Oracle Service Bus 12c: Retrieving Username from HTTP Basic authentication token

Using HTTP Basic authentication is a common mechanism to check user’s authenticity, when creating REST-enabled API’s to prevent applications and it’s functionalities from unathorized access. Service Bus 12c (SB) supports this authentication method by using a OWSM security policy. The corresponding authentication information are transported in the HTTP header.
In some cases, for example when only user-relevant data should be determined when querying information from Enterprise Information Systems (EIS), the information about the current user that are available  in the HTTP header might be helpful. As an alternative the username information could be transported in the payload of each Service Call, e.g. as a query parameter.
In the following I will describe, which steps are needed to extract the username from the HTTP header, so transporting the same information twice, in the header and the payload, can be avoided.
Starting point is a simple HelloWorld service, which expects a valid HTTP Basic authentication token. In the example a corresponding OWSM policy is used to realize this. The service as such has an operation „greet“ that takes no parameter. As result, it returns a personalized salution based on the passed authorization header.
Enabling_HTTP_Basic_Auth_on_Proxies

Enabling HTTP basic authentication on proxy services

In the Proxy Service configuration it has to be ensured that the option „Get all headers“ is enabled in the transport configuration. Unfortunately setting this option is not sufficient, because SB removes Security information from the HTTP header before entering the processing pipeline. To force SB to keep the authentication information the additional java option „-Dcom.bea.wli.sb.transports.http.GetHttpAuthorizationHeaderAllowed=true“ has to be added in setDomainEnv.sh. A server restart is needed to enable the updated JVM settings.
Parsing out the username from the HTTP basic authentication token is done by a Java Callout that call a static method from a Java class that does the needed „magic“.
public class UsernameExtractor {

  public static String extract(String pHttpAuthenticationToken) {

    final String authenticationTokenWithoutBasicPrefix = pHttpAuthenticationToken
      .substring(6);

    final String base64DecodedAuthorizationString = new String(DatatypeConverter
      .parseBase64Binary(authenticationTokenWithoutBasicPrefix));

    return base64DecodedAuthorizationString.split(":")[0];
  }
}
The Java class from above is packaged in form of a JAR file, which is added to the corresponding HelloWorld project. The invocation is done by using a Java callout during message processing in the pipeline.
Parsing_username_from_HTTP_Basic_auth_token

Parsing out the username from HTTP header using a Java Callout

After deploying the HelloWorld SB service to Oracle Service Bus 12c, the service can be tested using SOAP UI.
SoapUI_Test_HelloWorldService

Resulting salutation after service invocation

As it can be seen from the result, the service works as expected. The resulting salutation contains the username passed with the corresponding authentication information in the HTTP header.

Über svenbernhardt

Sven Bernhardt is a leading SOA/BPM architect and works as a solution architect for OPITZ CONSULTING Deutschland GmbH―a German Oracle Platinum Partner. In his role, he follows his passion for designing and building future-oriented, robust enterprise applications based on pioneering technologies. Sven is involved in diverse, large SOA and BPM implementations, dealing with challenges in the areas of business process automation and enterprise application integration. He also has longtime experience as an SOA/BPM coach, trainer, developer, and architect. Sven is an Oracle ACE and a frequent speaker at numerous IT conferences.
Dieser Beitrag wurde unter BPM & System Integration, Software Engineering abgelegt und mit , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Eine Antwort zu Oracle Service Bus 12c: Retrieving Username from HTTP Basic authentication token

  1. Pingback: SOA & BPM Community Newsletter February 2015 | SOA Community Blog

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s