Alessandro Rossi Posted January 15 Share Posted January 15 Hi, I have some problems in migrating to Sage 12 an existing Java web application for calling a web service.Now I have a Java web application that properly calls a Sage web service and the source code is the following public class X3WS { ... StringBuffer XmlInput = new StringBuffer(); public CAdxResultXml ResultXML = null; public CAdxWebServiceXmlCCServiceLocator WebServiceEndpoint; public CAdxWebServiceXmlCC WebService = null; public CAdxCallContext caller = new CAdxCallContext(); public void Init() { WebServiceEndpoint = new CAdxWebServiceXmlCCServiceLocator(); WebServiceEndpoint.setCAdxWebServiceXmlCCEndpointAddress(this.endPoint); try{ WebService = WebServiceEndpoint.getCAdxWebServiceXmlCC(); } catch (ServiceException error){ logger.error(e.getMessage(), error); } caller.setCodeLang(this.codeLang); caller.setCodeUser(this.codeUser); caller.setPassword(this.password); caller.setPoolAlias(this.poolAlias); caller.setRequestConfig(this.requestConfig); } ... } X3WS serv = new X3WS(endPoint, codeLang, codeUser, password, poolAlias, requestConfig); serv.Init(); serv.WebService.save(serv.caller, sendDocumentData.serviceType, inputXmlDoc); With Sage 12 I have to do a Basic Authentication. In an .NET example I founded that I need to create a new CAdxWebServiceXmlCCServiceBasicAuth class that overrides the getWebRequest(uri) of the .NET CAdxWebServiceXmlCCService method (see the image below), but I haven't the getWebRequest(uri) method in the Java CAdxWebServiceXmlCCService generated from the WSDL definition. Any suggestions to create a Java class version of the CAdxWebServiceXmlCCServiceBasicAuth .NET class? Thank you in advance, best regards Alessandro Link to comment Share on other sites More sharing options...
Gonzalez, Bruno Posted April 2 Share Posted April 2 Hi Alessandro, If you read the .Net code, it modifies the web query HTTP header to add the property "Authorization" with the value "Basic" + the user and password encoded in base64. This being said, basic authentication shouldn't be used for production. It is recommended to use Json Web Tokens through X3 connected Apps: https://jwt.io/ https://online-help.sagex3.com/erp/12/en-us/Content/V7DEV/administration-reference_connected-applications.html?Highlight=connected applications In a connected app, you define the calling app, and can select a user assigned to it. Create one app per user if you have several. Define the token validaty in seconds. When you create the app, it gives you a client id and secret. These credentials will allow you creating a Json Web Token that you can use in the HTTP header property "Authorization" with value "Bearer" plus your token. Keep the secret in a safe location, not in clear text. if you loose it or you think it may be compromised, then regenerate the secret from the connected app or delete the app and create a new one to get a new pair client id/secret: It is the responsibility of the calling application to manage the JWT, meaning if you set the token to be expired every hour, then your application needs to to detect that the token is expired (HTTP return code should be 401) and implement JWT token generation from the client id and secret you've stored securely on your side. I hope this helps. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now