Requirement --> MII has exposed its transaction as wsdl to the external program (Java Program) that will send data to MII using webservice.
Issue: while calling the WSDL from the external program as below:
MII username and password is clearly visible to user in WSDL URL.
we need to secure these credential as we don't want to show this information to user while calling the WSDL,without providing the username and password it will not call the WSDL.
what we are thinking is that we will provide the minimum role to the assigned user so it will have only authority to call the webservice in SAP MII.
Can anyone please help us if there is any other way to achieve this requirement.
Quick response is appreciated.
You should not have to include user/password in the WSDLGen URL unless you are just testing by executing the WSDL request from a browser address bar or other scenario, where the user has not already logged into SAP MII.
Your Java application should implement its Webservice client using Basic Authentication to pass the user and password as credential properties; they will never appear in any URL.
Note that you can also control whether WSDLGen Servlet requires authentication to return the WSDL, this is set in MII: System Management->System Properties->WSDLGen Security Enabled. The SOAPRunner servlet, which will actually execute the transaction as a web service, always requires authentication.