Problems in migrating to Sage 12 an existing Java web application for calling a web service

[Alessandro Rossi]

Hi,
I have some problems in migrating to Sage 12 an existing Java web application for calling a web service.Now I have a Java web application that properly calls a Sage web service and the source code is the following

public class X3WS {
    ...

   StringBuffer XmlInput = new StringBuffer();
   public CAdxResultXml ResultXML = null;
   public CAdxWebServiceXmlCCServiceLocator WebServiceEndpoint;
   public CAdxWebServiceXmlCC WebService = null;
   public CAdxCallContext caller = new CAdxCallContext();

   public void Init() {
      WebServiceEndpoint = new CAdxWebServiceXmlCCServiceLocator();
      WebServiceEndpoint.setCAdxWebServiceXmlCCEndpointAddress(this.endPoint);
      try{
         WebService = WebServiceEndpoint.getCAdxWebServiceXmlCC();
      } catch (ServiceException error){
         logger.error(e.getMessage(), error);
      }
      caller.setCodeLang(this.codeLang);
      caller.setCodeUser(this.codeUser);
      caller.setPassword(this.password);
      caller.setPoolAlias(this.poolAlias);
      caller.setRequestConfig(this.requestConfig);
   }
   ...
}

X3WS serv = new X3WS(endPoint, codeLang, codeUser, password, poolAlias, requestConfig);
serv.Init();
serv.WebService.save(serv.caller, sendDocumentData.serviceType, inputXmlDoc);

With Sage 12 I have to do a Basic Authentication.

In an .NET example I founded that I need to create a new CAdxWebServiceXmlCCServiceBasicAuth class
that overrides the getWebRequest(uri) of the .NET CAdxWebServiceXmlCCService method (see the image below),

but I haven't the getWebRequest(uri) method in the Java CAdxWebServiceXmlCCService generated from the WSDL definition.

Any suggestions to create a Java class version of the CAdxWebServiceXmlCCServiceBasicAuth .NET class?

Thank you in advance, best regards

 Alessandro

[Gonzalez, Bruno]

Hi Alessandro,

If you read the .Net code, it modifies the web query HTTP header to add the property "Authorization" with the value "Basic" + the user and password encoded in base64.

This being said, basic authentication shouldn't be used for production. It is recommended to use Json Web Tokens through X3 connected Apps:

https://jwt.io/

https://online-help.sagex3.com/erp/12/en-us/Content/V7DEV/administration-reference_connected-applications.html?Highlight=connected applications


In a  connected app, you define the calling app, and can select a user assigned to it. Create one app per user if you have several.
Define the token validaty in seconds.
When you create the app, it gives you a client id and secret. These credentials will allow you creating a Json Web Token that you can use in the HTTP header property "Authorization" with value "Bearer" plus your token.

Keep the secret in a safe location, not in clear text. if you loose it or you think it may be compromised, then regenerate the secret from the connected app or delete the app and create a new one to get a new pair client id/secret:

 

It is the responsibility of the calling application to manage the JWT, meaning if you set the token to be expired every hour, then your application needs to to detect that the token is expired (HTTP return code should be 401) and implement JWT token generation from the client id and secret you've stored securely on your side.

I hope this helps.