Skip to content

Administering sedex Web Service Proxy users

As of sedex Client version 6.0, the sedex Web Service Proxy supports a feature to restrict access to the Web services it offers, restricting end-user applications to calling only a Web service if it has a valid username and password. The valid usernames and passwords are configured in the sedex Web Service Proxy user configuration file.

The sedex Web Service Proxy user configuration file

Usernames and passwords are configured in the following user configuration file:

<sedex_home>/conf/sedex-wsproxy-user-configuration.properties

This excerpt from the configuration file shows two configured users:

  # File: sedex-wsproxy-user-configuration.properties
  [...]
  example-app-1=myNewAndSecurePassword,3-CH-55438
  example-app-2={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[...]1wldBVam,1-CH-2874423
  [...]

The format of the entries in the configuration file is as follows:

user_name=password,sedex-id

The elements of an entry (i.e. line of the configuration file) in detail are:

  • user_name

    A freely definable username that represents your application calling the sedex Web Service Proxy.

    Allowed characters (no spaces): a-z A-Z 0-9 - _

  • password

    The password of the user.

    Allowed characters (no spaces or hyphens): a-z A-Z 0-9

  • sedex-id

    The sedex ID of the physical or logical sedex participant for whom the remote Web service is called. The specific sedex ID to be used is provided either by your sedex Domain Administrator or by FSO’s sedex Customer Support.

Please note:

  • Changes to the users file only become active after a restart of the sedex Client.
  • Check the log file of sedex Web Service Proxy for errors or warnings after restart the sedex Client.
  • New passwords can be specified in plain text.
  • For security reasons, plain text passwords are automatically encrypted when the sedex Client is restarted.

  • Encrypted passwords look something like this:

    {bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxgk98zwNAUWPOa1nGgot01wldBVam

  • An encrypted and forgotten password must be reset by deleting the old encrypted password (including the {bcrypt} part} and replacing it with a new password in plain text.

Add a new user

If a new end-user application (e.g. named «myApp») needs access to one or more Web services via sedex Web Service Proxy, a new user representing this application must be added to the user configuration file:

  1. Open the user configuration file in a text editor.

  2. Add a line for the new user (e.g. at the end of the file):

    myApp=aRandomPassword,sedexIdOfThisApplication

  3. Save the configuration file

  4. Restart sedex Client
  5. Check the log file of sedex Web Service Proxy for errors or warnings

Change the password of a user

The password of a user can be changed as follows:

  1. Open the user configuration file in a text editor.

  2. For the intended user change the password element as shown below.

    Before (with the old encrypted password):

    myApp={bcrypt}$2a$10$f/du7KAWE0xVu.a9DrRKN.fBxg[...]1wldBVam,1-CH-3322

    After (with the new plain password):

    myApp=aNewRandomPassword,1-CH-3322

  3. Save the configuration file.

  4. Restart sedex Client.

  5. Check the log file of sedex Web Service Proxy for errors or warnings.

    Note: You should see a line indicating that a previously plain password has been encrypted.

    ******* Webservice-Proxy-Users - Validation and Encoding (Begin) *******
Checking if wsproxy users configuration file C:\[...]/conf/sedex-wsproxy-user-
configuration.properties is valid and if it contains any plain passwords that
should be encoded.
Encoded a previously plain password for user myApp.
The users configuration contained 1 plain passwords that had to be saved in
encoded format.
******* Webservice-Proxy-Users - Validation and Encoding (End) *******