I have created a JAX-WS Web Service on top of Glassfish which requires basic HTTP authentication.
Now I want to create a standalone java application client for that Web Service but I don't have a clue of how to pass the username and password.
It works with Eclipse's Web Service explorer, and examining the wire I found this:
POST /SnaProvisioning/SnaProvisioningV1_0 HTTP/1.1
Host: localhost:8080
Content-Type: text/xml; charset=utf-8
Content-Length: 311
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: IBM Web Services Explorer
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Authorization: Basic Z2VybWFuOmdlcm1hbg==
Connection: close
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:q0="http://ngin.ericsson.com/sna/types/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<q0:listServiceScripts/>
</soapenv:Body>
</soapenv:Envelope>
How do I pass the username and password in this "Authorization" header using java code? Is it hashed or something like that? What is the algorithm?
Without security involved I have a working standalone java client:
SnaProvisioning myPort = new SnaProvisioning_Service().getSnaProvisioningV10Port();
myPort.listServiceScripts();
It turned out that there's a simple, standard way to achieve what I wanted:
import java.net.Authenticator;
import java.net.PasswordAuthentication;
Authenticator myAuth = new Authenticator()
{
@Override
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication("german", "german".toCharArray());
}
};
Authenticator.setDefault(myAuth);
No custom "sun" classes or external dependencies, and no manually encode anything.
I'm aware that BASIC security is not, well, secure, but we are also using HTTPS.