IBM Support

How to use pre-emptive authentication with http sql functions?

How To


Summary

Some web service servers require pre-emptive authentication, which is not used by default by sql http client functions

Objective

By Default non-preemptive authentication is used, which means that in the first step the request is sent without any authentication information.  This is then replied with response 401 Unauthorized and a header with the required authentication information.
The second step then is sending a header with the authentication information that then gets a response of 200 OK.
This two step approach is considered safer as only servers that require authentication are getting credentials.
However, some servers do not allow the second step and close the connection after responding with 401 on the first request that failed because it did not provide authentication.  These servers require pre-emptive authentication, so the credentials are already sent with the initial request.

Environment

Applications that make use of http sql functions like HTTPGETCLOB (or HTTPDELETE/POST/PUT-C/BLOB) which issue requests to consume webservices.

Steps

In order to switch to pre-emptive authentication for a job:
  1. Create this SQL function:
    CREATE OR REPLACE FUNCTION setProperty(PROP VARCHAR(80),
        value VARCHAR(80)) RETURNS VARCHAR(80) LANGUAGE java PARAMETER STYLE java EXTERNAL name 'java.lang.System.setProperty';
  2. Use this sql statement to set the property:
    values setProperty('httpclient.authentication.preemptive', 'true');
After that, a select like this will work fine with servers requiring pre-emptive authentication:
select * from  systools.HTTPGETCLOB (
  'https://someurl.com/req?&prod=someprod',
  Cast(('<httpHeader><header name="Authorization" value="Basic ' CONCAT
  SYSTOOLS.BASE64ENCODE( cast ('someuser:somepassword' as varchar(128) ccsid 1208)) CONCAT'"/>
  <header name="Content-Type" value="text/text;charset=utf-8"/></httpHeader>')
  as VARCHAR(512) CCSID 1208));

Additional Information

Note: In order to make authentication work, the URL shouldn't require redirection.

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
04 February 2020

UID

ibm11285186

Page Feedback