cancel
Showing results for 
Search instead for 
Did you mean: 

authentication: web services & web dynpo

Former Member
0 Kudos

Hello

We have a problem with authentication in Web Dynpro, when using a Web Service generated out of a stateless session bean (sb).

The sb has only one very simple business function, readUser():

public String showUser() {

return myContext.getCallerPrincipal().getName();

}

The situation can be reproduced as follows:

1) create an EJB project

2) create an SB (stateless)

3) create only one business method as shown above

4) create an EAR project

5) create a web service and enable basic authentication in the web service configuration and the web service definition

6) build & deploy the EAR file

7) test the showUser operation by using the web service navigator

After the showUser operation is started (by clicking "Send") an authentication screen appears. You can enter user/pw and the username is shown correctly after this.

However when we continue:

😎 create Web Dynpro project

9) import model of created web service above

10) create app & component with usual wizards WITH authentication enabled!

11) create service call and form (for return value) & button to call web service

12) deploy & run

Now we login to the Web Dynpro welcome screen, After user/pw are entered, the Web Dynpro application starts. However, when we press the button now to read the user name an error message appears "Invalid Response (401): Unauthorized"

We just wanted authentication, no authorization (yet). It seems like Web Dynpro doesn't pass the authentication details to the web service is call... ?

Btw. We know we could get the user directly withing Web Dynpro by calling the UME API, but we want the user name of the current ejb container user, because we have several clients (web, web service navigator & Web Dynpro).

How should we configure our Web Dynpro / Web Service / WAS differently to get this working?

Many thanks in advance!

regards,

Rob

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

HI Rob,

A developer gave me the following hint:

Because WebDynpro uses standalone WS Client Proxies, you could specify the user/password pair for basic authentication only programmatically. This can be done by getting the logical port instance (the model object in web dynpro) and specify the user and password by setting the following properties:

lp._setProperty(“http.auth.username”, realUserName);

lp._setProperty(“http.auth.password”, realPassword);

where realUsername and realPassword are for the user that is able to invoke the web service.

But you could also check the following message within this forum, where I already give some information about Basic Authentication "Web Service Clients and Authentication" (URLs does not seem to work):

1. Create an Enterprise Java bean as implementation of the Web service with the following two methods:

a. public String echoString(String str){

return str;

}

b. public String[] echoArrString(String[] str) {

return str;

}

2. Create a Virtual Interface and Web Service Definition: Select the WSD, choose Authentication from the Name frame, and check Basic (User/Password) if you want your Web service to be configured with the basic authentication security level of access

3. If you want to configure your Web service on operation security level (to associate security roles for each operation independently), select Authorization from the Name frame, and choose Select Feature.

4. The next step is to configure the security of the bean

Create an assembly project, and in the ejb-jar.xml descriptor, create security roles and references to associate the bean with the specified security role.Then create the security role references.

5. Map the security roles to existing users and groups on the server

Use the ejb-j2ee-engine.xml to specify the mapping.

The result is that there are two security roles: ws_role1 and ws_role2 that can access the methods of the bean:

a. public String echoString(String str)

b. public String[] echoArrString(String[] str)

(The mapped groups and users should be created on the server, this can be done using the functions of the Security Provider Service through the Visual Administrator.)

6. Start the SAP J2EE Engine Visual Administrator, select the Security Provider Service, and choose the User Management tab

7. Create two users by choosing Create User button with:

a. user names ? WSUser1 and WSUser2

b. passwords ? WSUser1 and WSUser2

8. You can also configure the operations of your Web service by specifying the security roles for every operation. In this example we could remove ws_role2 for operation echoString(String str) and ws_role1 for operation echoArrString(String[] str).

In this way, if the methods of the bean can be accessed via both security roles, the operation configuration is different when it is exposed as a Web service:

public String echoString(String str) ? ws_role1

public String[] echoArrString(String[] str) ? ws_role2

9. The Web service is ready to be deployed.

You can develop an application that calls the operations of the Web service:

a. First create a deployable proxy, and then a servlet (Enterprise Java bean is also possible), which invokes the methods of only one logical port.

b. Configure every port of the proxy using the Destinations Service of the Visual Administrator.

Choose BASIC in the Authentication dropdown menu, and set the user name and password

10. Access your servlet on http://echoString/echoString

Hope that helps!

Best regards,

Karin

Former Member
0 Kudos

Hi Karin

Thanks a lot for your info!

Somehow, the lp.setProperty() didn't work for me (see below*), but it pushed me into the right direction, that is, the following code worked fine:

wdContext.current<Request_WS>().modelObject()._setUser("myname");

wdContext.current<Request_WS>().modelObject()._setPassword("mypw");

// execute my webservice

wdContext.current<Request_WS>().modelObject().execute();

*) I saw, that internally USERNAME_PROPERTY = "javax.xml.rpc.security.auth.username" and PASSWORD_PROPERTY = "javax.xml.rpc.security.auth.password" are used, that's why I tried these as the "http.auth.username" & "http.auth.password" did not seem to work in my case.

My next problem now, of course, is that I cannot pass the user password, as I don't want to hard code this in my source of course

Do you may be have any suggestion on this too?

Many thanks in advance again!

Kind regards,

Rob