The basic authentication (BasicAuth)
method refers to the user ID and the password of a valid user in the
registry of the target server. Collection of BasicAuth information
can occur in many ways including through a user interface prompt,
a standard in (Stdin) prompt, or specified in the bindings, which
prevents user interaction.
About this task
Note: There is an important distinction between Version 5.x and
Version 6.0.x and later applications. The information in this
article supports Version 5.x applications only that are used
with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
For more information on BasicAuth authentication,
see BasicAuth authentication method.
Complete
this task to specify the authentication information needed for BasicAuth
authentication:
Procedure
- Launch an assembly tool. For more information,
see the related information on Assembly Tools.
- Switch to the Java Platform,
Enterprise Edition (Java EE)
perspective. Click Window > Open Perspective > J2EE.
- Click Application Client Projects > application_name >
appClientModule > META-INF.
- Right-click the application-client.xml file, select Open
with > Deployment descriptor editor.
- Click the WS Binding tab, which is located at the
bottom of deployment descriptor editor within the assembly tool.
- Expand the Security request sender binding configuration >
Login binding section.
- Click Edit or Enable to view the login binding
information. The login binding information displays and
enter the following information:
- Authentication method
- Specifies the type of authentication. Select BasicAuth to
use basic authentication.
- Token value type URI and Token value type local name
- When you select BasicAuth, you cannot edit the token value
type URI and the local name values. Specifies values for custom authentication
types. For BasicAuth authentication, leave these values blank.
- Callback handler
- Specifies the Java Authentication and Authorization
Server (JAAS) callback handler implementation for collecting the BasicAuth
information. You can use the following default implementations for
the callback handler:
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This implementation is used for non-user interface console prompts.
Restriction: This implementation prompts for the
user name and password and reads them into the configuration from
standard in. If you have a multi-threaded client and multiple threads
attempt to read from standard in at the same time, all the threads
will not successfully obtain the user name and password information.
Therefore, you cannot use the com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
implementation with a multi-threaded client where multiple threads
might attempt to obtain data from standard in concurrently.
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This implementation is used for user interface panel prompts.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation is used when you plan to always enter the
user ID and password in the BasicAuth user ID and password section
that follows.
- Basic Authentication user ID and Basic Authentication password
- Specifies values for the BasicAuth user ID and password, regardless
of the default callback handler indicated previously, these user ID
and password values are used to authenticate to the server for the
Web services security authentication. If you leave these values blank,
use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler
implementation, but only on a pure client. Always fill-in these values
for any Web service that acts as a client to another Web service that
you want to specify for BasicAuth for authentication downstream. If
you want the client identity of the originator to flow downstream,
configure the Web service client to use either ID assertion or Lightweight
Third Party Authentication (LTPA).
- Property
- Specifies properties with name and value pairs for custom callback
handlers to use. For BasicAuth authentication, you do not need to
enter any information. To enter a new property, click Add and
enter the new property and value.
Results
Other basic authentication entries: There is a basic
authentication entry in the Port Qualified Name Binding Details section.
This entry is used for HTTP transport authentication, which might
be required if the router servlet is protected.
Information
specified in the Web services security basic authentication section
overrides the basic authentication information specified in the Port
Qualified Name Binding Details section for authorizing the Web service.
For
a server that acts as a client, do not specify a user interface or
non-user interface prompt callback handler. To configure BasicAuth
authentication from one Web service to a downstream Web service, select
the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander
implementation and explicitly specify the BasicAuth user ID and password.
If you want the client identity of the originator to flow downstream,
configure the Web service client to use ID assertion.