We have converted a WSDL file of a Web serivice into the salesforce apex classes. The Web Service is receiving the authentication credentials in Apache axis Stub authentication username and password format.
Below is the sample Apache axis Stub authentication username and password code.
Service service = new XYZServiceLocator();
URL endpointURL = new URL("https://urllink");
XYZServiceSoapBindingStub stub = new XYZServiceSoapBindingStub(endpointURL, service);
stub.setUsername("username");// void org.apache.axis.client.Stub.setUsername(String username)
stub.setPassword("password");// void org.apache.axis.client.Stub.setPassword(String Password)
QueryResponse qresp = stub.webServiceCall(qr);
My question is. Can we get the Apache axis Stub authentication username and password functionality in the salesforce Apex classes.
As the Apex Stub support the HTTP Headers authentication does it also support the Apache axis Stub authentication?
Below is the Salesforce Apex stub HTTP Headers authentication code
String myData = 'username:password';
Blob hash = Crypto.generateDigest('SHA1',Blob.valueOf(myData));
encodedusernameandpassword = EncodingUtil.base64Encode(hash);
XYZBillingStub.inputHttpHeaders_x.put('Authorization','Basic ' + encodedusernameandpassword );// SALESFORCE STUB
XYZBilling.query(queryReq )// Web Service call
Please help me in resolving this issue.
After converting the apex code to the below code I was successfully able to resolve the issue.
String myData = 'username:password';
encodedusernameandpassword = EncodingUtil.base64Encode(Blob.valueOf(myData));
XYZBillingStub.inputHttpHeaders_x.put('Authorization','Basic ' + encodedusernameandpassword );// SALESFORCE STUB
XYZBilling.query(queryReq )// Web Service call
This was a simple hit and trial solution I got, And I think Salseforce apex functionality only support input HTTP Headers authentication process. If one has some other way to do the authentication please mention it.
Looks like you already figured out a solution.
For reference, have a look at the Sending HTTP Headers on a Web Service Callout section of the online docs for doing basic authentication headers.
Related
I have a web service which is validated by OAuth (Authorization code).
I am using Oracle IDM stack (OAM /Oath service , OES etc).
The issue is - I want to have OAUth validation only when a webService API is processed at the backend, but not when a client is just browsing a WSDL or XSD.
In my current implementation, I am using filter in the web.xml and I have added web service name ( which is web service Servlet) URL in the filters. The url to browse the service and execute the service, will have same name except the ?WSDL at the end of the URL, in case of WSDL/XSD query.
So, the problem is when I query WSDL, then also it goes goes via OAuth validation, which I don't want!
I tried to add logic to determine if the http query string is ?WSDL then by pass OAUTH validation, but it does not work because clients like SOAP UI and others can actually use ?WSDL in the URL, to even execute the web service API, which sort of fails the whole validation purpose.
Has anyone come across similar issue? how to resolve this issue ?
I have a web service for which the user authentication is provided by web browser Single Sign-On authentication method , through which a human user is automatically logged in with his/her company email ID from a web browser.
I have written a java Jersey 2.x client (a non human consumer of web service). In client code I am using HttpAuth as
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("ENTER_USERNAME_HERE", "PASSWORD_HERE");
But the client fails stating the HTTP status code as 302 (redirection error)
Then I used curl for the same and received the response as an HTML page stating
The document is moved here(<-- a link containing websso url to my resource).
After searching on SO I enabled the FollowsRedirection feature for my jersey client and now the error is changed to
Exception in thread "main" javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
Any pointer on how to handle this authentication problem ?
The issue was finally resolved , so I am going to answer my own question,
After all the RnD , it was clear that there isn't any sophisticated way for passing (Authenticating) the WEb SSO (Single Sign-On) from jeresy 2.x client code.
Although I found some interesting articles regarding kerberos here and here.
So , finally
I created an other URL path as
/AuthWithCert CONTEXT in server proxy configuration and added the requests coming from this path as an exclusion in webSSO login conf.
So automatically the authentication was pointed to default (HttpBasic Client Auth) without any redirection error and the client worked fine.
I am trying to create an authentication in ADF mobile where the login URL is the peoplesoft login page. When i give in the username and password in the emulator, it throws an error.\
Terminating
Authentication URL responded with an illegal response code.
It is not basic authentication end point.
Please contact administrator
I have followed the following tutorial
https://blogs.oracle.com/shay/entry/accessing_secure_web_services_from
Here instead of creating a remote secured login server, I want to use peoplesoft to authenticate.Any Ideas?
I have also seen somewhere that you can authenticate each web service you call by adding the username and password in the SOAP header. Any tutorials for ADF would be much appreciated and #Shay Shmeltzer any ideas would be helpful
Thanks
Oracle MAF only supports security authentication against HTTP Basic Authentication pages, so I don't think you can use peoplesoft login page to authenticate neither your application nor you web services.
Otherwise you can create a secure ADF page the validates login through peoplesoft login credentials(username-password) then deploy that page to a server and secure your MAF application using that page.
Some useful links
Accessing Secure Web Services from ADF Mobile
ADF Mobile - Secured Web Service Access
ADF Mobile Application Security
And about your second question yes you can customize the envelop header being send from MAF application to a soap webservice (add username and password or any other attributes) by extending the SOAPProvider class and add it to the datacontrol.dcx file as the provider for the webservice.
The only example I can find online
http://docs.oracle.com/cd/E37975_01/doc.111240/e24475/amxwebservices.htm#autoId3
i'm reading RESTful Web Services and on the first chapters they talk about taking advantages over the stuff HTTP already serves.
They introduce en example that does authentication to del.icio.us using HTTP Basic Authentication.
Until now, the apps I've been written in NodeJS implemeted Authentication by sending a POST request from a form containing user and a password field.
How do you guys implement this? Do webpages implement auth via http basic auth?
Which one is recommended?
Thanks in advance.
You may find Basic HTTP authentication in Node.JS? useful as it describes how to do Basic Authentication in NodeJS.
As for its use in Web Services, well...there are lots of ways to authorize requests from using a shared secret (like an API key), cookies (like Basic Auth) or user credentials added to a request string. All have their pluses and minuses.
For most of my coding, I rely on public/private key pairs to assure the identity of clients.
http-auth module should do the job
// Authentication module.
var auth = require('http-auth');
var basic = auth.basic({
realm: "Simon Area.",
file: __dirname + "/../data/users.htpasswd" // gevorg:gpass, Sarah:testpass ...
});
// Creating new HTTP server.
http.createServer(basic, function(req, res) {
res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);
I'm having a small issue with implementing custom basic authentication for a asmx in .net 4.0.
I've created the HttpModule which would start the authentication process of the web service consumer runnig this code,
HttpApplication application = (source as HttpApplication);
HttpContext context = application.Context;
if ( VirtualPathUtility.GetFileName(context.Request.FilePath).Contains("svcEWS.asmx"))
{
string username = "", password = "";
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("Basic"))
{
//Authenticate here
}
}
However there is no authentication header present whenever this code is reached.
The consuming web app is simply calling,
EWS.svcEWS svcEWS = new EWS.svcEWS();
svcEWS.Credentials = new NetworkCredential("admin", "admin", "example.com");
svcEWS.HelloWorld();
IIS is set to run with anonymous authentication to anonymous authentication to prevent it from catching any auth requests.
Is there something I'm missing to have the client pass the correct header to my module?
I was forgetting to reject the first request with 401 code to force authentication. Doing so fixes the problem, as the invoker re sends the request with the auth header.