Web Service Client - how do I set basic Authentication userid / password

PeteTh · #1 Jun 14th, 2007, 11:48 AM

I am using an WebServiceGatewaySupport subclass as a Web Service Client - how do I set HTTP Basic Authentication userid / password, this is required to be sent as the web service is secured using Basic Auth.

I was expecting to find a setPassword("") somewhere, like you get when using the Axis org.apache.axis.client.Call.

Arjen Poutsma · #2 Jun 14th, 2007, 06:22 PM

You can set it on the CommonsHttpMessageSender, which you need to wire up to the template.

tobias · #3 Nov 28th, 2007, 06:19 AM

Hi Arjen,

I need to invok a service that requires basic authentication.
Can you explain how to do that or where I can find more information. I only found a lot of cryptic information concerning WSE and things like that. But actually I just look for the setCredentials method that must be somewhere.

Regards,
Tobias

tobias · #4 Nov 28th, 2007, 08:18 AM

Hi,

So I got my bean which extends : WebServiceGatewaySupport

Before sending the request I set the CommonsHttpSender:
CommonsHttpMessageSender messageSender = new CommonsHttpMessageSender();

messageSender.setCredentials(new UsernamePasswordCredentials(user,password) );
setMessageSender(messageSender);

But nothing apears in the final request and I get an unauthorized from the Server. Is there anything else to set?

Thanks,

Tobias

tobias · #5 Nov 28th, 2007, 08:35 AM

Hi,

I found the solution. For me it looks like a Bug in the Spring framework. Obviously the setCredential() method is doing nothing.

So you need to go all the way down and initialize the HttpClient by hand:
HttpClient client = new HttpClient();

client.getParams().setAuthenticationPreemptive(tru e);

//set HTTP AUTHENTICATION if necessary
if (!StringUtils.isEmpty(user)) {
Credentials defaultcreds = new UsernamePasswordCredentials(user, password);
client.getState().setCredentials(AuthScope.ANY, defaultcreds);
}
CommonsHttpMessageSender messageSender = new CommonsHttpMessageSender();
messageSender.setHttpClient(client);
setMessageSender(messageSender);

just in case somone gets across the same problem.

Tobias

venukumar · #6 Nov 28th, 2007, 11:34 AM

Hi tobias,
I tried with your piece of code but still i got the Unauthorized error..

Can you please send me the piece of code on client and server side so that it could help me a lot.

Thanks,
Venu

Arjen Poutsma · #7 Nov 28th, 2007, 12:47 PM

Quote:

Originally Posted by tobias

Hi,

I found the solution. For me it looks like a Bug in the Spring framework. Obviously the setCredential() method is doing nothing.

No bug

, but you need to call afterPropertiesSet() on the CommonsHttpMessageSender. This sets the credentials on the client. Invoking afterPropertiesSet() is automatically done by the Spring container, so if you create a bean definition for the message sender, and inject it into the web service template, this is all taken care off.

mindy · #8 Jan 14th, 2008, 08:50 AM

I have the same problem.

using the following configuration does not add basic authentication to the outgoing http request:

Code:

 <bean id="client" class="com.test.client.TestClient">
       <property name="webServiceTemplate" ref="webServiceTemplate"/>
    </bean>

    <bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory"/>

    <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
     	<constructor-arg ref="messageFactory"/>
	    <property name="marshaller" ref="marshaller"/>
	    <property name="unmarshaller" ref="unmarshaller"/>
	    <property name="messageSender" ref="messageSender"/>
	    <property name="defaultUri" value="http://localhost:7080/testService/"/>
	</bean>

	<bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender">
         <property name="credentials">
             <bean class="org.apache.commons.httpclient.UsernamePasswordCredentials">
                 <constructor-arg value="user"/><!-- username -->
                 <constructor-arg value="pw"/><!-- password -->
             </bean>
         </property>
     </bean>

Is there anything wrong with my spring-WS client configuration?

amcsyd · #9 Jan 23rd, 2008, 01:40 AM

I ended up using the apache commons HttpClient with the spring webservice template and it seemed to work. Some webservice processors don't always present an authentication challenge so the authentication doesn't kick in. But with the solution provided below it ensures that authentication always occurs. This solution was done using spring 2.0.7 and the apache commons HttpClient 3.1

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springframework.org/schema/util
       http://www.springframework.org/schema/util/spring-util-2.0.xsd">

    <bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpClientParams">
        <property name="authenticationPreemptive" value="true"/>
        <property name="connectionManagerClass" value="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
    </bean>

    <bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
        <constructor-arg ref="httpClientParams"/>
    </bean>

    <bean id="credentials" class="org.apache.commons.httpclient.UsernamePasswordCredentials">
        <constructor-arg value="myusername"/>
        <constructor-arg value="mypassword"/>
    </bean>

    <bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender">
        <constructor-arg ref="httpClient"></constructor-arg>
        <property name="credentials" ref="credentials"/>
    </bean>

    <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
        <property name="messageSender" ref="messageSender"/>
        <property name="defaultUri" value="http://myhost:myport/mysoapurl"/>
    </bean>

    <bean id="webServiceClient" class="my.WebServiceClient">
          <property name="webServiceTemplate">
            <ref bean="webServiceTemplate"/>
           </property>
    </bean>

</beans>

amcsyd · #10 Jan 26th, 2008, 05:14 PM

Its not enough just to set the credentials. If you are hitting a server that never issues an authorisation challenge or doesn't issue the challenge after attempting the request first then authentication will never be called and the credentials will never be used.

You must set the authentication to send the credentials before any request is made by using. If you are doing it programatically then it would be as follows

Code:

HttpClient client = new HttpClient();

client.getParams().setAuthenticationPreemptive(true);

messageSender.setHttpClient(client);

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode