HTTP basic authentication

HTTP basic authentication uses a user name and password to authenticate a service client to a secure endpoint.

WAS can have several resources, including Web services, protected by a Java 2 Platform, Enterprise Edition (J2EE) security model.

A simple way to provide authentication data for the service client is to authenticate to the protected service endpoint to the HTTP basic authentication. The basic authentication is located in the HTTP header that carries the SOAP request. When the appserver receives the HTTP request, the user name and password are retrieved and verified using the authentication mechanism specific to the server.

Although the basic authentication data is base64-encoded, sending data over HTTPS is recommended. The integrity and confidentiality of the data can be protected by the SSL protocol.

In some cases, a firewall is present using the pass-thru HTTP proxy server. The HTTP proxy server forwards the basic authentication data into the J2EE appserver. The proxy server can also be protected. Applications can specify the proxy data by setting properties in a stub object.


See Also

HTTP basic authentication
Transport level security
Securing Web services using XML digital signature