How to Use Basic Authentication for HTTP Receiver in TIBCO

HTTP Receiver based processes are implemented to expose services in REST fashion on specified URLs. For HTTP based services, you can use Basic Authentication mechanism for clients to send authorization header in the format Authorization: Basic <credentials> where credentials are encoded in base64 having username and password separated by a colon (:).

In this post, I will explain how you can use basic authentication for HTTP Receiver in a TIBCO BW process and then extract username and password from the encoded string so that It can be used in subsequent activities as per your needs.

Following are the steps that you need to perform in a simple process in order to extract and decode username and password from the HTTP header which are sent by the client in the form of Authorization header.

1. Create a Process with HTTP Receiver as process starter. This process will listen on the specified port.
2. Add a Mapper activity from General Activities Palette and define a string element in the Input Editor Tab of mapper.
3. In the Input, we will map header element and also use the function base64-to-String in order to decode authorization credentials. Since authorization element appears in the header in the form of Authorizaiton: basic xxx (where xxx is the encoded form of username:password), we need to use substring functions as well to extract only this part of header until carriage return line feed constant as shown below:

X-Path used in the above case is given here:

tib:base64-to-string(substring-before(substring-after($HTTP-Receiver/ProcessStarterOutput/Header, “Basic”),”&crlf;” ))

4. Now you should have colon separated username and password available as output of the Mapper activity. You can use substring functions to extract username and password.

To get username, use following substring function:

5. Now you can test this simple process by sending a request from any client by specifying username and password in the authorization header. I used SOAP UI tool to send the request as seen below:

 

as you can see below, username and password have been successfully decoded and extracted in our test process.

 

Please note that I just used a very simple scenario here without adding any HTTP Response activity or any other logic to deal with the user credentials. This post should just help you get an idea how you can decode and extract authorization header credentials received in a TIBCO HTTP Receiver based process. In real scenarios, you can utilize this in a more sophisticated practical scenarios.

Feel free to comment below for any confusions or any further discussions on this topic.

Ajmal Abbasi

Ajmal Hussain Abbasi is Integration Consultant By Profession with 13+ years experience in Integration domain mainly with TIBCO products. He has extensive practical knowledge of TIBCO Business Works, TIBCO Cloud, TIBCO Flogo, TIBCO Mashery, TIBCO Spotfire, EMS and TIBCO ActiveSpaces. He has worked on a number of highly critical integration projects in various sectors by using his skills in TIBCO Flogo, TIBCO API Management (Mashery), TCI, Tibco Designer, TIBCO Business Studio, Adapters, TIBCO EMS, RV, Administrator, TIBCO BE, TIBCO ActiveSpaces etc. Ajmal Abbasi has experience with MuleSoft ESB as well. Ajmal Abbasi is also experienced in the area of API Management particularly with WSO2 API management platforms. Ajmal Abbasi is also experienced in developing solutions using Core Java and J2EE Technologies. You can contact Ajmal Abbasi for Consultancy, Technical Assistance and Technical Discussions.

More Posts - Website - Facebook - LinkedIn - YouTube

2 thoughts on “How to Use Basic Authentication for HTTP Receiver in TIBCO

  1. RAJA

    Thanks Ajmal !!
    How do we do this for the SOAP Webservice basic authentication ?

    Reply
  2. dinesh verma

    I have a scenario where we have exposed an API in tibco BW using HTTP palette and HTTP Authentication enabled which accounts for the basic domain authentication. The problem is any authenticated user in domain could invoke our API since there is no specific npa account tied to this api which lacks authorization.

    I wanted to check how authorization can be implemented so that only specific npa account created for that API could access it.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *