Guru: Creating A Web Service With Basic Authentication
August 12, 2024 Mike Larsen
I have been working with web services for many years, and I usually use IBM’s IWS (Integrated Web Service) tool to create them. The tool provides a wizard-based interface that allows me to quickly create a web service from an RPG program. Recently, I created a web service that uses basic authentication, and I want to share my experience.
I am assuming that you are already familiar with creating a web server and a web service, so I am just going to show the steps that need to be taken to add basic authentication functionality. If you would like me to author future articles showing how to create a server and service, please note that in the comments, and I would be happy to do it.
I created a server, AUTH_WS, for this article (Figure 1), and I clicked on the HTTP servers tab.
I need to make changes to the configuration of the server to enable basic authentication, so I click on Edit Configuration File (Figure 2).
When I do that, I see the contents of the configuration file, and I can edit it (Figure 3). I am looking for the Location section of code as that’s where I need to make a change.
Remove the code that is there and replace it with the code below:
ProfileToken On AuthType Basic AuthName "IBM i User Profile Authentication" Require valid-user PasswdFile %%SYSTEM%% order deny,allow Allow from all
The modified code is shown in Figure 4.
By making these changes to the server, I have told it I will be using basic authentication. That is, the server requires the consumer of any service deployed to this server to provide a username and password. Where does the username and password come from? I have directed the server to require a valid username and password that is set up on IBM i. This profile should be given as little authority as possible when it is created.
After modifying the configuration file, I click ok, then I stop and start the server to apply the changes.
Next, I will deploy a web service to the server. I have created a quite simple test RPG program (shown below) that receives a JSON object as input and returns a JSON object back to the consumer.
**FREE ctl-opt option (*srcstmt : *nodebugio : *nounref); ctl-opt Pgminfo(*pcml: *dclcase : *module); ctl-opt debug (*input); ctl-opt dftactgrp (*no); //- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - // Program : Test_ws1 // Author : Mike Larsen // Date Written: 07/30/2024 // Purpose : Example of an RPG web service. // //====================================================================* // Date Programmer Description * //--------------------------------------------------------------------* // 07/30/24 M.Larsen Original code. * // * //- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * dcl-ds MessageOutDs; MessageSentIn char(30); MessageSentOut char(30); end-ds; dcl-ds MessageInDs; MessageIn char(30); end-ds; // Prototypes (entry parameters) dcl-pr Test_ws1 ExtPgm; ParmInMessage likeds(MessageInDs); ParmOutMessage likeds(MessageOutDs); End-pr; // Main procedure interface dcl-pi Test_ws1; ParmInMessage likeds(MessageInDs); ParmOutMessage likeds(MessageOutDs); End-pi; getOutMessage(); *Inlr = *On; Return; //-------------------------------------------------------- // getOutMessage subprocedure //-------------------------------------------------------- dcl-proc getOutMessage; ParmOutMessage.MessageSentIn = 'You said ' + %trim(ParmInMessage.MessageIn); ParmOutMessage.MessageSentOut = 'I said goodbye'; end-proc; //- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
As with the creation of the server, I will only show the steps that are necessary to allow me to use basic authentication for the service.
When I get to step 3 of the IWS wizard, I choose *BASIC in the Protect using authentication method option. This option directs the web service to use basic authentication (Figure 5).
On step 6 of the wizard, I set the user id for this service to be the user profile I have set up on IBM i to use for this service. That user id will be used for basic authentication (Figure 6).
Now that the service is created, it is time to test it out!
I use SoapUi for executing web services, but that is just a personal preference. Some people choose to use Postman. Either tool will work.
I have set up my project in SoapUi (Figure 7). Note that I have blocked out the endpoint as I want to keep that private, and I have set up the JSON object that will be passed to the service.
Next, I need to set up basic authentication in SoapUi. I do that by clicking on the Auth tab and selecting Basic authorization (Figure 8).
I have entered the username and password for the profile I set up on IBM I to use for basic authentication.
When I consume the service, I see the response I expected (Figure 9).
What if I had sent bad credentials to the service? Let us try it out! I execute the service with a profile that does not exist on my IBM i (Figure 10).
After executing the service, I receive an unauthorized response (Figure 11).
That is exactly the response I expected.
It is always important to make our systems and processes more secure, and IBM has made basic authentication easy to apply to web services created using the IWS tool. I have started using this technique with my current web services and will continue using it going forward.
Mike Larsen is a director of information technology at Auburn Pharmaceutical and has been working with IBM i systems for over 20 years. He specializes in RPG, CL, and SQL and recently has been working with PHP and Python. Current projects have given Mike the opportunity to work with generating and parsing XML and JSON from SQL and consuming SOAP and REST web services. Although his main area of expertise is on IBM i, Mike has a passion for learning other languages and how he can integrate other platforms with IBM i.
RELATED STORIES
Guru: Parsing JSON That Has Spaces In The Key
Guru: Partitioning Result Sets Using SQL
Guru: Comparing IFS Directories Using SQL
Guru: String Manipulation Using SQL
Guru: Regular Expressions, Part 1
Guru: Regular Expressions, Part 2
Guru: Debugging SQL Stored Procedures With ACS
Hello, yes it would be interesting to see how to set up the service and server! Currently learning the trade of using a java middleware to make the call to rpgle. Have seen that there is a way to remove the java and straight to rpgle but havent been able to crack it. Thanks!