Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SOAP Security: HTTP-Basic authentication

12 views
Skip to first unread message

Eugene Prokopiev

unread,
Jan 25, 2005, 1:48:29 AM1/25/05
to
Hi,

How can I create SOAP Call for service protected by servlet container
with HTTP-Basic authentication?

I can use this code with Axis (http://ws.apache.org/axis/):

Service service = new Service();
Call call = (Call)service.createCall();
call.setUsername(username);
call.setPassword(password);

How can I do it with Mozilla JavaScript?

Martin Honnen

unread,
Jan 25, 2005, 11:24:26 AM1/25/05
to

Eugene Prokopiev wrote:

I am not sure you can do that with JavaScript but perhaps if you use
script to access a web service and authentication is required then
Mozilla will simply pop up its authentication dialog as normal with
other resources requiring authentication.
Have you tried that, simply calling the service with script? What
happens then, do you get an error dialog or an error in the JavaScript
console?


--

Martin Honnen
http://JavaScript.FAQTs.com/

Eugene Prokopiev

unread,
Jan 27, 2005, 2:07:36 AM1/27/05
to

I don't know, I don't tried it yet.

I think HTTP-Basic authentication use custom HTTP headers in SOAP
messages, so can I modify it any way except working with XmlHttpRequest?

Pop up dialog is suitable for me.

Eugene Prokopiev

unread,
Jan 27, 2005, 3:18:27 AM1/27/05
to
> Pop up dialog is suitable for me.

sorry, it's _not_ suitable for me

Martin Honnen

unread,
Feb 2, 2005, 9:42:20 AM2/2/05
to

Eugene Prokopiev wrote:

>> Pop up dialog is suitable for me.
>
>
> sorry, it's _not_ suitable for me

I am not sure the SOAP API has any way to provide username and password
for basic authentication but for me here with Firefox 1.0 it works to
use XMLHttpRequest first to make a HTTP HEAD request sending the
credentials (the open method has the fourth and fifth argument for that)
and then to make the SOAP call e.g.


var soapCall = new SOAPCall();
soapCall.transportURI = 'http://example.org/services/service.asmx';
soapCall.encode(...);

var httpRequest = new XMLHttpRequest();
httpRequest.open('GET', soapCall.transportURI, false, 'username',
'password');
httpRequest.send(null);

if (httpRequest.status == 200) {
var soapResponse = soapCall.invoke();
...
}


That way the basic HTTP authentication happens and for the browser
session Mozilla remembers that so that the SOAP calls then work.

Hiran Chaudhuri

unread,
Feb 2, 2005, 5:09:51 PM2/2/05
to
> I am not sure the SOAP API has any way to provide username and password
> for basic authentication but for me here with Firefox 1.0 it works to
> use XMLHttpRequest first to make a HTTP HEAD request sending the
> credentials (the open method has the fourth and fifth argument for that)
> and then to make the SOAP call e.g.

How about submitting username and password together with the URL?

var soapCall = new SOAPCall();

soapCall.transportURI = 'http://username:pass...@example.org/services/service.asmx';
soapCall.encode(...);

I know the security is not too good.
But then the URI need not be hardcoded, it can be created on the client. And next the request better use https to encrypt the whole stream....

Hiran

Martin Honnen

unread,
Feb 3, 2005, 9:15:25 AM2/3/05
to

Hiran Chaudhuri wrote:


> How about submitting username and password together with the URL?
>
> var soapCall = new SOAPCall();
> soapCall.transportURI = 'http://username:pass...@example.org/services/service.asmx';
> soapCall.encode(...);
>
> I know the security is not too good.

I have tried that here with Firefox 1.0 and it works too.

Eugene Prokopiev

unread,
Feb 7, 2005, 1:15:43 AM2/7/05
to
> That way the basic HTTP authentication happens and for the browser
> session Mozilla remembers that so that the SOAP calls then work.

Thanks. It's fine. Can I close session and authenticate as another user
without closing Mozilla?

0 new messages