cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

secure credential while calling WSDL in external program (Java Program)

ankit12
Active Participant

on ‎2022 Sep 14 10:47 AM

0 Kudos
230

Hi Experts,

Requirement --> MII has exposed its transaction as wsdl to the external program (Java Program) that will send data to MII using webservice.

Issue: while calling the WSDL from the external program as below:

https://<hostname>:<port>/XMII/WSDLGen/<trxpath>?wsdl&IllumLoginName=<username>&IllumLoginPassword=<...;

MII username and password is clearly visible to user in WSDL URL.

we need to secure these credential as we don't want to show this information to user while calling the WSDL,without providing the username and password it will not call the WSDL.

what we are thinking is that we will provide the minimum role to the assigned user so it will have only authority to call the webservice in SAP MII.

Can anyone please help us if there is any other way to achieve this requirement.

Quick response is appreciated.

Regards,

Ankit Gupta

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

steve_stubbs
Participant
‎2022 Sep 14 5:40 PM

Hi Ankit,

You should not have to include user/password in the WSDLGen URL unless you are just testing by executing the WSDL request from a browser address bar or other scenario, where the user has not already logged into SAP MII.

Your Java application should implement its Webservice client using Basic Authentication to pass the user and password as credential properties; they will never appear in any URL.

Note that you can also control whether WSDLGen Servlet requires authentication to return the WSDL, this is set in MII: System Management->System Properties->WSDLGen Security Enabled. The SOAPRunner servlet, which will actually execute the transaction as a web service, always requires authentication.

Regards, Steve

Show replies
Show replies
Ask a Question