HTTP Basic Authentication is a simple standardized mechanism for client authentication when accessing a SOAP interface. In this case, the client sends the user name and the Base64-encoded password in the SOAP message HTTP header. The server then checks the user name and password before the access is allowed to the SOAP Service.

As standard, the VertiGIS Integrator SOAP interfaces are protected by a Tomcat security constraint with Basic Authentication.

This security constraint is defined in the web.xml file of the postserver web application ([TOMCAT]/webapps/utpostserver/web-inf/web.xml):

<security-constraint>
    <web-resource-collection>
   <web-resource-name>
         Postserver
   </web-resource-name>
   <url-pattern>/services/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
         <role-name>postserver</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Postserver</realm-name>
</login-config>

To enable access to the interface, a role and user must also be defined in the [Tomcat]/conf/tomcat-users.xml file.

To insert a new postserver role and a user into the [Tomcat]/conf/tomcat-users.xml file:

<tomcat-users>
  <role rolename="postserver" />
  <user username="UTI" roles="postserver" password="XYZ1234"/>
</tomcat-users>

For the changes to take place, you must restart the Tomcat service.

The calling client then must pass the user name and password for Basic Authentication during access to the SOAP methods.