static final String PROXY = "PROXY";
+ public static final String BASIC_AUTHENTICATION = "_BASIC_AUTHENTICATION_";
public static final String MTOM_RECEIVED_CONTENT_TYPE = "MTOM_RECEIVED";
/**
