The basic authentication (BasicAuth) method refers to the user
ID and the password of a valid user in the registry of the target server.
Collection of BasicAuth information can occur in many ways including through
a user interface prompt, a standard in (Stdin) prompt, or specified in the
bindings, which prevents user interaction.
About this task
Note: There is an important distinction between Version 5.x and
Version 6.0.x and later applications. The information in this article
supports Version 5.x applications only that are used with WebSphere
Application Server Version 6.0.x and later. The information does not
apply to Version 6.0.x and later applications.
For more
information on BasicAuth authentication, see BasicAuth authentication method
.
Complete this task
to specify the authentication information needed for BasicAuth authentication:
Procedure
- Launch an assembly tool. For more information on the
assembly tools, see Assembly tools
.
- Switch to the Java 2 Platform, Enterprise Edition (J2EE) perspective.
Click Window > Open Perspective > J2EE.
- Click Application Client Projects > application_name >
appClientModule > META-INF.
- Right-click the application-client.xml file, select Open
with > Deployment descriptor editor.
- Click the WS Binding tab, which is located at the bottom
of deployment descriptor editor within the assembly tool.
- Expand the Security request sender binding configuration > Login
binding section.
- Click Edit or Enable to view the login binding information.
The login binding information displays and enter the following information:
- Authentication method
- Specifies the type of authentication. Select BasicAuth to use basic
authentication.
- Token value type URI and Token value type local name
- When you select BasicAuth, you cannot edit the token value type
URI and the local name values. Specifies values for custom authentication
types. For BasicAuth authentication, leave these values blank.
- Callback handler
- Specifies the Java Authentication and Authorization Server (JAAS) callback
handler implementation for collecting the BasicAuth information. You can use
the following default implementations for the callback handler:
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This implementation is used for non-user interface console prompts.
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This implementation is used for user interface panel prompts.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation is used when you plan to always enter the user ID
and password in the BasicAuth user ID and password section that follows.
- Basic Authentication user ID and Basic Authentication password
- Specifies values for the BasicAuth user ID and password, regardless of
the default callback handler indicated previously, these user ID and password
values are used to authenticate to the server for the Web services security
authentication. If you leave these values blank, use either the GUIPromptCallbackHandler
or the StdinPromptCallbackHandler implementation, but only on a pure client.
Always fill-in these values for any Web service that acts as a client to another
Web service that you want to specify for BasicAuth for authentication downstream.
If you want the client identity of the originator to flow downstream, configure
the Web service client to use either ID assertion or Lightweight Third Party
Authentication (LTPA).
- Property
- Specifies properties with name and value pairs for custom callback handlers
to use. For BasicAuth authentication, you do not need to enter any information.
To enter a new property, click Add and enter the new property and value.
Results
Other basic authentication entries: There is a basic authentication
entry in the Port Qualified Name Binding Details section. This entry is used
for HTTP transport authentication, which might be required if the router servlet
is protected.
Information specified in the Web services security basic
authentication section overrides the basic authentication information specified
in the Port Qualified Name Binding Details section for authorizing the Web
service.
For a server that acts as a client, do not specify a user interface
or non-user interface prompt callback handler. To configure BasicAuth authentication
from one Web service to a downstream Web service, select the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander implementation
and explicitly specify the BasicAuth user ID and password. If you want the
client identity of the originator to flow downstream, configure the Web service
client to use ID assertion.