SOAP Web Services can be accessed securely using HTTP basic authentication. This is possible by using the Node API which requires that all requests be user authenticated. If you wish to add additional levels of security you can have the HTTP requests sent over a SSL/TLS transport, which allows you to implement a secure application using existing technologies. All operations available using http://server:40001/services/soap can be securely consumed through http://server:9091/services/soap and https://server:9092/services/soap with HTTP basic authentication. In order to use the Node API you will first need to configure Node in the Aspera Server and add a Node User. For more information on how to setup Node, please read the Node Documentation.
A normal command to list all the job types supported by the Aspera Server would be:
curl -k -i --basic -u "nodeadmin:aspera" -H "Content-Type: text/xml;charset=UTF-8" -H "SOAPAction:JobNET-200601#ListTypes" -d "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"><soapenv:Header></soapenv:Header><soapenv:Body><ns1:ListTypesRequest xmlns:ns1=\"urn:Aspera:XML:JobNET:2006/01:Types\"></ns1:ListTypesRequest></soapenv:Body></soapenv:Envelope>" -X POST "https://10.20.103.134:9092/services/soap/JobNET-200601"
In the above command, the request is being authenticated using basic HTTP and SSL. It should be noted that the curl option -k disables certificate validation and is done for demonstration. The SOAP envelope being used in the above call is seen below:
If the request is successful you will get the following response:
To illustrate this concept you can download the Java Sample code using the link above. This sample demonstrates how to implement a simple interface to securely consume Aspera SOAP Web Services. This includes the interface com.aspera.webservices.model.AsperaWebSOAPServices, which exposes various operations offered by the Aspera SOAP Web Services API. The goal of this example is to provide two distinct implementations of the interface:
- Using standard Aspera Central SOAP endpoints (http://server:40001/services/soap)
- Using the Node API endpoints (https://server:9092/services/soap)
Both implementations share the code for operation calls and differ only in the way the services are created. For example, in order to call the method the interface relays the call to the appropriate service endpoint, which will then send the SOAP request to the server. For example,
AsperaWebSOAPServices client = ...
In Java this command would be implemented with:
ListTypesRequest req = new ListTypesRequest();