WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Configure Web Services Security during application assembly > Configure XML basic authentication for v5.x web services with an assembly tool

Configure the client for basic authentication: collecting the authentication information

The basic authentication (BasicAuth) method refers to the user ID and the password of a valid user in the registry of the target server. Collection of BasicAuth information can occur in many ways including through a user interface prompt, a standard in (Stdin) prompt, or specified in the bindings, which prevents user interaction. Note: There is an important distinction between v5.x and v6.0.x and later applications. The information in this article supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6.0.x and later applications.

For more information on BasicAuth authentication, see BasicAuth authentication method.

Complete this task to specify the authentication information needed for BasicAuth authentication:

  1. Launch an assembly tool. For more information, see the related information on Assembly Tools.
  2. Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.

  3. Click Application Client Projects > application_name > appClientModule > META-INF.
  4. Right-click the application-client.xml file, select Open with > Deployment descriptor editor.

  5. Click the WS Binding tab, located at the bottom of deployment descriptor editor within the assembly tool.

  6. Expand the Security request sender binding configuration > Login binding section.

  7. Click Edit or Enable to view the login binding information. The login binding information displays and enter the following information:

    Authentication method

    Type of authentication. Select BasicAuth to use basic authentication.

    Token value type URI and Token value type local name

    When you select BasicAuth, we cannot edit the token value type URI and the local name values. Specifies values for custom authentication types. For BasicAuth authentication, leave these values blank.

    Callback handler

    Specifies the Java Authentication and Authorization Server (JAAS) callback handler implementation for collecting the BasicAuth information. We can use the following default implementations for the callback handler:

    com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler

    This implementation is used for non-user interface console prompts.

    Restriction: This implementation prompts for the user name and password and reads them into the configuration from standard in. If we have a multi-threaded client and multiple threads attempt to read from standard in at the same time, all the threads will not successfully obtain the user name and password information. Therefore, we cannot use the com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler implementation with a multi-threaded client where multiple threads might attempt to obtain data from standard in concurrently.

    com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler

    This implementation is used for user interface panel prompts.

    com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler

    This implementation is used when we plan to always enter the user ID and password in the BasicAuth user ID and password section that follows.

    Basic Authentication user ID and Basic Authentication password

    Specifies values for the BasicAuth user ID and password, regardless of the default callback handler indicated previously, these user ID and password values are used to authenticate to the server for the Web Services Security authentication. If you leave these values blank, use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler implementation, but only on a pure client. Always fill-in these values for any web service that acts as a client to another web service to specify for BasicAuth for authentication downstream. If you want the client identity of the originator to flow downstream, configure the web service client to use either ID assertion or Lightweight Third Party Authentication (LTPA).

    Property

    Specifies properties with name and value pairs for custom callback handlers to use. For BasicAuth authentication, we do not need to enter any information. To enter a new property, click Add and enter the new property and value.


Results


Other basic authentication entries: There is a basic authentication entry in the Port Qualified Name Binding Details section. This entry is used for HTTP transport authentication, which might be required if the router servlet is protected.

Information specified in the Web Services Security basic authentication section overrides the basic authentication information specified in the Port Qualified Name Binding Details section for authorizing the web service.

For a server that acts as a client, do not specify a user interface or non-user interface prompt callback handler. To configure BasicAuth authentication from one web service to a downstream web service, select the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander implementation and explicitly specify the BasicAuth user ID and password. If you want the client identity of the originator to flow downstream, configure the web service client to use ID assertion.

To use the BasicAuth authentication method, specify the method in the Login configuration section of the assembly tool . See Configure the client for basic authentication: specifying the method if we have not previously specified this information.


Subtopics


Related concepts:

BasicAuth authentication method
Development and assembly tools


Related


Configure the client for basic authentication: specifying the method
Configure the client for identity assertion: specifying the method
Configure the client for identity assertion: collecting the authentication method
Configure the client for LTPA token authentication: specifying LTPA token authentication
Configure the client for LTPA token authentication: collecting the authentication method information
Configure the client security bindings using an assembly tool
Configure the security bindings on a server acting as a client


+

Search Tips   |   Advanced Search