Home| Printable Version
You can supply security information for remote services that require authentication using the optional security element within the HttpHeader fragment discussed within the section on REST, remembering to enable HTTP Header processing during deployment. The presence of the fragment during an Invoke Service operation will cause WebMaker to parse this fragment and automatically negotiate the security steps for the requested service. This feature utilises the Apache HttpClient security module and it is this module that will determine how to apply the supplied security credentials based on remote service responses. If you need to customise this further you will need to write custom controllers. If this is the case then please contact Hyfinity for further support. 
<?xml version="1.0" encoding="UTF-8"?>
<xg:HttpHeader xmlns:xg="http://www.hyfinity.com/xgate">
    <xg:url action="" merge_option="replace" request_method="GET">http://anyValidUrlString</xg:url>
    <xg:params>
        <xg:param name="command">login</xg:param>
        <xg:param name="error_dest">client</xg:param>
    </xg:params>
    <xg:attributes>
        <xg:attribute name="HTTPHeaderAttrib1">attribute value</xg:attribute>
        <xg:attribute name="HTTPHeaderAttrib2">attribute Value</xg:attribute>
    </xg:attributes>
    <security preemptive="true">
        <realm>authenticatingRealmOrDomainName</realm>
        <host>hostNameRequiringAuthentication</host>
        <port>portOnHostRequiringAuthentication</port>
        <username>String</username>
        <password>String</password>
        <client>nameOfClientRequestingAuthentication</client>
    </security>
</xg:HttpHeader>
@preemptive - This boolean attribute will determine whether WebMaker should precompose the necessary security tokens before first invocation of the service or wait until a service has responded after first invocation, providing details of how to construct the security token. This is useful when certain secure services degrade to a lower access level when security credentials are missing. For example, some services may assume guest access if credentials are missing, thus never returning an HTTP 401 code to indicate need for authentication. realm - Name of the realm or NT domain. host - Name of the host requesting authentication. port - The port number on the host requesting authentication. username - Username. password - Password. client - Name of the client machine requesting authentication.
REST Writing Custom Java Controllers