Skip to Content

Web Service Clients and Authentication?

Hi Everybody,

I'm trying to use WebDynpro to invoke a Web Service that requires authentication. I've created a model based on an imported WSDL and I've created a very simple gui to invoke the Web Service. However, as I would have expected I receive a security exception. I tried turning on authentication hoping that the userid/password would be passed along but this doesn't help.

Has anybody been able to invoke a Web Service using the model generated by Netweaver Developer studio when authentication has been required?

Thanks alot,

...Scottd

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Feb 12, 2004 at 12:13 PM

    Hi Scottd,

    I suppose you are using Sneak Preview 1 right now, and I am afraid, Web Services with authentication are not supported within that version. Sneak Preview 2 will come within the next 2 weeks. Anyhow, please find below the steps to do in order to have a Basic Authentication.

    Hope that helps!

    Karin

    1. Create an EnterpiseJava bean as implementation of the Web service with the following two methods:

    a. public String echoString(String str){

    return str;

    }

    b. public String[] echoArrString(String[] str) {

    return str;

    }

    2. Create a Virtual Interface and Web Service Definition: Select the WSD, choose Authentication from the Name frame, and check Basic (User/Password) if you want your Web service to be configured with the basic authentication security level of access

    3. If you want to configure your Web service on operation security level (to associate security roles for each operation independently), select Authorization from the Name frame, and choose Select Feature.

    4. The next step is to configure the security of the bean

    Create an assembly project, and in the ejb-jar.xml descriptor, create security roles and references to associate the bean with the specified security role.Then create the security role references.

    5. Map the security roles to existing users and groups on the server

    Use the ejb-j2ee-engine.xml to specify the mapping.

    The result is that there are two security roles: ws_role1 and ws_role2 that can access the methods of the bean:

    a. public String echoString(String str)

    b. public String[] echoArrString(String[] str)

    (The mapped groups and users should be created on the server, this can be done using the functions of the Security Provider Service through the Visual Administrator.)

    6. Start the SAP J2EE Engine Visual Administrator, select the Security Provider Service, and choose the User Management tab

    7. Create two users by choosing Create User button with:

    a. user names ? WSUser1 and WSUser2

    b. passwords ? WSUser1 and WSUser2

    8. You can also configure the operations of your Web service by specifying the security roles for every operation. In this example we could remove ws_role2 for operation echoString(String str) and ws_role1 for operation echoArrString(String[] str).

    In this way, if the methods of the bean can be accessed via both security roles, the operation configuration is different when it is exposed as a Web service:

    public String echoString(String str) ? ws_role1

    public String[] echoArrString(String[] str) ? ws_role2

    9. The Web service is ready to be deployed.

    You can develop an application that calls the operations of the Web service:

    a. First create a deployable proxy, and then a servlet (Enterprise Java bean is also possible), which invokes the methods of only one logical port.

    b. Configure every port of the proxy using the Destinations Service of the Visual Administrator.

    Choose BASIC in the Authentication dropdown menu, and set the user name and password

    10. Access your servlet on http://:/echoString/echoString

    Add comment
    10|10000 characters needed characters exceeded