You can configure basic authentication for your client applications to access web services.
If you need to use your web service client application with the basic authentication to access the protected web service resources, the client must provide the user name and password in the request when communicating with the service provider.
<featureManager>
<feature>jaxws-2.2</feature>
<feature>appSecurity-2.0</feature>
</featureManager>
<application id="TransportSecurityProvider" name="TransportSecurityProvider"
location="TransportSecurityProvider.war" type="ear">
<application-bnd>
<security-role name="Employee">
<user name="employee0" />
<group name="employeeGroup" />
</security-role>
<security-role name="Manager">
<user name="manager0" />
</security-role>
<security-role name="AllAuthenticated">
<special-subject type="ALL_AUTHENTICATED_USERS" />
</security-role>
</application-bnd>
</application>
<basicRegistry id="basic" realm="BasicRealm">
<user name="employee0" password="emp0pwd" />
<user name="employee1" password="emp1pwd" />
<user name="manager0" password="mgr0pwd" />
<group name="employeeGroup">
<member name="employee0" />
<member name="employee1" />
</group>
</basicRegistry>
@WebService(serviceName = "SayHelloPojoService",
portName = "SayHelloPojoPort")
public class SayHelloPojoService implements SayHelloService {
...
}
@WebService(serviceName = "SayHelloStatelessService",
portName = "SayHelloStatelessPort",
endpointInterface = "com.ibm.ws.jaxws.transport.server.security.SayHelloService")
@Stateless(name = "SayHelloSessionBean")
public class SayHelloStatelessService implements SayHelloLocal {
...
}
<?xml version="1.0" encoding="UTF-8"?>
<webservices-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ws-bnd_1_0.xsd"
version="1.0">
<http-publishing>
<webservice-security>
<security-constraint>
<web-resource-collection>
<web-resource-name>Only Managers</web-resource-name>
<url-pattern>/manager/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_manager">
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Employees</web-resource-name>
<url-pattern>/employee/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint id="AuthConstraint_employee">
<role-name>Employee</role-name>
</auth-constraint>
</security-constraint>
<!-- SECURITY ROLES -->
<security-role id="Staff">
<role-name>Employee</role-name>
<role-name>Manager</role-name>
</security-role>
<!-- AUTHENTICATION METHOD: Basic authentication -->
<login-config id="LoginConfig">
<auth-method>BASIC</auth-method>
<realm-name>Authentication</realm-name>
</login-config>
</webservice-security>
</http-publishing>
</webservices-bnd>
<application id="TransportSecurityClient" name="TransportSecurityClient"
location="TransportSecurityClient.war"
context-root="TransportSecurityClient" type="war" />
<?xml version="1.0" encoding="UTF-8"?>
<webservices-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ws-bnd_1_0.xsd"
version="1.0">
<!-- POJO service reference binding-->
<service-ref name="service/SayHelloPojoService">
<port name="SayHelloPojoPort"
namespace="http://ibm.com/ws/jaxws/transport/security/"
username="employee1"
password="{xor}OjIvbi8oOw=="
/>
</service-ref>
<!-- Stateless service reference binding-->
<service-ref name="service/SayHelloStatelessService">
<port name="SayHelloStatelessPort"
namespace="http://ibm.com/ws/jaxws/transport/security/"
username="employee1"
password="{xor}OjIvbi8oOw=="
/>
</service-ref>
</webservices-bnd>
@WebServiceClient(name = "SayHelloPojoService",
targetNamespace = "http://ibm.com/ws/jaxws/transport/security/",
wsdlLocation = "https://localhost:8020/TransportSecurityProvider/unauthorized/employPojoService?wsdl")
public class SayHelloPojoService
extends Service
{...}
@WebServiceClient(name = "SayHelloStatelessService",
targetNamespace = "http://ibm.com/ws/jaxws/transport/security/",
wsdlLocation = "https://localhost:8020/TransportSecurityProvider/unauthorized/EmployStatelessService?wsdl")
public class SayHelloStatelessService
extends Service
{...}
@WebServiceRef(name = "service/SayHelloPojoService")
SayHelloPojoService pojoService;
@WebServiceRef(name = "service/SayHelloStatelessService")
SayHelloStatelessService statelessService;