The basic authentication
(BasicAuth)
method refers to the user ID and the password of a valid user in the
registry of the target server. Collection of BasicAuth information
can occur in many ways including through a user interface prompt,
a standard in (Stdin) prompt, or specified in the bindings, which
prevents user interaction.
About this task
Note: There is an important
distinction between Version 5.x and
Version 6.0.x and later applications. The information in this
article supports Version 5.x applications only that are used
with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
For more information on BasicAuth authentication,
see BasicAuth authentication method.
Complete
this task to specify the authentication information needed for BasicAuth
authentication:
Procedure
- Launch an assembly
tool. For more information,
see the related information on Assembly Tools.
- Switch
to the Java Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the application-client.xml file,
select .
- Click
the WS Binding tab, which
is located at the bottom of deployment descriptor editor within the
assembly tool.
- Expand the section.
- Click Edit or Enable to
view the login binding information. The login binding information
displays and enter the following information:
- Authentication
method
- Specifies the type of authentication. Select BasicAuth to
use basic authentication.
- Token value type
URI and Token value type local name
- When you select BasicAuth,
you cannot edit
the token value type URI and the local name values. Specifies values
for custom authentication types. For BasicAuth authentication, leave
these values blank.
- Callback handler
- Specifies
the Java Authentication and Authorization
Server (JAAS) callback handler implementation for collecting the BasicAuth
information. You can use the following default implementations for
the callback handler:
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This implementation is used for non-user interface console prompts.
Restriction: This implementation prompts for the user name and
password and reads them into the configuration from standard in. If
you have a multi-threaded client and multiple threads attempt to read
from standard in at the same time, all the threads will not successfully
obtain the user name and password information. Therefore, you cannot
use the com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler implementation
with a multi-threaded client where multiple threads might attempt
to obtain data from standard in concurrently.
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This implementation is used for user interface panel prompts.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation is used when you plan to always enter the
user ID and password in the BasicAuth user ID and password section
that follows.
- Basic
Authentication user ID and Basic Authentication password
- Specifies
values for the BasicAuth user ID and password, regardless
of the default callback handler indicated previously, these user ID
and password values are used to authenticate to the server for the
Web Services Security authentication. If you leave these values blank,
use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler implementation,
but only on a pure client. Always fill-in these values for any web
service that acts as a client to another web service that you want
to specify for BasicAuth for authentication downstream. If you want
the client identity of the originator to flow downstream, configure
the web service client to use either ID assertion or Lightweight Third
Party Authentication (LTPA).
- Property
- Specifies properties with name and value pairs for custom callback
handlers to use. For BasicAuth authentication, you do not need to
enter any information. To enter a new property, click Add and
enter the new property and value.
Results
Other basic authentication entries: There
is a basic
authentication entry in the Port Qualified Name Binding Details section.
This entry is used for HTTP transport authentication, which might
be required if the router servlet is protected.
Information
specified in the Web Services Security basic authentication section
overrides the basic authentication information specified in the Port
Qualified Name Binding Details section for authorizing the web service.
For
a server that acts as a client, do not specify a user interface or
non-user interface prompt callback handler. To configure BasicAuth
authentication from one web service to a downstream web service, select
the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander implementation
and explicitly specify the BasicAuth user ID and password. If you
want the client identity of the originator to flow downstream, configure
the web service client to use ID assertion.