Basic authentication (BasicAuth)
refers to the user ID and the password of a valid user in the registry
of the target server. After a request is received that contains basic
authentication information, the server needs to log in to form a credential.
The credential is used for authorization.
Before you begin
Important: There is an important
distinction between Version 5.x and Version 6.0.x and
later applications. The information supports Version 5.x applications
only that are used with WebSphere® Application Server
Version 6.0.x and later. The information does not apply to
Version 6.0.x and later applications.
About this task
Complete the following steps to configure the server to handle
BasicAuth authentication information:
Procedure
- Launch an assembly tool.
For more information,
see the related information on Assembly Tools.
- Switch to the Java™ Platform,
Enterprise Edition (Java EE)
perspective. Click .
- Click .
- Right-click the webservices.xml file,
and click .
-
Click the Extensions tab, which is located at the end of the web
services editor within an assembly tool.
- Expand the section.
You can select the following options:
- BasicAuth
- Signature
- ID assertion
- Lightweight Third Party Authentication (LTPA)
- Select BasicAuth to authenticate
the client with a user ID and a password.
The client must
specify a valid user ID and password in the server user registry.
If the user ID and the password supplied are not valid, an exception
is provided, and the request ends without invoking the resource.
You
can select multiple login configurations, which means that different
types of security information might be received at the server. The
order in which the login configurations are added decides the order
in which they are processed when a request is received. Problems can
occur if you have multiple login configurations added that have security
tokens in common. For example, ID assertion contains a BasicAuth token.
For ID assertion to work properly, list ID assertion ahead of BasicAuth
in the processing list or the BasicAuth processing overrides the IDAssertion
processing.
What to do next
After you specify how the server handles BasicAuth authentication
information, you must specify how the server validates the authentication
information. See the task for configuring the server to validate BasicAuth
authentication if you have not previously specified this information.