Hello:) I have a web service written on Java, running on Apache 7 using CXF and I want the service to be able to read the information from the SOAP Header. Also I want the user to be able to put his username and password in the SOAP Header. I've read a lot of posts and stuff but i just don't have a clue from where to begin. I would be very pleased if you help me :)
Related
I need to access the SOAP web service methods via ColdFusion CFHTTP. I can able to access the SOAP web service method. But, It's asking Wsse security header. I need to pass the wsse security header in the SOAP request. So, I searched with Google and found there are two types of security one is basic authentication and another one is binarysecuritytoken.
I need to use binarysecuritytoken. http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-x509TokenProfile-v1.1.1-os.html
But, I'm not sure how to do that in ColdFusion.
Could you please help me to complete this?
Thanks in advance.
While using Inno Setup to create an installer a need as arisen to verify a user's credentials during the installation process. The application has been out in production for a while and the only need to move to an installer is due to support for NPAPI within web browsers being deprecated. There is already a way that the application verifies a user's credentials before launching the application that I'm trying to take advantage of, which is through a SOAP request. The verification process is just not making sure the user is authorized but also assigning them a token that prevents their information from having to be sent multiple times during the running of the application.
My question, is there a way to make the SOAP request to verify a user's credentials through during the installation process? If so, how would this be accomplished?
SOAP is just an XML over HTTP.
So you can use the WinHttpRequest class:
WinHttpReq := CreateOleObject('WinHttp.WinHttpRequest.5.1');
WinHttpReq.Open('GET', 'http://soapserver.example.com/', False);
WinHttpReq.SetRequestHeader('Content-Type', 'application/soap+xml;charset=UTF-8');
WinHttpReq.SetRequestHeader('SOAPAction', '...');
WinHttpReq.Send('<data/>');
{ WinHttpReq.ResponseText will hold the SOAP response }
See also HTTP POST request in Inno Setup Script.
To parse the SOAP response, you can use the Msxml2.DOMDocument class:
How to read and write XML document node values?
I have a web-service which is used to create entries in the Database hosted by GoDaddy and the web-service are written in .net and this web-service or url will be only used in the Mobile Platforms like IOS and Android.
Now I have few questions?
1>How can I secure my URL(web-service) and its content from getting exposed?
Currently I have used post method so that I can hide the parameters but still I fear the URL might be hacked so please suggest a way to secure.
2>Regarding the contents I want to encrypt the data and send to server and in server side it will be decrypted .
Now please suggest me an algorithm or code which can be used across platform like IOS,Android , .Net
Thanks and Regards,
Anil
Use HTTPS
Use login/password auth (no access at all without login and
password)
Hey there code warriors and stack exchangers.
I have been trying in vain to set credentials for a web service. I wrote the webservice in Websphere (java ee) and it requires a username and password in the header for any of the services to be called. I can run it fine in SOAP UI, but I need to be able to hit it from a .net web client.
So far I have tried setting the credentials like so...
dlc.ClientCredentials.UserName.UserName = "idiotCreds";
dlc.ClientCredentials.UserName.Password = "someWhackyPWD";
And so far I have just recieved this exception
security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6500E: There is no caller identity candidate that can be used to login. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1#42304230
Which I am guessing is telling me that there are no credentials being set...
Even though I set the client credentials. Do I need to create and add a soap header manually here? I thought that was supposed to be handled by that client object? Any ideas fellas? Thanks
The question and answer in this SO thread will provide those who seek answers with the solutions they need.
https://stackoverflow.com/a/12159837/729820
I have a webservice implemented in grails to deal with POSTs from a GWT client. If the user logges in he also could access as well the webservice without GWT just over the browser.
My question is now how can I secure it in a way that its not possible to spam my webservice with e.g. 1000 new entries just by stress my webservice with a specific posts(maybe over a loop) when logged in?
Same is also for Android clients or if I grant other developers to my webservice and they could POST thousands of data into my webservice.
Is there already a mechanism I can use?
Thanks for your help
Users of this REST api need to be tied to an API key. A cryptographic nonce is usually the tool of choice. In order to be issued this key the user should be required to solve a captcha. Each API key should be limited to a specific number of requests. If the user is sending to many requests, then you should prompt them with a captcha (Which could be an error response to a REST request).
But in order to enforce this rule then you have to keep server-side state on each client, and there for this would not be RESTful. In short, what you are asking is not simply possible with REST.