SOAP Authentication with URL Parameters

SOAP Authentication with URL Parameters

Scenario

In one of my latest project we set up a SOAP communication with a partner. Unfortunately, the partner was not able to include basic authentication header when sending a SOAP message. As we did not want to expose our SOAP Sender communication channel to the web, but could not wait for the partner to find a way to use basic authentication, we looked for another solution.

Solution

It is possible to include the webservice credentials into the URL. Just add the following two parameters to the query string of your URL and replace USER and PASSWORD with the configured values.

&j_username=USER&j_password=PASSWORD

Please keep in mind that this solution is highly insecure as the username and password are exposed!

Leave a Reply

Your email address will not be published. Required fields are marked *