I want to provide a secured 'Web Service Process' (means, that it requires username and password) and call this 'Web Service Process' with a 'Web Service Call Element'?

Simply checking 'HTTP Basic' as authentication method on both (WS Process and WS Call) seems not to work.

asked 04.09.2014 at 10:29

Dominik%20Regli's gravatar image

Dominik Regli ♦
9013518
accept rate: 85%


The ivy Web Service Call Element supports following authentication methods:

  • HTTP Basic
  • HTTP Disgest
  • NTLM

Whereas, the ivy Web Service Process supports only 'Basic WS Security' (cleartext username and password provided in SOAP header). (Note, that the labels on the inscription mask of the Web Service Process are actually not correct, the radio button which is labeled 'HTTP Basic' should be labeled with 'WS Security'. We will adjust this in future versions of ivy to avoid confusion.)

As you can see, these authentication methods are basically not compatible. But if you are in a Single Sign On Environment (with MS Internet Information Services (IIS) in front of ivy), IIS can do 'HTTP Basic Authentication' in place of the WS Process.

So, you can configure IIS to do one of the desired authentication methods (one of HTTP Basic, HTTP Disgest or NTLM) and configure your Web Service Call Element correspondingly.

For your Web Service Process you simply select the authentication method 'None/Container'.

In this setup, the Web Service Process supports (with help of IIS) 'HTTP Basic Authentication'. Since users are already authenticated by IIS, their requests are passed through and taken over by the WS Process.

Note that SSO authentication is only supported for ivy versions 4.3.24, 5.0.14 and 5.1.0 and newer.

link

answered 04.09.2014 at 10:48

Dominik%20Regli's gravatar image

Dominik Regli ♦
9013518
accept rate: 85%

edited 10.09.2014 at 13:56

As mentioned in the answer above, in newer ivy versions (4.3.24, 5.0.14 and 5.1.0 and later) we improved the Web Service Process for Single Sign On Environments. With this change, users which are already authenticated by IIS respectively the ivy web-container (Tomcat) are passed through and taken over by the WS Process.

This is useful, even if you are not in an SSO environment. In this case, you can also configure Tomcat to do 'HTTP Basic Authentication'.

Here is a short description, how to set up Tomcat to do 'HTTP Basic Authentication':

Add following entries to 'webapps/ivy/WEB-INF/web.xml'

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Secured Web Service Process</web-resource-name>
        <!-- With this pattern we secure only the Web Service Processes and not any others -->
        <url-pattern>/ws/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ivy-ws-role</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>ivy-ws-role</role-name>
</security-role>

Create a users-file and place it to any location of your choice. Its content looks as follows:

<tomcat-users>    
    <role rolename="ivy-ws-role"/>
    <user username="WSUser" password="WSUser" roles="ivy-ws-role"/> 
</tomcat-users>

Add following entriy to 'webapps/ivy/META-INF/context.xml'

<Realm className="org.apache.catalina.realm.MemoryRealm"
       pathname="<path to user file>/tomcat-users.xml"/>

With this, using 'HTTP Basic Authentication' for ivy Web Service Processes will work and you can call it from a Web Service Call Element (with 'HTTP Basic' enabled as authentication method. Note, that in the sample above, you have to maintain the Web Service users redundantly in the Tomcat users-file and in ivy. In a production environment, you may use another realm than the MemoryRealm to receive the users for Tomcat.

link

answered 10.09.2014 at 13:56

Dominik%20Regli's gravatar image

Dominik Regli ♦
9013518
accept rate: 85%

Update: Starting with Axon.ivy BPM Suite 6.0.4 and 6.2 WebService Processes also supports HTTP Basic authentification.

link

answered 15.06.2016 at 15:45

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k172654
accept rate: 74%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×42
×15

Asked: 04.09.2014 at 10:29

Seen: 1,733 times

Last updated: 15.06.2016 at 15:45