5

wsdlLocation below is password protected, but paranoia makes me uncomfortable with having set a default Authenticator for the application. How can I set authentication without using a default Authenticator?

protected Orders getOrdersPort(String wsdlLocation, String namespaceURI) {
    Authenticator.setDefault(new Authenticator() {
        @Override
        protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication("username", "password".toCharArray());
        }
    });
    OrdersService service = new OrdersService(createUrlThrowRuntimeException(wsdlLocation), new QName(namespaceURI,
            "OrdersService"));
    Orders ordersPort = service.getOrdersSoap12();
    setConnectionTimeout(ordersPort);
    return ordersPort;
}
Jonas Andersson
  • 8,678
  • 2
  • 19
  • 14
  • What exactly is it that makes you paranoid? – musiKk Aug 19 '10 at 09:58
  • Two things: I don't want the credentials to authenticate the app by mistake somewhere else in the app. I don't want to expose the credentials to the outside world by mistake. I.e. by sending them over http instead of https, or to a non-trusted service. Generally I don't understand the default Authenticator enough to trust that I am always using it securely. – Jonas Andersson Aug 19 '10 at 11:02
  • `Authenticator` provides all sorts of methods for you to figure out where you send the data to: `getRequestingURL()` probably being the most important one for you. – musiKk Aug 19 '10 at 15:05
  • OK, so you're suggesting that I use the Authenticator but limit it to the URL I want. Sounds good, thanks! – Jonas Andersson Sep 01 '10 at 13:52
  • 1
    There's another potential problem with using the default Authenticator, which is described [here](http://stackoverflow.com/questions/480895/reset-the-authenticator-credentials). So you may not be able to overwrite the credentials once a successful authentication attempt has been made. – Hein Blöd Feb 23 '15 at 11:02

1 Answers1

1

One workaround is of course to download the wsdl to a local file and use that file instead. Would be nice to not have to do that though.

Jonas Andersson
  • 8,678
  • 2
  • 19
  • 14