The basic authentication (BasicAuth)
method refers to the user ID and the password of a valid user in the
registry of the target server. Collection of BasicAuth information
can occur in many ways including through a user interface prompt,
a standard input (Stdin) prompt, or specified in the bindings, which
prevents user interaction.
About this task
Note: There is an important distinction between Version 5.x and
Version 6.0.x and later applications. The information in this
article supports Version 5.x applications only that are used
with WebSphere® Application
Server Version 6.0.x and later. The information does not apply
to Version 6.0.x and later applications.
For more
information on BasicAuth authentication, see Método de Autenticação BasicAuth.
Complete
this task to specify the authentication information that is needed
for BasicAuth authentication:
Procedure
- Start an assembly tool. For more information,
see the related information on Assembly Tools.
- Switch to the Java™ Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the application-client.xml file,
select .
- Click the WS Binding tab, which is at the end of the deployment
descriptor editor within the assembly tool.
- Expand the section.
- Click Edit or Enable to
view the login binding information. The login binding information
will display and enter the following information:
- Authentication method
- Specifies the type of authentication. Select BasicAuth to
use basic authentication.
- Token value type URI and Token value type local name
- When you select BasicAuth, you cannot edit
the token value type URI and the local name values. Specifies values
for custom authentication types. For BasicAuth authentication, leave
these values blank.
- Callback handler
- Specifies the Java Authentication
and Authorization Server (JAAS) callback handler implementation for
collecting the BasicAuth information. You can use the following default
implementations for the callback handler:
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This implementation is used for non-user interface console prompts.
Restriction: This implementation prompts for the user name and
password and reads them into the configuration from standard input.
If you have a multi-threaded client and multiple threads attempting
to read from standard input at the same time, all the threads will
not successfully obtain the user name and password information. Therefore,
you cannot use the com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler implementation
with a multi-threaded client where multiple threads might attempt
to obtain data from standard input concurrently.
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This implementation is used for user interface panel prompts.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation is used when you plan to always enter the
user ID and password in the BasicAuth user ID and password section
that follows.
- Basic Authentication user ID and Basic Authentication password
- Specifies values for the BasicAuth user ID and password, regardless
of the default callback handler indicated previously, the user ID
and password values are used to authenticate to the server for the
Web Services Security authentication. If you leave these values blank,
use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler implementation,
but only on a pure client. Always fill in these values for any web
service that acts as a client to another web service that you want
to specify for BasicAuth for authentication downstream. If you want
the client identity of the originator to flow downstream, configure
the web service client to use either ID assertion or Lightweight Third
Party Authentication (LTPA).
- Property
- Specifies properties with name and value pairs for custom callback
handlers to use. For BasicAuth authentication, you do not need to
enter any information. To enter a new property, click Add and
enter the new property and value.
Results
Other basic authentication entries: There is a basic
authentication entry in the Port Qualified Name Binding Details section.
This entry is used for HTTP transport authentication, which might
be required if the router servlet is protected.
Information
that is specified in the Web Services Security basic authentication
section overrides the basic authentication information that is specified
in the Port Qualified Name Binding Details section for authorizing
the web service.
For a server that acts as a client, do not
specify a user interface or non-user interface prompt callback handler.
To configure BasicAuth authentication from one web service to a downstream
web service, select the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander implementation
and explicitly specify the BasicAuth user ID and password. If you
want the client identity of the originator to flow downstream, configure
the web service client to use ID assertion.
What to do next
To use the BasicAuth authentication method, you must specify
the method in the Login configuration section of the assembly tool.
See
Configuring the client for basic authentication: specifying the method if
you have not previously specified this information.