Adding HTTP basic authentication by using an assembly tool

Use the HTTP basic authentication method to secure a service within a secured network such as HTTPS or an intranet. To enable HTTP basic authentication, edit J2EE deployment descriptors defined in the SOAP binding module.

Before you begin

About this task

To add authentication to a service, you edit the EJB deployment descriptor. You can edit the deployment descriptor in the XML file, Alternatively, you can use an assembly tool such as IBM Rational® Application Developer as described in this procedure.

Procedure

  1. In the Project Explorer tab, expand the soaprouter module.
  2. Double-click the Web deployment descriptor file to edit it.
  3. Click the Pages tab.
  4. In the Login section, select Authentication method > BASIC and save the change.
  5. Click the Security tab.
  6. In the Security Roles section, type the name of the role that you want to add in the Name field and click Add.
  7. In the Security Constraints section, click Add.

    Make the security constraints for authentication the same as the security constraints that you define when you add authorization to the service.

  8. Type a name for the constraint and click Next.
  9. Type a Web resource name, select POST and GET for the HTTP method, and add /* to the Pattern field. In order to protect the service WSDL, you must protect the GET HTTP method.
  10. Click Finish.
  11. In the Authorized Roles section, click Add.
  12. Select the Role Name that you added in the Security Roles section and click Finish.
  13. In the User Data Constraint section, select NONE and save the changes. This constraint is used only for SSL connections.
  14. In EJB Projects section of the Project Explorer tab, expand the soapbinding module.
  15. Double-click the EJB deployment descriptor file to edit it.
  16. Click the Assembly tab.
  17. In the Security Roles section, click Add and type the same role name that you added to the Web deployment descriptor.
  18. In the Method Permissions section, click Add.
  19. In the Method Permission window, select the security role and click Next.
  20. In the Enterprise Bean Selection window, select the enterprise bean for your service and click Next.
  21. In the Method Elements window, select the methods that you want to secure. In a typical situation, select all the methods.
  22. Click Finish and save the changes.
Parent topic: Adding authentication mechanisms