+

Search Tips   |   Advanced Search

Authenticate Web services clients using HTTP basic authentication


HTTP basic authentication uses a user name and password to authenticate a service client to a secure endpoint.

The basic authentication is encoded in the HTTP request that carries the SOAP message. When the application server receives the HTTP request, the user name and password are retrieved and verified using the authentication mechanism specific to the server.

HTTP basic authentication is orthogonal to the security support provided by WS-Security or HTTP SSL configuration.

Although the basic authentication data is base64-encoded, sending data over SSL (https) is recommended to protect integrity and confidentiality.

In some cases, a firewall is present using a pass-through HTTP proxy server. The HTTP proxy server forwards the basic authentication data into the Java EE appserver. The proxy server can also be protected. Applications can specify the proxy data by setting properties in a stub object.

 

Related concepts

Set HTTP basic authentication for JAX-RPC Web services with the admin console
Set HTTP basic authentication for JAX-RPC Web services programmatically
Set HTTP basic authentication for JAX-RPC Web services with an assembly tool
Assembly tools
Secure Web services applications at the transport level
Secure Web services for V5.x applications based on WS-Security
Secure Web services applications using message level security
Task overview: Implement Web services applications
HTTP basic authentication collection