11 Replies Latest reply on Feb 27, 2012 12:08 PM by simplex-software

Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 21, 2012 8:08 AM

Greetings,

I have the following service described in the jboss-esb.xml file:

<?xml version="1.0"?>

<jbossesb parameterReloadSecs="5" xmlns="http://anonsvn.labs.jboss.com/labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.3.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://anonsvn.labs.jboss.com/labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.3.0.xsd http://anonsvn.jboss.org/repos/labs/labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.3.0.xsd">

<http-gateway name="Proxy_Basic-GwListener"/>

</listeners>

</action>

</action>

</action>

</actions>

</service>

</services>

</jbossesb>

The following is my client code.

package fr.simplex_software.soa.tests;

import org.apache.http.*;

import org.apache.http.auth.*;

import org.apache.http.client.methods.*;

import org.apache.http.entity.*;

import org.apache.http.impl.client.*;

import org.apache.http.util.*;

public class HttpClientAuthentication

{

public static void main(String[] args) throws Exception

{

DefaultHttpClient httpclient = new DefaultHttpClient();

try

{

httpclient.getCredentialsProvider().setCredentials(new AuthScope("sv102024.ovam.be", 8000, "SAP Web Application Server [DEV]"),

new UsernamePasswordCredentials("extcapdev01", "sebadew1"));

//String url = "http://sv102024.ovam.be:8000/sap/bc/srt/rfc/sap/ztestgetdatasap/062/ztestgetdatasap/ztestgetdatasap";

String url = "http://localhost:8080/wsproxy-basic/http/Proxy_Basic/Proxy";

HttpPost method = new HttpPost(url);

method.setHeader("Content-Type", "text/xml;charset=UTF-8");

method.setHeader("SOAPAction", "\"\"");

String request = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:sap-com:document:sap:soap:functions:mc-style\">" + "<soapenv:Header/>"

+ "<soapenv:Body>" + "<urn:ZGetBsegData/>" + "</soapenv:Body>" + "</soapenv:Envelope>";

System.out.println("**** REQUEST BODY: " + request);

method.setEntity(new StringEntity(request));

System.out.println("executing request" + method.getRequestLine());

HttpResponse response = httpclient.execute(method);

HttpEntity entity = response.getEntity();

System.out.println("----------------------------------------");

System.out.println(response.getStatusLine());

if (entity != null)

{

System.out.println("Response content length: " + entity.getContentLength());

}

EntityUtils.consume(entity);

}

finally

{

httpclient.getConnectionManager().shutdown();

}

Running the client, sends the SOAP paylod to the ESB web service proxy who, in turn, sends it to the original web service. But the authentication fails (HTTP 401). Modifying the client such that to send the paylod directly to the web service, without passing any more through the proxy, works properly and the authentication suceeds. In the same way, using a soapUI client (not the ESB service but the GUI) to send the message to the ESB proxy, works properly and the authentication suceeds.

Many thanks in advance for any help.

Kind regards,

Nicolas

wsproxy-basic.esb.zip 6.4 KB

1. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 15, 2012 12:07 PM (in response to simplex-software)

I need to provide more explanations. I'm using soapUI application (not the JBoss ESB service) to send a SOAP message to the ESB web service proxy described in the jboss-esb.xml file attached previously. This proxy is proxying a web service deployed on SAP NetWeaver. As it seems that SAP Netweaver doesn't make visible the WSDLs associated to the deployed web services, I needed to ask a SAP gui to generate the WSDL, to give it to me and refer it it via the classpath, insted of using the WSDL URL (cause it seems there is not a WSDL URL in SAP NetWeaver).

Once the ESB web service proxy is deployed on the application server, I'm creating a soapUI project based on the URL of the JBoss ESB web service proxy. In this project, the soapUI tool creates a sample of SOAP message, based on the definition of the WSDL. Running the project will send the SOAP message to the ESB web service proxy which, in turn, will send it to the SAP web service, which will respond with HTTP 401, indicating an authentication problem. The server log files says, besides other,

17:45:21,110 INFO [AuthChallengeProcessor] basic authentication scheme selected
17:45:21,110 INFO [HttpMethodDirector] No credentials available for BASIC 'SAP Web Application Server [DEV]'@sv102024.ovam.be:8000
17:45:21,110 WARN [HttpRouter] Received status code '401' on HTTP org.apache.commons.httpclient.methods.PostMethod@16c999e8 request to 'http://sv102024.ovam.be:8000/sap/bc/srt/rfc/sap/ztestgetdatasap/062/ztestgetdatasap/ztestgetdatasap'.

The HTTP log shows the following:

Wed Feb 15 17:45:20 CET 2012:DEBUG:>> "POST /wsproxy-basic/http/Proxy_Basic/Proxy HTTP/1.1[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "SOAPAction: ""[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "Host: localhost:8080[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "Content-Length: 241[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">[\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "   <soapenv:Header/>[\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "   <soapenv:Body>[\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "      <urn:ZGetBsegData/>[\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "   </soapenv:Body>[\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:>> "</soapenv:Envelope>"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "Server: Apache-Coyote/1.1[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "asyncServiceInvoke: false[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "sap-system: DEV[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "www-authenticate: Basic realm="SAP Web Application Server [DEV]"[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "sap-client: 025[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "Content-Type: text/html;charset=utf-8[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "Content-Length: 2015[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "Date: Wed, 15 Feb 2012 16:45:21 GMT[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "[\r][\n]"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "<html><head><title>Logon Error Message</title><META http-equiv="Content-Type" content="text/html;charset=UTF-8"><style type="text/css">body { font-family:tahoma,helvetica,sans-serif;color:#333333;background-color:#FFFFFF; }td { font-family:tahoma,helvetica,sans-serif;font-size:70%;color:#333333; }h1 { font-family:tahoma,helvetica,sans-serif;font-size:160%;font-weight:bold;margin-top:15px;margin-bottom:3px;color:#003366; }h2 { font-family:verdana,helvetica,sans-serif;font-size:120%;font-style:italic;font-weight:bold;margin-top:6px;margin-bottom:6px;color:#999900; }p { font-family:tahoma,helvetica,sans-serif;color:#333333;margin-top:4px;margin-bottom:4px; }ul { font-family:tahoma,helvetica,sans-serif;color:#333333;list-style-type:square;margin-top:8px;margin-bottom:8px; }li { font-family:tahoma,helvetica,sans-serif;color:#33333;margin-top:4px; }.emphasize { color:#333333;background-color:#C8E3FF;padding:5px;}.note { color:#CC6600; }a { font-family:tahoma,helvetica,sans-serif;text-decorat"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "ion:underline;color:#336699; }a:visited { color:#001166; }a:hover { text-decoration:none; }</style></head><body><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><h1>Anmeldung fehlgeschlagen</h1><br><h2>Was ist passiert ?</h2><p>Der Aufruf der URL http://sv102024.ovam.be:8000/sap/bc/srt/rfc/sap/ztestgetdatasap/062/ztestgetdatasap/ztestgetdatasap wurde aufgrund fehlerhafter Anmeldedaten abgebrochen.</p></td></tr><tr><td> </td></tr><tr><td class="emphasize"><strong>Hinweis</strong><br>Die Anmeldung wurde im System DEV ausgef[0xc3][0xbc]hrt. Hierbei wurden keine Anmeldedaten bereitgestellt.</td></tr><tr><td> </td></tr><tr><td><p> </p><h2>Was k[0xc3][0xb6]nnen Sie tun ?</h2><ul><li> Falls Sie noch [0xc3][0xbc]ber keine Benutzerkennung verf[0xc3][0xbc]gen, so wenden Sie sich an Ihren Systemadministrator. </li></ul></br><p class="note">Fehlercode: ICF-LE-http-c:062-l:-T:2-C:5-U:-P:-L:6</p></br><p> HTTP 401 - Unauthorized</br><p> Ihr SAP Internet Communication Framework Team</p></td></tr></table"
Wed Feb 15 17:45:21 CET 2012:DEBUG:<< "></body></html>"

However, the deployed esb file contains the credentials in the properties file, as shown in the previous comment.

But in the soapUI tool, there is an authentication tab which allows the user to specify the username, the password and the domain for the HTTP basic authentication. I'm using it to define the same credentials as defined in the properties file and, now, doing the same test, works properly. The HTTP log says:

Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "POST /wsproxy-basic/http/Proxy_Basic/Proxy HTTP/1.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "SOAPAction: ""[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Host: localhost:8080[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Content-Length: 241[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   <soapenv:Header/>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   <soapenv:Body>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "      <urn:ZGetBsegData/>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   </soapenv:Body>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "</soapenv:Envelope>"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "HTTP/1.1 401 Unauthorized[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "Server: Apache-Coyote/1.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "asyncServiceInvoke: false[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "sap-system: DEV[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "www-authenticate: Basic realm="SAP Web Application Server [DEV]"[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "sap-client: 025[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "Content-Type: text/html;charset=utf-8[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "Content-Length: 2015[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "Date: Wed, 15 Feb 2012 17:03:38 GMT[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "<html><head><title>Logon Error Message</title><META http-equiv="Content-Type" content="text/html;charset=UTF-8"><style type="text/css">body { font-family:tahoma,helvetica,sans-serif;color:#333333;background-color:#FFFFFF; }td { font-family:tahoma,helvetica,sans-serif;font-size:70%;color:#333333; }h1 { font-family:tahoma,helvetica,sans-serif;font-size:160%;font-weight:bold;margin-top:15px;margin-bottom:3px;color:#003366; }h2 { font-family:verdana,helvetica,sans-serif;font-size:120%;font-style:italic;font-weight:bold;margin-top:6px;margin-bottom:6px;color:#999900; }p { font-family:tahoma,helvetica,sans-serif;color:#333333;margin-top:4px;margin-bottom:4px; }ul { font-family:tahoma,helvetica,sans-serif;color:#333333;list-style-type:square;margin-top:8px;margin-bottom:8px; }li { font-family:tahoma,helvetica,sans-serif;color:#33333;margin-top:4px; }.emphasize { color:#333333;background-color:#C8E3FF;padding:5px;}.note { color:#CC6600; }a { font-family:tahoma,helvetica,sans-serif;text-decoration:underline;color:#336"
Wed Feb 15 18:03:38 CET 2012:DEBUG:<< "699; }a:visited { color:#001166; }a:hover { text-decoration:none; }</style></head><body><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><h1>Anmeldung fehlgeschlagen</h1><br><h2>Was ist passiert ?</h2><p>Der Aufruf der URL http://sv102024.ovam.be:8000/sap/bc/srt/rfc/sap/ztestgetdatasap/062/ztestgetdatasap/ztestgetdatasap wurde aufgrund fehlerhafter Anmeldedaten abgebrochen.</p></td></tr><tr><td> </td></tr><tr><td class="emphasize"><strong>Hinweis</strong><br>Die Anmeldung wurde im System DEV ausgef[0xc3][0xbc]hrt. Hierbei wurden keine Anmeldedaten bereitgestellt.</td></tr><tr><td> </td></tr><tr><td><p> </p><h2>Was k[0xc3][0xb6]nnen Sie tun ?</h2><ul><li> Falls Sie noch [0xc3][0xbc]ber keine Benutzerkennung verf[0xc3][0xbc]gen, so wenden Sie sich an Ihren Systemadministrator. </li></ul></br><p class="note">Fehlercode: ICF-LE-http-c:062-l:-T:2-C:5-U:-P:-L:6</p></br><p> HTTP 401 - Unauthorized</br><p> Ihr SAP Internet Communication Framework Team</p></td></tr></table></body></html>"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "POST /wsproxy-basic/http/Proxy_Basic/Proxy HTTP/1.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "SOAPAction: ""[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Content-Length: 241[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Authorization: Basic ZXh0Y2FwZGV2MDE6c2ViYWRldzE=[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "Host: localhost:8080[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "[\r][\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   <soapenv:Header/>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   <soapenv:Body>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "      <urn:ZGetBsegData/>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "   </soapenv:Body>[\n]"
Wed Feb 15 18:03:38 CET 2012:DEBUG:>> "</soapenv:Envelope>"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "HTTP/1.1 200 OK[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "HTTP/1.1 200 OK[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "Server: Apache-Coyote/1.1[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "asyncServiceInvoke: false[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "accept: text/xml[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "sap-srt_id: 20120215/180208/v1.00_final_6.40/4F3B63215A070050E10080000A010218[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "sap-srt_server_info: DEV_062,36 ,urn:sap-com:document:sap:soap:functions:mc-style,ZTestGetDataSAP,ZGetBsegData,1[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "Content-Type: text/xml;charset=utf-8[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "Content-Length: 5933[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "Date: Wed, 15 Feb 2012 17:03:38 GMT[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "[\r][\n]"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header></soap-env:Header><soap-env:Body><n0:ZGetBsegDataResponse xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style"><EtBseg><item><Mandt>062</Mandt><Bukrs>OVAM</Bukrs><Belnr>0100000001</Belnr><Gjahr>1999</Gjahr><Buzei>001</Buzei><Buzid></Buzid><Augdt>1999-02-03</Augdt><Augcp>1999-02-03</Augcp><Augbl>2000000055</Augbl><Bschl>31</Bschl><Koart>K</Koart><Umskz></Umskz><Umsks></Umsks><Zumsk></Zumsk><Shkzg>H</Shkzg><Gsber></Gsber><Pargb></Pargb><Mwskz></Mwskz><Qsskz></Qsskz><Dmbtr>2174.65</Dmbtr><Wrbtr>877.25</Wrbtr><Kzbtr>0.0</Kzbtr><Pswbt>877.25</Pswbt><Pswsl>BEF</Pswsl><Txbhw>0.0</Txbhw><Txbfw>0.0</Txbfw><Mwsts>0.0</Mwsts><Wmwst>0.0</Wmwst><Hwbas>0.0</Hwbas><Fwbas>0.0</Fwbas><Hwzuz>0.0</Hwzuz><Fwzuz>0.0</Fwzuz><Shzuz></Shzuz><Stekz></Stekz><Mwart></Mwart><Txgrp>000</Txgrp><Ktosl></Ktosl><Qsshb>0.0</Qsshb><Kursr>0.0</Kursr><Gbetr>0.0</Gbetr><Bdiff>0.0</Bdiff><Bdif2>0.0</Bdif2><Valut>0000-00-00<"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "/Valut><Zuonr></Zuonr><Sgtxt></Sgtxt><Zinkz></Zinkz><Vbund></Vbund><Bewar></Bewar><Altkt></Altkt><Vorgn>RFBU</Vorgn><Fdlev></Fdlev><Fdgrp></Fdgrp><Fdwbt>0.0</Fdwbt><Fdtag>0000-00-00</Fdtag><Fkont>000</Fkont><Kokrs>OVAM</Kokrs><Kostl></Kostl><Projn></Projn><Aufnr></Aufnr><Vbeln></Vbeln><Vbel2></Vbel2><Posn2>000000</Posn2><Eten2>0000</Eten2><Anln1></Anln1><Anln2></Anln2><Anbwa></Anbwa><Bzdat>0000-00-00</Bzdat><Pernr>00000000</Pernr><Xumsw>X</Xumsw><Xhres>X</Xhres><Xkres>X</Xkres><Xopvw>X</Xopvw><Xcpdd></Xcpdd><Xskst></Xskst><Xsauf></Xsauf><Xspro></Xspro><Xserg></Xserg><Xfakt></Xfakt><Xuman></Xuman><Xanet></Xanet><Xskrl></Xskrl><Xinve></Xinve><Xpanz></Xpanz><Xauto></Xauto><Xncop></Xncop><Xzahl></Xzahl><Saknr>0000440000</Saknr><Hkont>0000440000</Hkont><Kunnr></Kunnr><Lifnr>1100000460</Lifnr><Filkd></Filkd><Xbilk>X</Xbilk><Gvtyp></Gvtyp><Hzuon>1100000460</Hzuon><Zfbdt>1998-11-30</Zfbdt><Zterm>OA01</Zterm><Zbd1t>30</Zbd1t><Zbd2t>0</Zbd2t><Zbd3t>0</Zbd3t><Zbd1p>0.0</Zbd1p><Zbd2p>0.0</Zbd2p><S"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "kfbt>877.25</Skfbt><Sknto>0.0</Sknto><Wskto>0.0</Wskto><Zlsch>A</Zlsch><Zlspr></Zlspr><Zbfix></Zbfix><Hbkid></Hbkid><Bvtyp></Bvtyp><Nebtr>0.0</Nebtr><Mwsk1></Mwsk1><Dmbt1>0.0</Dmbt1><Wrbt1>0.0</Wrbt1><Mwsk2></Mwsk2><Dmbt2>0.0</Dmbt2><Wrbt2>0.0</Wrbt2><Mwsk3></Mwsk3><Dmbt3>0.0</Dmbt3><Wrbt3>0.0</Wrbt3><Rebzg></Rebzg><Rebzj>0000</Rebzj><Rebzz>000</Rebzz><Rebzt></Rebzt><Zollt></Zollt><Zolld>0000-00-00</Zolld><Lzbkz></Lzbkz><Landl></Landl><Diekz></Diekz><Samnr>00000000</Samnr><Abper>000000</Abper><Vrskz></Vrskz><Vrsdt>0000-00-00</Vrsdt><Disbn></Disbn><Disbj>0000</Disbj><Disbz>000</Disbz><Wverw></Wverw><Anfbn></Anfbn><Anfbj>0000</Anfbj><Anfbu></Anfbu><Anfae>0000-00-00</Anfae><Blnbt>0.0</Blnbt><Blnkz></Blnkz><Blnpz>0.0</Blnpz><Mschl></Mschl><Mansp></Mansp><Madat>0000-00-00</Madat><Manst>0</Manst><Maber></Maber><Esrnr></Esrnr><Esrre></Esrre><Esrpz></Esrpz><Klibt>0.0</Klibt><Qsznr></Qsznr><Qbshb>0.0</Qbshb><Qsfbt>0.0</Qsfbt><Navhw>0.0</Navhw><Navfw>0.0</Navfw><Matnr></Matnr><Werks></Werks><Men"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "ge>0.0</Menge><Meins></Meins><Erfmg>0.0</Erfmg><Erfme></Erfme><Bpmng>0.0</Bpmng><Bprme></Bprme><Ebeln></Ebeln><Ebelp>00000</Ebelp><Zekkn>00</Zekkn><Elikz></Elikz><Vprsv></Vprsv><Peinh>0</Peinh><Bwkey></Bwkey><Bwtar></Bwtar><Bustw></Bustw><Rewrt>0.0</Rewrt><Rewwr>0.0</Rewwr><Bonfb>0.0</Bonfb><Bualt>0.0</Bualt><Psalt></Psalt><Nprei>0.0</Nprei><Tbtkz></Tbtkz><Spgrp></Spgrp><Spgrm></Spgrm><Spgrt></Spgrt><Spgrg></Spgrg><Spgrv></Spgrv><Spgrq></Spgrq><Stceg></Stceg><Egbld></Egbld><Eglld></Eglld><Rstgr></Rstgr><Ryacq></Ryacq><Rpacq>000</Rpacq><Rdiff>0.0</Rdiff><Rdif2>0.0</Rdif2><Prctr></Prctr><Xhkom></Xhkom><Vname></Vname><Recid></Recid><Egrup></Egrup><Vptnr></Vptnr><Vertt></Vertt><Vertn></Vertn><Vbewa></Vbewa><Depot></Depot><Txjcd></Txjcd><Imkey></Imkey><Dabrz>0000-00-00</Dabrz><Popts>0.0</Popts><Fipos>LEVERANC</Fipos><Kstrg></Kstrg><Nplnr></Nplnr><Aufpl>0000000000</Aufpl><Aplzl>00000000</Aplzl><Projk>00000000</Projk><Paobjnr>0000000000</Paobjnr><Pasubnr>0000</Pasubnr><Spgrs></Spgrs><Spgrc></"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "Spgrc><Btype></Btype><Etype></Etype><Xegdr></Xegdr><Lnran>00000</Lnran><Hrkft></Hrkft><Dmbe2>0.0</Dmbe2><Dmbe3>0.0</Dmbe3><Dmb21>0.0</Dmb21><Dmb22>0.0</Dmb22><Dmb23>0.0</Dmb23><Dmb31>0.0</Dmb31><Dmb32>0.0</Dmb32><Dmb33>0.0</Dmb33><Mwst2>0.0</Mwst2><Mwst3>0.0</Mwst3><Navh2>0.0</Navh2><Navh3>0.0</Navh3><Sknt2>0.0</Sknt2><Sknt3>0.0</Sknt3><Bdif3>0.0</Bdif3><Rdif3>0.0</Rdif3><Hwmet></Hwmet><Glupm></Glupm><Xragl></Xragl><Uzawe></Uzawe><Lokkt></Lokkt><Fistl>OVAM</Fistl><Geber>BEGROTING</Geber><Stbuk></Stbuk><Txbh2>0.0</Txbh2><Txbh3>0.0</Txbh3><Pprct></Pprct><Xref1></Xref1><Xref2></Xref2><Kblnr></Kblnr><Kblpos>000</Kblpos><Sttax>0.0</Sttax><Fkber></Fkber><Obzei>000</Obzei><Xnegp></Xnegp><Rfzei>000</Rfzei><Ccbtc></Ccbtc><Kkber></Kkber><Empfb></Empfb><Xref3></Xref3><Dtws1>00</Dtws1><Dtws2>00</Dtws2><Dtws3>00</Dtws3><Dtws4>00</Dtws4><Gricd></Gricd><Grirg></Grirg><Gityp></Gityp><Xpypr></Xpypr><Kidno></Kidno><Absbt>0.0</Absbt><Idxsp></Idxsp><Linfv>0000-00-00</Linfv><Kontt></Kontt><Kontl></Kontl><T"
Wed Feb 15 18:03:39 CET 2012:DEBUG:<< "xdat>0000-00-00</Txdat><Agzei>0</Agzei><Pycur></Pycur><Pyamt>0.0</Pyamt><Bupla></Bupla><Secco></Secco><Lstar></Lstar><CessionKz></CessionKz><Prznr></Prznr><Ppdiff>0.0</Ppdiff><Ppdif2>0.0</Ppdif2><Ppdif3>0.0</Ppdif3><Penlc1>0.0</Penlc1><Penlc2>0.0</Penlc2><Penlc3>0.0</Penlc3><Penfc>0.0</Penfc><Pendays>0</Pendays><Penrc></Penrc><GrantNbr></GrantNbr><Sctax>0.0</Sctax><FkberLong></FkberLong><Gmvkz></Gmvkz><Srtype></Srtype><Intreno></Intreno><Measure></Measure><Auggj>0000</Auggj><PpaExInd></PpaExInd><Docln></Docln><Segment></Segment><Psegment></Psegment><Pfkber></Pfkber><Hktid></Hktid><Kstar></Kstar><Xlgclr></Xlgclr><ReBukrs></ReBukrs><ReAccount></ReAccount><Pgeber></Pgeber><PgrantNbr></PgrantNbr><BudgetPd></BudgetPd><PbudgetPd></PbudgetPd><PeropBeg>0000-00-00</PeropBeg><PeropEnd>0000-00-00</PeropEnd><Fastpay></Fastpay><Prodper>0000-00-00</Prodper></item></EtBseg></n0:ZGetBsegDataResponse></soap-env:Body></soap-env:Envelope>"

For me this test means that the ESB web service proxy doen't work as the credentials defined in the property file aren't used. Please help me to figure out what happens exactly.

Many thanks in advance,

Nicolas
Actions
2. Re: Web service proxy using basic HTTP authentication return HTTP 401

mageshbk Feb 16, 2012 1:16 AM (in response to simplex-software)

Which version of JBoss ESB are you using? This is covered in detail in this book

http://www.amazon.com/JBoss-ESB-Beginners-Guide-DiMaggio/dp/1849516588

Chapter 8 - SOAPProxy security pass through
Actions
3. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 16, 2012 3:27 AM (in response to mageshbk)

I've read the book thank you, I'm looking for a solution if you have one. SOA-P 5.2
Actions
4. Re: Web service proxy using basic HTTP authentication return HTTP 401

mageshbk Feb 16, 2012 7:14 AM (in response to simplex-software)

Could you disable clientCredentialsRequired and add a http properties file with the authentication information? Do you see any difference in the output? Can you attach the log in this case?
Actions
5. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 17, 2012 7:29 AM (in response to mageshbk)

The parameter clientCredentialRequired doesn't seem to change anything. You can enable/disable it, you can do what ever you want, at any moment it's content is not taken as credentials for the basic HTTP authentication. The quick-start sample (wsproxy-security), while it includes a property file with credentials, has clientCredentialRequired=true. If this sample is correct, and it should be as it aims at demonstrating things, then it means that, in order to use the property file, one needs to have clientCredentialRequired=true. However, the documentation says the opposite, accordingly itś difficult to understand anything. But, in the same time, the mentioned sample is using HttpClient to create an Authorization header and this is the reason that the authentication works.

If you comment out the associated line in the Java client code, you receive HTTP 401 what ever you do. You can switch the clientCredentialRequired and the property file, if you don't provide the authorization header containing the username/password, nothing works.
Actions
6. Re: Web service proxy using basic HTTP authentication return HTTP 401

mageshbk Feb 18, 2012 2:52 AM (in response to simplex-software)
Hi Nicolas,

Thanks for the observation. There are two issues here. I have shown you these ideas based on the webservice_proxy_security quickstart. You should be easily able to replicate the same in your code too.
Your client does not set the AuthBASIC policy and hence the Authorization header is not provided to the ESB service. To correct this fix the HttpClient code like this:
// Comment this line //method.setRequestHeader("Authorization", "Basic " + Encoding.encodeBytes("kermit:thefrog".getBytes()) ); ... Properties httpClientProps = new Properties(); httpClientProps.setProperty(HttpClientFactory.TARGET_HOST_URL, url); //httpClientProps.setProperty("file", args[2]); HttpClient client = HttpClientFactory.createHttpClient(httpClientProps); // Comment if you want to use above file based properties - Start ArrayList authPrefs = new ArrayList(); authPrefs.add(AuthPolicy.BASIC); client.getParams().setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, authPrefs); client.getState().setCredentials(new AuthScope("localhost", 8080, null), new UsernamePasswordCredentials("kermit", "thefrog")); // Comment - End
Notice that you can set the Authorization header in 3 ways
Set the Header directly
Use HttpClient API
Use http.properties file

The clientCredentialRequired does appear to not work only in situations where the credentials required by the ESB service and the proxied service are different. The reason being that if there is already an Authorization header present, HttpClient does not receive a Authenticate challenge. This can be fixed by clearing the Authorization header as mentioned in JBESB-3022. Use the RemoveAuthHeader action.

The clientCredentialRequired should work in your case. Here are some scenarios you can test.
Before you fix your client, with this property disabled, notice that the SOAPProxy will fail.
<property name="clientCredentialsRequired" value="false"/>
Add a http.properties file with the authentication information and it should pass (because client is not sending any credentials and you need to set these).
<property name="clientCredentialsRequired" value="false"/> <property name="file" value="/META-INF/httpclient-8443.properties"/>
Now enable it and still it will fail, because the client credentials were required.
<property name="clientCredentialsRequired" value="true"/> <property name="file" value="/META-INF/httpclient-8443.properties"/>
Now fix the client code to send the header as shown above, and it should work.
With these above settings, change the JAVA client's username and password, it will fail.
Now make clientCredentialsRequired to false, (so we expect the clients Authorization header should be overriden), but it will fail due to the issue mentioned in JBESB-3022.
Actions
7. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 20, 2012 9:33 AM (in response to mageshbk)

Hi Magesh, Thanks for your time. It still doesn't work for me. I came up to the following client: ................................... String url ="http://localhost:8080/wsproxy-basic/http/Proxy_Basic/Proxy"; PostMethod method = new PostMethod(url); method.setRequestHeader("Content-Type", "text/xml;charset=UTF-8"); method.setRequestHeader("Authorization", "Basic " + Encoding.encodeBytes("extcapdev01:sebadew1".getBytes()) ); method.setRequestHeader("SOAPAction", "\"\""); String request = "" + "" + "" + "" + "" + ""; System.out.println("**** REQUEST BODY: " + request); method.setRequestEntity(new StringRequestEntity(request)); HttpClient client = new HttpClient(); InputStream response = null; String strResponse = null; try { int code = client.executeMethod(method); System.out.println("**** RESPONSE CODE: " + code); response = method.getResponseBodyAsStream(); strResponse = StreamUtils.readStreamString(response, "UTF-8"); String data = strResponse.substring(1000); System.out.println ("*** Response: " + data); } finally { method.releaseConnection(); if (response != null) { response.close(); } } } Running this client works watever the value of the clientCredentialsRequired parameter is. If I comment out the line setting the authorization header, it doesn't work any more, whatever the value of the clientCredentialsRequired parameter is. So, my point is the following: the client is calling the proxy. The proxy doesn't require any authentication. But the proxied service requires authentication. Consequently, the client doesn't know the proxied service credentials. It even doesn't know that there is a proxy. It's the proxy's job to know the credentials of the service it is proxiing. And hence, these credentials have to be provided in a property file. But whatever I do, this property file is never used.
Actions
8. Re: Web service proxy using basic HTTP authentication return HTTP 401

mageshbk Feb 20, 2012 10:14 PM (in response to simplex-software)

Could you attach the esb archive here? Please remove any sensitive information. I just need to see how you are packaging the properties file in the archive.
Actions
9. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 21, 2012 8:09 AM (in response to mageshbk)

Hi Magesh,

Yes, I've attached it, many thanks. And don't worry about the sensible stuff as nothing is sensible here.

Kind regards,

Nicolas
Actions
10. Re: Web service proxy using basic HTTP authentication return HTTP 401

mageshbk Feb 24, 2012 3:39 AM (in response to simplex-software)
But whatever I do, this property file is never used.
I just looked at your app and your http.properties file has this line commented out

#configurators=HttpProtocol,AuthBASIC

You need to uncomment (delete the # symbol) that for AuthBASIC to work. With this done you can see that the properties will be picked up from the either the file or the client's Authorization header depending on the scenarios I described earlier.
Actions
11. Re: Web service proxy using basic HTTP authentication return HTTP 401

simplex-software Feb 27, 2012 12:08 PM (in response to mageshbk)

Thanks Magesh. Kind regards, Nicolas
Actions

Go to original post