Guru: Creating A Web Service With Basic Authentication

August 12, 2024 Mike Larsen

I have been working with web services for many years, and I usually use IBM’s IWS (Integrated Web Service) tool to create them. The tool provides a wizard-based interface that allows me to quickly create a web service from an RPG program. Recently, I created a web service that uses basic authentication, and I want to share my experience.

I am assuming that you are already familiar with creating a web server and a web service, so I am just going to show the steps that need to be taken to add basic authentication functionality. If you would like me to author future articles showing how to create a server and service, please note that in the comments, and I would be happy to do it.

I created a server, AUTH_WS, for this article (Figure 1), and I clicked on the HTTP servers tab.

Figure 1. Web server

I need to make changes to the configuration of the server to enable basic authentication, so I click on Edit Configuration File (Figure 2).

Figure 2. Configuration file

When I do that, I see the contents of the configuration file, and I can edit it (Figure 3). I am looking for the Location section of code as that’s where I need to make a change.

Figure 3. Edit the configuration file

Remove the code that is there and replace it with the code below:

ProfileToken On
AuthType Basic
AuthName "IBM i User Profile Authentication"
Require valid-user
PasswdFile %%SYSTEM%%
order deny,allow
Allow from all

The modified code is shown in Figure 4.

Figure 4. Modified code for basic authentication

By making these changes to the server, I have told it I will be using basic authentication. That is, the server requires the consumer of any service deployed to this server to provide a username and password. Where does the username and password come from? I have directed the server to require a valid username and password that is set up on IBM i. This profile should be given as little authority as possible when it is created.

After modifying the configuration file, I click ok, then I stop and start the server to apply the changes.

Next, I will deploy a web service to the server. I have created a quite simple test RPG program (shown below) that receives a JSON object as input and returns a JSON object back to the consumer.

**FREE
ctl-opt option (*srcstmt : *nodebugio : *nounref);
ctl-opt Pgminfo(*pcml: *dclcase : *module);
ctl-opt debug  (*input);
ctl-opt dftactgrp (*no);
//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//  Program : Test_ws1
//  Author  : Mike Larsen
//  Date Written: 07/30/2024
//  Purpose : Example of an RPG web service.
//
//====================================================================*
//   Date    Programmer  Description                                  *
//--------------------------------------------------------------------*
// 07/30/24  M.Larsen    Original code.                               *
//                                                                    *
//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *

dcl-ds MessageOutDs;
       MessageSentIn   char(30);
       MessageSentOut  char(30);
end-ds;

dcl-ds MessageInDs;
       MessageIn   char(30);
end-ds;

// Prototypes (entry parameters)

dcl-pr Test_ws1 ExtPgm;
       ParmInMessage  likeds(MessageInDs);
       ParmOutMessage likeds(MessageOutDs);
End-pr;

// Main procedure interface

dcl-pi Test_ws1;
       ParmInMessage  likeds(MessageInDs);
       ParmOutMessage likeds(MessageOutDs);
End-pi;

 getOutMessage();

 *Inlr = *On;
 Return;

 //--------------------------------------------------------
 // getOutMessage subprocedure
 //--------------------------------------------------------

 dcl-proc getOutMessage;

   ParmOutMessage.MessageSentIn = 'You said ' + %trim(ParmInMessage.MessageIn);
   ParmOutMessage.MessageSentOut = 'I said goodbye';

 end-proc;

//- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -       

As with the creation of the server, I will only show the steps that are necessary to allow me to use basic authentication for the service.

When I get to step 3 of the IWS wizard, I choose *BASIC in the Protect using authentication method option. This option directs the web service to use basic authentication (Figure 5).

Figure 5. Set web service to use basic authentication

On step 6 of the wizard, I set the user id for this service to be the user profile I have set up on IBM i to use for this service. That user id will be used for basic authentication (Figure 6).

Figure 6. Set basic authentication use profile

Now that the service is created, it is time to test it out!

I use SoapUi for executing web services, but that is just a personal preference. Some people choose to use Postman. Either tool will work.

I have set up my project in SoapUi (Figure 7). Note that I have blocked out the endpoint as I want to keep that private, and I have set up the JSON object that will be passed to the service.

Figure 7. SoapUi project

Next, I need to set up basic authentication in SoapUi. I do that by clicking on the Auth tab and selecting Basic authorization (Figure 8).

Figure 8. Set up Basic authentication

I have entered the username and password for the profile I set up on IBM I to use for basic authentication.

When I consume the service, I see the response I expected (Figure 9).

Figure 9. Successful response in SoapUi

What if I had sent bad credentials to the service? Let us try it out! I execute the service with a profile that does not exist on my IBM i (Figure 10).

Figure 10. Bad username

After executing the service, I receive an unauthorized response (Figure 11).

Figure 11. Unsuccessful response in SoapUi

That is exactly the response I expected.

It is always important to make our systems and processes more secure, and IBM has made basic authentication easy to apply to web services created using the IWS tool. I have started using this technique with my current web services and will continue using it going forward.

Mike Larsen is a director of information technology at Auburn Pharmaceutical and has been working with IBM i systems for over 20 years. He specializes in RPG, CL, and SQL and recently has been working with PHP and Python. Current projects have given Mike the opportunity to work with generating and parsing XML and JSON from SQL and consuming SOAP and REST web services. Although his main area of expertise is on IBM i, Mike has a passion for learning other languages and how he can integrate other platforms with IBM i.

RELATED STORIES

Guru: Parsing JSON That Has Spaces In The Key

Guru: Partitioning Result Sets Using SQL

Guru: Comparing IFS Directories Using SQL

Guru: String Manipulation Using SQL

Guru: Regular Expressions, Part 1

Guru: Regular Expressions, Part 2

Guru: Debugging SQL Stored Procedures With ACS

Guru: Creating PDF Documents With Python

Guru: Creating Excel Spreadsheets With Python