4

I have created a web-service that uses basic authentication in JDeveloper 11.1.1.4.

When i test my application using a client application is runs correctly so i know that the authentication mechanism has no problems.

How can i pass authentication info into the HTTP Analyzer by right clicking on Webservices and selecting Test Web Service?

I have tried to pass credentials through SOAP Headers > :WS-Security:Header like below but is not working

case1

I have also tried to pass authentication through Credentials option like shown below

case2

In both cases i get this error 500 HTTP Analyzer Server Error The server sent HTTP status code 401: Unauthorized: .....

How can i get through this? Thanks

UPDATE

I also tried to pass Authentication option to Request HTTP Headers but get the error message :

Error 403--Forbidden From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1: 10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

MaVRoSCy
  • 17,747
  • 15
  • 82
  • 125

2 Answers2

1

If you're using Basic authentication, all you need is set request header Authorization. Value of this header: prefix Basic, one space, Base64 encoded string with usrname:password, so your header for Aladin:sesam open should be like this: Basic QWxhZGluOnNlc2FtIG9wZW4=.

On screenshot i see section Request HTTP headers, add Authorization header to it.

user1516873
  • 5,060
  • 2
  • 37
  • 56
  • tried it and receive error 403: The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable. – MaVRoSCy Sep 24 '12 at 06:19
  • Also check Web service URL, maybe it points to wrong direction. – user1516873 Sep 24 '12 at 07:29
  • yeap, lets say for `Basic user1:tester1`, i use `Basic dXNlcjE6dGVzdGVyMQ==` . Isn't it right?> – MaVRoSCy Sep 24 '12 at 07:32
  • the `URL` is inserted by JDeveloper automatically, and it looks ok – MaVRoSCy Sep 24 '12 at 07:33
  • it's correct. So i have no idea what wrong. It should work. Basic auth is really very simple - just one HTTP header. – user1516873 Sep 24 '12 at 07:34
  • using SoapUI i test my web services and work really good. When i try to use it with JDeveloper (using the same Request HTTP Headers) as SoapUI it fails – MaVRoSCy Sep 24 '12 at 07:41
  • 1
    I had to use JDeveloper some time ago (11.1.1.2), and it was really buggy. Maybe it is a bug, like this? http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html – user1516873 Sep 24 '12 at 07:56
  • OMG, you are right! That was my fault. I was missing the `security-role-assignment`. Now it works great. Thanks a lot :) – MaVRoSCy Sep 24 '12 at 08:15
1

I am aware that this is an old post , but this may benefit those who run into this issue.

I am using Jdeveloper 11.1.2. I have secured the JAX-RPC web service (created by exposing PL/SQL poackage) using basic authentication. I attached the security policy: "Auth.xml" using the wizard.

I was able to test this using HTTP Analyzer. I just passed the user credentials in the SOAP Headers as shown below and it worked fine for me.(I also passed invalid creds and no creds to see if the security works as expected.)

Hope this helps !!!

enter image description here

Chiseled
  • 2,280
  • 8
  • 33
  • 59