cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

dynamic username and password for UsernameToken in Receiver Soap Adapter.

Former Member

on ‎04-01-2010 8:04 AM

0 Kudos

Hi All,

I am using AXIS Frame work for WS Security Authentication in Receiver SOAP channel. I deployed AXIS and used WSDoAllSender handler. I want to set the username and password parameters in the module dynamically. These have to be extracted from the payload.

kindly give me pointers to dynamically assign Username and Password.

Regards,

Saipriya.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎04-13-2010 10:05 PM
0 Kudos

Hi Saipriya,

Here is how you can configure a series of handlers to generate the UsernameToken security header with the username and password contained in the message.

For details, you should refer to the Axis adapter FAQ note. There are a few examples of how to use the described handlers. Below I am sketching the configuration.

First, you need to place a data extraction handler to extract your user and password and set them to the axis's message context. Depending on where in the message you have put your data, there are several options. Here, assuming you have them in the dynamic configuration header, you can use the XI30DynamicConfigurationHandle handler to do this job. Using this handler, you can extract your username and set it to the context property user and extract your password and set it to the context property password. This handler must precede the first XI30OutboundHandler. After this handler, you place the WSDoAllSender handler to generate the UsernameToken. Finally, this is followed by the transport handler.

Best regards, Yza

Show replies
Show replies
Former Member
‎04-19-2010 2:22 PM
0 Kudos

Hi Yza,

Please let me know the question number you are referring to in the FAQ.

How do i set the user name and password to the AXIS message context. Is it possible for you to provide the detail module configuration parameters with screen shots.

let me repeat, that I need to configure a receiver soap channel with username and password from payload.

I have tried to insert the user name in the XI DynamicConfiguration as below:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

- <!-- Call Adapter

-->

- <SAP:DynamicConfiguration xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">

<SAP:Record namespace="http://www.ebxml.org/namespaces/messageHeader" name="keys">ZAPICH2</SAP:Record>

</SAP:DynamicConfiguration>

Is this the right way, and how do I proceed from here?

Former Member
‎04-23-2010 10:25 PM
0 Kudos

Hi Saipriya,

I discovered there was a small problem with the approach that I described. I will try to explain it below.

The idea was to use XI30DynamicConfigurationHandler to set some of the axis's message context properties and I was referring to some FAQ entries that use this handler to set various context properties.

The message context is a container passed to each axis handler and it contains all the runtime properties such as user, password, the transport url, the soapaction value, and so on.

I had a similar scenario using this approach in a standalone environment using the original WSDoAllSender handler (org.apache.ws.axis.security.WSDoAllSender). This works fine because the original WSDoAllSender first looks for the user property in its handler configuration, and failing to finding it, looking into the message context.

However, I just discovered that this approach did not work in the PI adapter environment. The reason is that the WSDoAllSender used in the axis adapter does not look into the message context. This issue needs to be fixed by SAP. You can open a ticket.

Until this issue is fixed, you can use the following workaround which I verified to function. This workaround uses the user name included in the message but uses the password stored in an external file. It has some security concern but not as much as your original approach of including the password in the message.

the workaround posted in the next entry as there seems to be a size limit

Regards, Yza

Former Member
‎04-23-2010 10:27 PM
0 Kudos

continued from the previous entry

1. configure the following four handlers in the request chain

Handler dc

Handler xireq

Handler wssec

Handler trp

For the xireq and trp handler, you can use the default setting.

For the dc and wssec handlers, you use the following setting:

dc: handler.type = java:com.sap.aii.axis.xi.XI30DynamicConfigurationHandler

dc: key.1 = write http://sap.com/xi/axis username

dc: value.1 = user

wssec: handler.type = java:org.apache.ws.axis.security.WSDoAllSender

wssec: action = UsernameToken

wssec: passwordType = PasswordText

wssec: passwordCallbackClass = com.sap.aii.axis.security.DefaultPasswordCallbackHandler

2. Create an external password file with user password pairs. For example, if you have three users: orange, banana, and apple, with their passwords: orange, yellow, red, you create a file with content:

orange:orange

banana:yellow

apple:red

You name this file to ".password" and place it at the engine's classloader directory (e.g.,

/usr/sap/E07/JC90/j2ee/cluster/server0)

3. Prepare the input message containing the user name in the dynamic configuration header that looks like:

<ns3:DynamicConfiguration xmlns:ns3="http://sap.com/xi/XI/Message/30">

<ns3:Record name="username" namespace="http://sap.com/xi/axis">orange</ns3:Record>

</ns3:DynamicConfiguration>

The namespace and name must match the value used in the key.1 property of the dc handler. As long as they match, you can use any names.

In this example, the user name value "orange" will be extracted by the dc handler and inserted into the message context.

4. Send a test message.

Best regards, Yza

Former Member
‎04-29-2010 6:33 AM
0 Kudos

Hi Yza,

Earlier you mentioned about dynamic configuration for setting the context objects user and password. Is it similar to ASMA in a file adapter?

In that case what would be the attribute namespace and attribute name? can we use http://sap.com/xi/XI/System/SOAP"; and "user" ?

Regards,

Saipriya.

Former Member
‎05-03-2010 10:36 PM
0 Kudos

Hi Saipriya,

Yes. It is the same mechanism.

You can use any namespace and name for your ASMA property because the dynamic configuration handler can read any ASMA property.

In this case, using the handler, you just need to read your parameter and set its value to the appropriate axis context property.

The user name is represented by property javax.xml.rpc.security.auth.username.

The password is represented by property javax.xml.rpc.security.auth.password

You can find other context properties in the axis documentation:

http://ws.apache.org/axis/java/apiDocs/constant-values.html

You find some examples in the axis adapter FAQ note.

Regards, Yza

Former Member
‎04-06-2010 3:04 PM
0 Kudos

Hi,

Have you looked at the OSS note #1039369 (Axis FAQ), there is an attachment with a lot of useful info and example (you might be interested in "How can I configure a channel to use the UsernameToken authentication of WS-Security?") ?

Rgds

Chris

Show replies
Show replies
Ask a Question