Applying Basic HTTP Authentication on Axis2 Web Services in Tomcat
Basic authentication is sort of authentication mechanism for restricting access of resources on tomcat. This is a simple way to limiting accesses but it uses easy to sniff plain http messages with base64 encoded username and password pair inside http header.
In order to apply basic http authentication on axis2 web services, please follow the steps, below:
- Add this config xml to tomcat-users.xml under conf directory.
- Go to \webapps\axis2\WEB-INF, add the following lines to web.xml.
tag defines the url where to bind security constraints. Also, you can specifically define this security config for a specific service on axis2.
- Start tomcat and test default web service(Version) on Axis2. There is little button “aut” written on its label, in soapUI test window. I fill the username and password as I set in tomcat-users-xml and select authorization type “preemptive”. Send the request and everything will work fine. If credentials are not supplied, ClientProtocolException will occur and logged in “soapui logs.”
secured services /axis2/services wsclient BASIC wsclient
ERROR:Exception in request: org.apache.http.client.ClientProtocolException ERROR:An error occured [org.apache.http.client.ClientProtocolException], see error log for details