I have written a WebService Client in Java (Spring) that produces the following SOAP Message
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-636BB26257F688077A14836055821331">
<wsse:Username>
<!-- Removed-->
</wsse:Username>
<wsse:Password>
<!-- Removed-->
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<To SOAP-ENV:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://fi422helswb035/invoicewstest/ProblematicInvoiceWebService.svc/externalpartnerInvoiceWebService</To>
<Action SOAP-ENV:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://invoice.externalpartner.com/WebServices/IexternalpartnerInvoiceWebService/GetInvoices</Action>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ns4:GetInvoices xmlns:ns2="http://schemas.datacontract.org/2004/07/externalpartner.Invoice.Web.Service.Interfaces.Types" xmlns:ns3="http://schemas.datacontract.org/2004/07/externalpartner.Invoice.Web.Service.Interfaces" xmlns:ns4="https://invoice.externalpartner.com/WebServices/" xmlns:ns5="http://schemas.microsoft.com/2003/10/Serialization/" xmlns:ns6="http://schemas.datacontract.org/2004/07/externalpartner.Invoice.Web.Service.Exceptions">
<customerNumber xmlns="https://invoice.externalpartner.com/WebServices">10134</customerNumber>
</ns4:GetInvoices>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
This message is Rejected on the server side with a 500 error. I can invoke the service with SOAP-UI; the following message (produced by SOAP UI is accepted)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="https://invoice.externalpartner.com/WebServices/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-134751B2732DA1D93F148360576695534">
<wsse:Username>
<!-- Removed-->
</wsse:Username>
<wsse:Password>
<!-- Removed-->
</wsse:Password>
<wsse:Nonce>
<!-- Removed-->
</wsse:Nonce>
<wsu:Created>2017-01-05T08:42:46.955Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<To soapenv:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://fi422helswb035/invoicewstest/ProblematicInvoiceWebService.svc/externalpartnerInvoiceWebService</To>
<Action soapenv:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://invoice.externalpartner.com/WebServices/IexternalpartnerInvoiceWebService/GetInvoices</Action>
</soapenv:Header>
<soapenv:Body>
<web:GetInvoices>
<!-- Optional:-->
<web:customerNumber>10134</web:customerNumber>
</web:GetInvoices>
</soapenv:Body>
</soapenv:Envelope>
The real difference I can spot is the up front Name Space declaration in the accepted message. The web namespace is declared in the Envelope element - and in my rejected request it is declared in the element itself.
There are obviously also the missing a nonce and created elements, but according to the Oasis standards, those are not mandatory.
The question is; does the SOAP specification dictate where namespace declarations should be done? My best guess is that the rejected SOAP message is perfectly valid, and that there is a server side issue here...
Related
I am trying to automate the xml web services using Apache Axis Java API and I have generated the stubs. But my Below XML has header part which i need to customize manually using stub.
So I have used SOAPHeaderElement from stub class and designed the code. But I am getting extra namespace like xmlns:wsse="" in each node and soapenv: in header node.
So, please modify my code to get the exact format(Expected) as given below
Below is the XML Header Part:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Header mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>InternalServiceUser</wsse:Username>
<wsse:Password>123456</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</wsse:Header>
</soapenv:Header>
Below is the code:
SOAPHeaderElement wsseHeader = new SOAPHeaderElement(new PrefixedQName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Header", "wsse"));
String nullString = null;
MessageElement Security = new MessageElement(nullString, "wsse:Security");
MessageElement usernameToken = new MessageElement(nullString, "wsse:UsernameToken");
MessageElement username = new MessageElement(nullString, "wsse:Username");
MessageElement password = new MessageElement(nullString, "wsse:Password");
username.setObjectValue("InternalServiceUser");
usernameToken.addChild(username);
password.setObjectValue("123456");
usernameToken.addChild(password);
Security.addChild(usernameToken);
wsseHeader.addChild(Security);
wsseHeader.setActor(null);
wsseHeader.setMustUnderstand(true);
_call.addHeader(wsseHeader);
Expected Request XML Header part:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Header mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Security mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>InternalServiceUser</wsse:Username>
<wsse:Password>123456</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</wsse:Header>
</soapenv:Header>
Actual request XML header part which is generated after execution:
could not remove soapenv: in header tag and xmlns:wsse="" in Security, Username and password tags via code
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Header soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Security xmlns:wsse=""><wsse:UsernameToken xmlns:wsse="">
<wsse:Username xmlns:wsse="">InternalServiceUser</wsse:Username>
<wsse:Password xmlns:wsse="">123456</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</wsse:Header>
</soapenv:Header>
I'm trying to create a client to a ws (using wsimport) that requires a UsernameToken header with digest.
The header must be like this:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-32E6B34377D7E4A58614607283662392">
<wsu:Created>xxxx</wsu:Created>
<wsu:Expires>xxxxx</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-32E6B34377D7E4A58614607283662221">
<wsse:Username>xxxx</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">xxxxx</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">xxxxxxx</wsse:Nonce>
<wsu:Created>xxxxxx</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
It seems to be a default soap header but I not found a easy way to generate it.
How can I add this header in my request?
Thank you.
I try to validate security header expiration using wss4j:
List<WSSecurityEngineResult> resultList = wsSecurityEngine.processSecurityHeader(doc,
"Actor", callbackHandler, crypto);
But wss4j doesn't see header content and result is null.
soap request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soapenv:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-CC2DD79172C7EFA866147066307733352">
<wsu:Created>2016-08-08T13:31:17.333Z</wsu:Created>
<wsu:Expires>2016-08-09T13:31:17.333Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
</soapenv:Body>
It doesn't throw any exception. Just security header is ignored. In debug it can find all ChildNodes (soapenv:Header, wsse:Security etc.)
I have used Axis2 for the creation of stubs.
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>Uname</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
can anyone give me the java soap client code for the above header
First link in Google for (adding soap header in axis2 example)
Working with Custom SOAP Headers
I'm using a endpoint SOAP created On Spring Framework using JAXB, but I want that my anwers(Expected Response) return without prefix when I Send Request One, but this is returned like is showed on Current Response:.
How can I do to return a message SOAP without namespaces?
Request One
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:sap-com:document:sap:soap:functions:mc-style">
<soapenv:Header/>
<soapenv:Body>
<urn:ZProveerDatosPagoProveed2>
<Bukrs>RG10</Bukrs>
<Langu>S</Langu>
<Lifnr>00000000</Lifnr>
</urn:ZProveerDatosPagoProveed2>
</soapenv:Body>
</soapenv:Envelope>
Current Response:
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header/>
<soap-env:Body>
<n0:ZProveerDatosPagoProveed2Response xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">
<Adrnr>0000</Adrnr>
<Bankk>0000</Bankk>
<Bankn>0000</Bankn>
<Bkont>0000</Bkont>
<Iban>ES0000</Iban>
<KoinhFi>ROBLES AVN</KoinhFi>
<Land1>TH</Land1>
<Landx>XXXXX</Landx>
<Name1>ROBLES AVN</Name1>
<Pstlz>0000</Pstlz>
<Stcd1>A0000</Stcd1>
<Stras>ROBLES AVN</Stras>
<Swift>XXXXX</Swift>
<Text1_052>ROBLES AVN</Text1_052>
<Zterm>Z000</Zterm>
</n0:ZProveerDatosPagoProveed2Response>
</soap-env:Body>
</soap-env:Envelope>
Expected Response:
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Header/>
<soap-env:Body>
<ZProveerDatosPagoProveed2Response xmlns:n0="urn:sap-com:document:sap:soap:functions:mc-style">
<Adrnr>0000</Adrnr>
<Bankk>0000</Bankk>
<Bankn>0000</Bankn>
<Bkont>0000</Bkont>
<Iban>ES0000</Iban>
<KoinhFi>ROBLES AVN</KoinhFi>
<Land1>TH</Land1>
<Landx>XXXXX</Landx>
<Name1>ROBLES AVN</Name1>
<Pstlz>0000</Pstlz>
<Stcd1>A0000</Stcd1>
<Stras>ROBLES AVN</Stras>
<Swift>XXXXX</Swift>
<Text1_052>ROBLES AVN</Text1_052>
<Zterm>Z000</Zterm>
</ZProveerDatosPagoProveed2Response>