2 Replies Latest reply on Sep 14, 2006 6:27 PM by Michael Haeuptle

    SAAJ API & basic authentication (AS 4.0.4)

    Michael Haeuptle Newbie

      I secured my web service with basic authentication and I'm trying to
      use the SAAJ API to access it:

      //System.setProperty("http.basic.username", "user");
      //System.setProperty("http.basic.password", "pass");
      URL endpointUrl = new URL(endpoint);
      SOAPMessage response = connection.call(message, endpointUrl);

      Using the system property approach works but I was wondering if
      there is a better way to pass the username/password information?
      Sun's reference implementation (http://java.sun.com/webservices/docs/1.6/saaj/saaj-security.html)
      states that I should be using http://USER:PASSWORD@HOST:PORT/FILE
      but this doesn't work.

      Looking at the implementation (/webservice/src/main/org/jboss/ws/soap/SOAPConnectionImpl.java), it seems that I could pass an EndpointInfo object into the call method but this class seems to be a server class.

        • 1. Re: SAAJ API & basic authentication (AS 4.0.4)
          Thomas Diesler Master

          Have a look at the test cases for basic auth

          • 2. Re: SAAJ API & basic authentication (AS 4.0.4)
            Michael Haeuptle Newbie

            Thanks. I couldn't find the test case you are talking about
            but it is probably similar to this:

            MessageFactory messagefactory = MessageFactory.newInstance();
            SOAPMessage message = messagefactory.createMessage();

            SOAPPart soapPart = message.getSOAPPart();
            SOAPEnvelope envelope = soapPart.getEnvelope();
            SOAPBody body = envelope.getBody();

            // System.setProperty("http.basic.username", "webservice");
            // System.setProperty("http.basic.password", "webservice");

            StringBuffer buffer = new StringBuffer();
            String encoded = Base64.encodeBytes(buffer.toString().getBytes());
            String authString = "Basic " + encoded;
            message.getMimeHeaders().addHeader("Authorization", authString);