Saturday, December 22, 2007

HTTP and WS-BASIC authentication

Have been playing around with WS-BASIC authentication and HTTP authentication. I just created HelloBPEL project and secured it using OWSM gateway. I defined following policy steps in OWSM for HTTP basic authentication:

Extract credentials I specified HTTP credentials and for File Authenticate I created username/password file using md5 utilies, here is details of the steps:

To test if my policies are defined fine, I tested using Tools -> test page feature.
Everything works great so far. I tried to test it using BPEL. I provided gateway URL to BPEL partnerlink. I had to specify following additional partnerlink properties so that BPEL passes correct header information for HTTP authentication.
Cool... It worked great.
Similar way for WS-BASIC authentication. I changed Extract Credential step in OWSM policy:

And now to test using BPEL, I had to provide following Partnerlink properties:

You can see in above image that you can use httpBasicUsername and httpBasicPassword as well. I found that httpUsername and httpPassword were supported in 10.1.2 but they are deprecated in 10.1.3 as per http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm , therefore httpBasicUsername and basicUsername are our only choice for 10.1.3.3 SOASuite.

Source code can be downloaded at this link.

No comments: