Jump to content

Problems in migrating to Sage 12 an existing Java web application for calling a web service


 Share

Recommended Posts

Hi,
I have some problems in migrating to Sage 12 an existing Java web application for calling a web service.Now I have a Java web application that properly calls a Sage web service and the source code is the following

public class X3WS {
    ...

   StringBuffer XmlInput = new StringBuffer();
   public CAdxResultXml ResultXML = null;
   public CAdxWebServiceXmlCCServiceLocator WebServiceEndpoint;
   public CAdxWebServiceXmlCC WebService = null;
   public CAdxCallContext caller = new CAdxCallContext();

   public void Init() {
      WebServiceEndpoint = new CAdxWebServiceXmlCCServiceLocator();
      WebServiceEndpoint.setCAdxWebServiceXmlCCEndpointAddress(this.endPoint);
      try{
         WebService = WebServiceEndpoint.getCAdxWebServiceXmlCC();
      } catch (ServiceException error){
         logger.error(e.getMessage(), error);
      }
      caller.setCodeLang(this.codeLang);
      caller.setCodeUser(this.codeUser);
      caller.setPassword(this.password);
      caller.setPoolAlias(this.poolAlias);
      caller.setRequestConfig(this.requestConfig);
   }
   ...
}

X3WS serv = new X3WS(endPoint, codeLang, codeUser, password, poolAlias, requestConfig);
serv.Init();
serv.WebService.save(serv.caller, sendDocumentData.serviceType, inputXmlDoc);


With Sage 12 I have to do a Basic Authentication.

In an .NET example I founded that I need to create a new CAdxWebServiceXmlCCServiceBasicAuth class
that overrides the getWebRequest(uri) of the .NET CAdxWebServiceXmlCCService method (see the image below),

but I haven't the getWebRequest(uri) method in the Java CAdxWebServiceXmlCCService generated from the WSDL definition.

Any suggestions to create a Java class version of the CAdxWebServiceXmlCCServiceBasicAuth .NET class?

Thank you in advance, best regards

 Alessandroimage.png.ece489dba3a39a9f25d354bb9043ae51.png

Link to comment
Share on other sites

  • 2 months later...

Hi Alessandro,

If you read the .Net code, it modifies the web query HTTP header to add the property "Authorization" with the value "Basic" + the user and password encoded in base64.

This being said, basic authentication shouldn't be used for production. It is recommended to use Json Web Tokens through X3 connected Apps:

https://jwt.io/


https://online-help.sagex3.com/erp/12/en-us/Content/V7DEV/administration-reference_connected-applications.html?Highlight=connected applications
image.thumb.png.a59a99bebddc22804b30757afc3c48d5.png

In a  connected app, you define the calling app, and can select a user assigned to it. Create one app per user if you have several.
Define the token validaty in seconds.
When you create the app, it gives you a client id and secret. These credentials will allow you creating a Json Web Token that you can use in the HTTP header property "Authorization" with value "Bearer" plus your token.
image.thumb.png.641441dafbfc21294b302c2d0ac8ecea.png


Keep the secret in a safe location, not in clear text. if you loose it or you think it may be compromised, then regenerate the secret from the connected app or delete the app and create a new one to get a new pair client id/secret:
image.png.051f8596ab5b3efda48d96901954d49b.png

 

It is the responsibility of the calling application to manage the JWT, meaning if you set the token to be expired every hour, then your application needs to to detect that the token is expired (HTTP return code should be 401) and implement JWT token generation from the client id and secret you've stored securely on your side.

I hope this helps.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...