You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by Dave Meier <DM...@SERENA.com> on 2008/02/12 03:14:23 UTC
[AXIS2C] HTTP Basic Authentication question
Hi All,
With my gsoap web services I can get at the userid and password that are
passed in the HTTP header using HTTP Basic Authentication. It decodes
the password as well and sticks both the userid and password in the
structure that it passes to me.
I want to offer the same support with my Axis2/C implementation. Does
the Axis2/C code do something similar to the above? I'm basically just
wanting to get a userid and password passed via HTTP Basic auth and use
these credentials in my code to log the user in.
Thanks,
-Dave.
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
Re: [AXIS2C] HTTP Basic Authentication question
Posted by Kaushalye Kapuruge <ka...@wso2.com>.
Dave Meier wrote:
> Hi Kauhsalye,
>
> I have looked at the manual, but it seemed like what's described there
> is not what I'm talking about below. It may be my not understanding it.
> So I'll ask a couple questions:
>
> In the manual it talks about adding to the axis2.xml file but it has
> a user id and password in there:
> "<parameter name="HTTP-Authentication" username="your username"
> password="your password" locked="true"/>"
> I think maybe this is just for making outgoing calls?
Yes.
> I need to have
> some client out there put the userid and password into the http header
> and then for me in the server code, extract out that userid and
> password.
> Is that supported?
There might be a workaround but no direct way AFAIK. May be you are
trying to get the username for Authorization purposes. What I suggest
here is to go for message level security with username tokens in the
SOAP header. I think Senaka too replied to you about that. This tutorial
might be useful for such an effort[1].
HTH,
Kau
[1]http://wso2.org/library/2702#ut
> Thanks,
>
> -Dave.
>
> -----Original Message-----
> From: Kaushalye Kapuruge [mailto:kaushalye@wso2.com]
> Sent: Monday, February 11, 2008 9:42 PM
> To: Apache AXIS C Developers List
> Subject: Re: [AXIS2C] HTTP Basic Authentication question
>
> Hi Dave,
> Please refer the Aixs2/C manual here[1] for more information on basic
> authentication.
> Cheers,
> Kauhsalye
>
> [1]http://ws.apache.org/axis2/c/docs/axis2c_manual.html#http_auth
>
> Dave Meier wrote:
>
>> Hi All,
>>
>> With my gsoap web services I can get at the userid and password that
>> are passed in the HTTP header using HTTP Basic Authentication. It
>> decodes the password as well and sticks both the userid and password
>> in the structure that it passes to me.
>>
>> I want to offer the same support with my Axis2/C implementation. Does
>>
>
>
>> the Axis2/C code do something similar to the above? I'm basically
>> just wanting to get a userid and password passed via HTTP Basic auth
>> and use these credentials in my code to log the user in.
>>
>> Thanks,
>>
>> -Dave.
>>
>> **********************************************************************
>> This email and any files transmitted with it are confidential and
>>
> intended solely for the use of the individual or entity to whom they are
> addressed. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the
> sender by reply e-mail and destroy all copies of the original message.
>
>> **********************************************************************
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
> --
> http://blog.kaushalye.org/
> http://wso2.org/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
>
--
http://blog.kaushalye.org/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
RE: [AXIS2C] HTTP Basic Authentication question
Posted by Dave Meier <DM...@SERENA.com>.
Hi Kauhsalye,
I have looked at the manual, but it seemed like what's described there
is not what I'm talking about below. It may be my not understanding it.
So I'll ask a couple questions:
In the manual it talks about adding to the axis2.xml file but it has
a user id and password in there:
"<parameter name="HTTP-Authentication" username="your username"
password="your password" locked="true"/>"
I think maybe this is just for making outgoing calls? I need to have
some client out there put the userid and password into the http header
and then for me in the server code, extract out that userid and
password.
Is that supported?
Thanks,
-Dave.
-----Original Message-----
From: Kaushalye Kapuruge [mailto:kaushalye@wso2.com]
Sent: Monday, February 11, 2008 9:42 PM
To: Apache AXIS C Developers List
Subject: Re: [AXIS2C] HTTP Basic Authentication question
Hi Dave,
Please refer the Aixs2/C manual here[1] for more information on basic
authentication.
Cheers,
Kauhsalye
[1]http://ws.apache.org/axis2/c/docs/axis2c_manual.html#http_auth
Dave Meier wrote:
> Hi All,
>
> With my gsoap web services I can get at the userid and password that
> are passed in the HTTP header using HTTP Basic Authentication. It
> decodes the password as well and sticks both the userid and password
> in the structure that it passes to me.
>
> I want to offer the same support with my Axis2/C implementation. Does
> the Axis2/C code do something similar to the above? I'm basically
> just wanting to get a userid and password passed via HTTP Basic auth
> and use these credentials in my code to log the user in.
>
> Thanks,
>
> -Dave.
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.
> **********************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
>
--
http://blog.kaushalye.org/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
Re: [AXIS2C] HTTP Basic Authentication question
Posted by Kaushalye Kapuruge <ka...@wso2.com>.
Hi Dave,
Please refer the Aixs2/C manual here[1] for more information on basic
authentication.
Cheers,
Kauhsalye
[1]http://ws.apache.org/axis2/c/docs/axis2c_manual.html#http_auth
Dave Meier wrote:
> Hi All,
>
> With my gsoap web services I can get at the userid and password that are
> passed in the HTTP header using HTTP Basic Authentication. It decodes
> the password as well and sticks both the userid and password in the
> structure that it passes to me.
>
> I want to offer the same support with my Axis2/C implementation. Does
> the Axis2/C code do something similar to the above? I'm basically just
> wanting to get a userid and password passed via HTTP Basic auth and use
> these credentials in my code to log the user in.
>
> Thanks,
>
> -Dave.
>
> **********************************************************************
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
> **********************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
>
--
http://blog.kaushalye.org/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
RE: [AXIS2C] HTTP Basic Authentication question
Posted by Senaka Fernando <se...@wso2.com>.
Hi Dave,
Please take a look at the attached sample, which makes use of the message
context. Read through the axis2_http_transport.h for more possibilities in
terms of constants you can use. We use these constants to add info to the
hash and therefore, you'll have to use them too.
Regards,
Senaka
> Hi Senaka,
>
> I saw this email after the one I just responded to. That would be great
> if you have any code samples or let me know how to get at the http
> header.
> Our web services allow simple authentication as arguments, http basic
> auth,
> or WS-SECURITY. So I will definately be using the Rampart/C code as
> well.
>
> I also will need to mess around with stuff in the SOAP envelope and
> headers
> as we have some other custom stuff implemented in gsoap that embeds some
> XML with other authentication info. So I will need to find out how to
> process things at a lower level on both input and output for the server
> code.
>
> Thanks,
>
> -Dave.
>
> -----Original Message-----
> From: Senaka Fernando [mailto:senaka@wso2.com]
> Sent: Monday, February 11, 2008 9:13 PM
> To: Apache AXIS C Developers List
> Subject: Re: [AXIS2C] HTTP Basic Authentication question
>
> Hi Dave,
>
> Do you mean access to Authentication info on the server side? Well that
> is not implemented as yet. However, you may be able to access the Auth
> Header and make use of the Basic Authentication Credentials. I will look
> into this and let you know.
>
> We did not focus on server side Authentication as we do have WS-Security
> support, Rampart/C, which can provide you the ability to handle this,
> and many other security related scenarios. You can find more info on
> Rampart/C at [1].
>
> [1] http://ws.apache.org/rampart/c/
>
> Regards,
> Senaka
>
>> Hi All,
>>
>> With my gsoap web services I can get at the userid and password that
>> are passed in the HTTP header using HTTP Basic Authentication. It
>> decodes the password as well and sticks both the userid and password
>> in the structure that it passes to me.
>>
>> I want to offer the same support with my Axis2/C implementation. Does
>
>> the Axis2/C code do something similar to the above? I'm basically
>> just wanting to get a userid and password passed via HTTP Basic auth
>> and use these credentials in my code to log the user in.
>>
>> Thanks,
>>
>> -Dave.
>>
>> **********************************************************************
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
> are addressed.
>> Any unauthorized review, use, disclosure or distribution is
>> prohibited. If you are not the intended recipient, please contact the
>> sender by reply e-mail and destroy all copies of the original message.
>> **********************************************************************
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
RE: [AXIS2C] HTTP Basic Authentication question
Posted by Dave Meier <DM...@SERENA.com>.
Hi Senaka,
I saw this email after the one I just responded to. That would be great
if you have any code samples or let me know how to get at the http
header.
Our web services allow simple authentication as arguments, http basic
auth,
or WS-SECURITY. So I will definately be using the Rampart/C code as
well.
I also will need to mess around with stuff in the SOAP envelope and
headers
as we have some other custom stuff implemented in gsoap that embeds some
XML with other authentication info. So I will need to find out how to
process things at a lower level on both input and output for the server
code.
Thanks,
-Dave.
-----Original Message-----
From: Senaka Fernando [mailto:senaka@wso2.com]
Sent: Monday, February 11, 2008 9:13 PM
To: Apache AXIS C Developers List
Subject: Re: [AXIS2C] HTTP Basic Authentication question
Hi Dave,
Do you mean access to Authentication info on the server side? Well that
is not implemented as yet. However, you may be able to access the Auth
Header and make use of the Basic Authentication Credentials. I will look
into this and let you know.
We did not focus on server side Authentication as we do have WS-Security
support, Rampart/C, which can provide you the ability to handle this,
and many other security related scenarios. You can find more info on
Rampart/C at [1].
[1] http://ws.apache.org/rampart/c/
Regards,
Senaka
> Hi All,
>
> With my gsoap web services I can get at the userid and password that
> are passed in the HTTP header using HTTP Basic Authentication. It
> decodes the password as well and sticks both the userid and password
> in the structure that it passes to me.
>
> I want to offer the same support with my Axis2/C implementation. Does
> the Axis2/C code do something similar to the above? I'm basically
> just wanting to get a userid and password passed via HTTP Basic auth
> and use these credentials in my code to log the user in.
>
> Thanks,
>
> -Dave.
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
are addressed.
> Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the
> sender by reply e-mail and destroy all copies of the original message.
> **********************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
Re: [AXIS2C] HTTP Basic Authentication question
Posted by Senaka Fernando <se...@wso2.com>.
Hi Dave,
Do you mean access to Authentication info on the server side? Well that is
not implemented as yet. However, you may be able to access the Auth Header
and make use of the Basic Authentication Credentials. I will look into
this and let you know.
We did not focus on server side Authentication as we do have WS-Security
support, Rampart/C, which can provide you the ability to handle this, and
many other security related scenarios. You can find more info on Rampart/C
at [1].
[1] http://ws.apache.org/rampart/c/
Regards,
Senaka
> Hi All,
>
> With my gsoap web services I can get at the userid and password that are
> passed in the HTTP header using HTTP Basic Authentication. It decodes
> the password as well and sticks both the userid and password in the
> structure that it passes to me.
>
> I want to offer the same support with my Axis2/C implementation. Does
> the Axis2/C code do something similar to the above? I'm basically just
> wanting to get a userid and password passed via HTTP Basic auth and use
> these credentials in my code to log the user in.
>
> Thanks,
>
> -Dave.
>
> **********************************************************************
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorized review, use, disclosure or distribution is prohibited. If
> you are not the intended recipient, please contact the sender by reply
> e-mail and destroy all copies of the original message.
> **********************************************************************
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org