This section explains how to perform authentication against Web services requiring HTTP basic, digest or NTLM authentication mechanisms.

Non-Standard
This mode of authentication is non-standard in the Web service world because the authentication data is passed outside of the SOAP message. This feature is still experimental and requires Ode >1.1

Authentication element and message part

To perform authentication, you must pass an additional message part containing the general authentication element which contains the credentials (as plain-text strings)

Authenticate Message Part Content
<auth:authenticate xmlns:auth="urn:ode.apache.org/authentication">
    <auth:username/>?
    <auth:password/>?
    <auth:domain/>?     <!-- NTLM specific -->
    <auth:realm/>?      <!-- NTLM specific -->
    <auth:token/>?
</auth:authenticate>

This additional message part may be declared in the WSDL definition to allow tools to validate the data structure:

"MyService.wsdl"
<?xml version='1.0' encoding='utf-8'?>
<wsdl:definitions xmlns:tns="http://www.example.com"
                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
                  xmlns:xs="http://www.w3.org/2001/XMLSchema"
                  xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
                  xmlns:auth="urn:ode.apache.org/authentication"
                  targetNamespace="http://example.com">

    <wsdl:import namespace="urn:ode.apache.org/authentication" location="Authentication.xsd"/>

    <wsdl:message name="MyRequest">
        <wsdl:part name="body" element="tns:HelloText"/>
        <wsdl:part name="authenticate" element="auth:authenticate"/>     <!-- Additional part -->
    </wsdl:message>

</wsdl:definitions>

Notes:

  • The message part does not have to be named authenticate, it is only suggested as descriptive name.
  • The message part should not be referenced as SOAP header or SOAP body in the binding.
  • If you are using Document-Literal style binding, make sure that your body binding references the body part, because you now have more than one part in the message definition.

The "authenticate" element schema.

The schema of the authenticate element follows:

Authenticate.xsd
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
           targetNamespace="urn:ode.apache.org/authentication"
           elementFormDefault="qualified">

    <xs:element name="authenticate">
        <xs:complexType>
            <xs:sequence>
                <xs:element name="username" type="xs:string"  minOccurs="0" maxOccurs="1"/>
                <xs:element name="password" type="xs:string"  minOccurs="0" maxOccurs="1"/>
                <xs:element name="domain" type="xs:string" minOccurs="0" maxOccurs="1"/>
                <xs:element name="realm" type="xs:string" minOccurs="0" maxOccurs="1"/>
                <xs:element name="token" minOccurs="0" maxOccurs="1">
                    <xs:complexType>
                        <xs:sequence>
                            <xs:any minOccurs="1"/>
                        </xs:sequence>
                    </xs:complexType>
                 </xs:element>
            </xs:sequence>
        </xs:complexType>
    </xs:element>

</xs:schema>

You can add this schema to your project to allow tools to display/validate the correct element structure.