Basic authentication (BasicAuth) refers to the user ID and the
password of a valid user in the registry of the target server. After a request
is received that contains basic authentication information, the server needs
to log in to form a credential. The credential is used for authorization.
Before you begin
Important: There is an important distinction
between Version 5.x and Version 6.0.x and later applications.
The information in this article supports Version 5.x applications only
that are used with WebSphere Application Server Version 6.0.x and later.
The information does not apply to Version 6.0.x and later applications.
About this task
Complete the following steps to configure the server to handle BasicAuth
authentication information:
Procedure
- Launch an assembly tool. For more information on the
assembly tools, see Assembly tools
.
- Switch to the Java 2 Platform, Enterprise Edition (J2EE) perspective.
Click Window > Open Perspective > J2EE.
- Click EJB Projects > application_name > ejbModule
> META-INF.
- Right-click the webservices.xml file, and click Open
with > Web services editor.
- Click the Extensions tab, which is located at the bottom of the
Web services editor within an assembly
tool.
- Expand the Request receiver service configuration details >
Login configuration section. You can select the following
options:
- BasicAuth
- Signature
- ID assertion
- Lightweight Third Party Authentication (LTPA)
.
- Select BasicAuth to authenticate the client with a user
ID and a password. The client must specify a valid user ID and
password in the server user registry. If the user ID and the password supplied
are not valid, an exception is provided, and the request ends without invoking
the resource.
You can select multiple login configurations, which means
that different types of security information might be received at the server.
The order in which the login configurations are added decides the order in
which they are processed when a request is received. Problems can occur if
you have multiple login configurations added that have security tokens in
common. For example, ID assertion contains a BasicAuth token. For ID assertion
to work properly, list ID assertion ahead of BasicAuth in the processing list
or the BasicAuth processing overrides the IDAssertion processing.
What to do next
After you specify how the server handles BasicAuth authentication
information, you must specify how the server validates the authentication
information. See the task for configuring the server to validate BasicAuth
authentication if you have not previously specified this information.