How do I consume a web service protected with HTTP basic authentication using the CXF framework?

Question

I tried to get it to work using the CXF User Guide, but I've had no luck.

I'm trying to call the web service using java code.

This link helped me to resolve the same issue http://www.brimllc.com/2011/04/apache-cxf-client-setting-http-request-header-for-basic-authentication/comment-page-1/#comment-4313 — karthi keyan, Nov 12 '11 at 09:14

score 25 · Accepted Answer · edited Nov 12 '11 at 09:42

25

This is covered by the JAX-WS Specification. Basically, set the username/password as properties on the request context:

((BindingProvider)proxy).getRequestContext().put(
    BindingProvider.USERNAME_PROPERTY, "joe");
((BindingProvider)proxy).getRequestContext().put(
    BindingProvider.PASSWORD_PROPERTY, "pswd");

The runtime puts them into the HTTP header.

edited Nov 12 '11 at 09:42

Mat

202,337
40
393
406

answered Apr 01 '09 at 16:00

Daniel Kulp

14,447
4
45
37

5

Could be worth to mention that you just need to cast the CXF port : BindingProvider portBP = (BindingProvider) port; portBP.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "username"); portBP.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "password"); – Francois Dec 15 '11 at 13:43

score 8 · Answer 2 · edited Nov 21 '11 at 01:56

8

You can provide your own Authenticator. That way it will work if the WDSL itself is protected by basic HTTP authentication.

@WebServiceRef(wsdlLocation = "https://laka/sito?wsdl")
static XxxService service;

public static void main(String[] args) {

    Authenticator.setDefault(new Authenticator() {
        @Override
        protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication("user", "password".toCharArray());
        }
    });

    service = new XxxService();
    Xxx port = service.getXxxPort();

    // invoke webservice and print response
    XxxResponse resp = port.foo();
    System.out.println(resp.toString());

}

edited Nov 21 '11 at 01:56

animuson

53,861
28
137
147

answered Oct 28 '11 at 12:27

mikeltxo

131
1
3

Note that the `Authenticator.setDefault(Authenticator)` method is static and thus will apply to all of your threads. However, it's easy enough to get around this by using a `ThreadLocal` variable to save different authentication information per thread. – Marco Feb 04 '15 at 15:24
1

I see `Authenticator.setDefault` is static but it is also a synchronized method. Does it really required to use ThreadLocal ? – Saravana Kumar May 14 '15 at 19:44

score 6 · Answer 3 · answered Feb 19 '11 at 11:51

6

There is a much better way:

when generating Java from WSDL, add option "-exsh true" :

wsdl2java -exsh true -p edu.sharif.ce http://wsdl.ir/WebServices/WebService.asmx?WSDL

and add UserCredential when using:

UserCredentials user = new UserCredentials();
user.setUserid("user");
user.setPassword("pass");

ResearchWebService_Service service = new ResearchWebService_Service();
ResearchWebService port = service.getResearchWebService();
port.addNewProject(newProject, user);

answered Feb 19 '11 at 11:51

Mohammad Dashti

745
1
9
22

Are you sure this will enable Basic authentication in the HTTP request headers? This will probably set the credentials inside the SOAP message instead of setting an Authorization HTTP header... (as the docs say this operates on 'implicit soap headers') – Geert Mar 23 '16 at 14:24

How do I consume a web service protected with HTTP basic authentication using the CXF framework?

3 Answers3

Linked