I am trying to customize the soap header in Mule 3.7. By default using the web-service-consumer I get the following:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-6CF0E33EE8AA1E3DB414700278333141">
<wsse:Username>TEST/wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
However, I would like to change the SOAP header to be:
<soap:Header>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken>
<Username>TEST</Username>
</UsernameToken>
</Security>
Where in Mule do I need to add the below?
<set-property propertyName="soap.Authorization"
value="<auth>Bearer MWYxMDk4ZDktNzkyOC00Z</auth>"/>
Does the above need to be added in the ws:consumer-config below?
<ws:consumer-config name="WSConsumerConfig" wsdlLocation="${wsdl.location}"
service="aService" port="aServiceHttpPort" serviceAddress="${service.url}"
connectorConfig="HTTPRequestConfig" doc:name="Web Service Consumer">
I have fixed by adding a message-property-transformer just before the call to the ws-consumer:
<message-properties-transformer doc:name="Message Properties">
<add-message-property key="soap.header" value="${web.service.username.token}"/>
</message-properties-transformer>
Related
I want to call one soap service through mulesoft.
To attach header to soap request body I used these links -Mule 3.7. Add custom SOAP header to web-service-consumer. As mentioned in this link, I have added "Message Properties" component before "Web Service Consumer", but I am getting below exception -
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "soapenv" (for attribute "actor")
Also I tried it using Property component as mentioned here - https://dzone.com/articles/working-with-headers-in-mule-flows
Still I am not able to hit soap service. Is there any other way to add header to soap request body?
Header that i want to add to my soap request -
<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>Pilot\ABCD</wsse:Username>
<wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password>
</wsse:UsernameToken>
--Update- My code-
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw" xmlns:ws="http://www.mulesoft.org/schema/mule/ws" xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="Web_Service_Consumer_2" wsdlLocation="https://soa.abc.com/abcd_v4_0?wsdl" service="abcdService_vs0" port="xyz_Internal" serviceAddress=""https://soa.abc.com:56655/abcd_v4_0" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<sub-flow name="tempSub_Flow">
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/></wsse:Security>" doc:name="Property"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
{
ns0#addTransaction:{
ns0#aTransaction: {
ns0#transactionCode: "xyz",
ns0#methodCode: "abc",
ns0#amount: flowVars.amount,
ns0#effectiveDate: now as :string {format: "yyyy-MM-dd"}
}
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="Web_Service_Consumer_2" operation="addEftTransaction" doc:name="Web Service Consumer"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
payload.ns0#addTransactionResponse.ns0#transactionNumber
]]></dw:set-payload>
</dw:transform-message>
</sub-flow>
</mule>
--- UPDATE ---
Two parts to the answer really, for the direct question of how to add SOAP headers, it looks like you might have missed declaring the namespace of soapenv for the Security element you were adding. For example, the below code should work for adding the "Security" header to the SOAP Envelope. The whole XML element must be defined, including any namespaces it uses.
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken><wsse:Username>Pilot\ABCD</wsse:Username><wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password></wsse:UsernameToken></wsse:Security>" doc:name="Set soap.Security"/>
That looks pretty unattractive though, and since you are adding a username/password security header then you probably want to add this directly into the security element of the Web Service Consumer configuration itself:
<ws:consumer-config name="WSConfig" wsdlLocation="MyService.wsdl" service="MyService" port="MyPort" serviceAddress="https://example.com" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="Pilot\ABCD" password="yt15#58" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
The issue with the above is that it won't add the soapenv:actor="appId" attribute.
It looks like the security configuration on the WS consumer will overwrite the actor attribute. The below code mostly works on Mule 3.8 and uses the sample WSDL found here: https://github.com/skjolber/mockito-soap-cxf/tree/master/src/test/resources/wsdl
The first flow builds the request to the SOAP web service, the second flow just receives the request made by the first flow and logs it.
<mule xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata"
xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw"
xmlns:ws="http://www.mulesoft.org/schema/mule/ws"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="BankCustomerService_WS_Consumer" wsdlLocation="BankCustomerService.wsdl" service="BankCustomerService" port="BankCustomerServicePort" serviceAddress="http://localhost:8778/services/bankCustomer" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<http:listener-config name="HTTP_TestListener" host="0.0.0.0" port="8092" doc:name="HTTP Listener Configuration"/>
<http:listener-config name="HTTP_WebServiceStub" host="0.0.0.0" port="8778" doc:name="HTTP Listener Configuration"/>
<flow name="soapsandboxFlow">
<http:listener config-ref="HTTP_TestListener" path="/soap" doc:name="HTTP"/>
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" />" doc:name="Set soap.Security"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 http://example.bank.skjolber.github.com/v1
---
{
ns0#getAccountsRequest: {
ns0#customerNumber: 987654321,
ns0#certificate: 1234
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="BankCustomerService_WS_Consumer" operation="getAccounts" doc:name="Web Service Consumer"/>
</flow>
<flow name="soapsandboxFlow1">
<http:listener config-ref="HTTP_WebServiceStub" path="services/bankCustomer" doc:name="HTTP"/>
<logger message="#[message.payloadAs(String)]" level="INFO" doc:name="Logger"/>
</flow>
</mule>
Running a simple GET request to localhost:8092 creates a static web service request and sends that to through the WS Consumer Component. The logger in the stub prints out the entire SOAP envelope, which as shown below includes the security header, but not the actor attribute:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-CA524029E5DEDE6E3715320371056746">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns0:getAccountsRequest xmlns:ns0="http://example.bank.skjolber.github.com/v1">
<ns0:customerNumber>987654321</ns0:customerNumber>
<ns0:certificate>1234</ns0:certificate>
</ns0:getAccountsRequest>
</soap:Body>
</soap:Envelope>
I will do a bit more research to see if I can include the actor attribute in the security header. As this is a standard attribute I it should be possible. I will update this answer when I can.
Johnson.
Trying to figure out why my SOAP Envelope Action header is not what I expect. I am calling WSO2ESB and communicating with a another WCF service. I am using an NTLMmediator to authenticate to the backend service.
My input transaction looks like this
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.mycompany.com/services/GetProductsByCustomerNbr</a:Action>
<a:MessageID>urn:uuid:448cb5ec-b2d8-4292-b245-5b0d42c0e52a</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://hapq-vpwebtran1.afcorp.afg/AnnuityWebService/VpasAnnuityServiceAdaptor.svc/windows</a:To>
<o:Security s:mustUnderstand="0" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2016-10-10T20:57:42.292Z</u:Created>
<u:Expires>2016-10-14T21:02:42.292Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-83e06bc8-c659-4ddc-845a-de86f0dd19f8-1">
<o:Username>JoeTest</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">JoeTest</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
Transaction body
</s:Body>
</s:Envelope>
What my transaction looks like when I write it from inside my mediator and from the value of Envelope from logging in my Proxy Service after my mediator has executed. This is what I exepect the value of Action to be: GetProducesByCustomerNbrResponse
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.mycompany.com/services/GetProductsByCustomerNbrResponse</a:Action>
<a:RelatesTo>urn:uuid:448cb5ec-b2d8-4292-b245-5b0d42c0e52a</a:RelatesTo>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Transation body
</s:Body>
</s:Envelope>
What it looks like in my wire logs is below. You can see the Action is now GetProductsByCustomerNbr instead of GetPRoductsByCustomerNbrResponse
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2016-10-13T22:49:45.858Z</wsu:Created>
<wsu:Expires>2016-10-13T22:54:45.858Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID>urn:uuid:d5677050-3ce7-4f11-a269-83c626967b39</wsa:MessageID>
<wsa:Action>http://www.mycompany.com/services/GetProductsByCustomerNbr</wsa:Action>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Transation body
</s:Body>
</s:Envelope>
I do not understand why I am seeing the input transaction action and not the action from the output. I am sure there is something I am missing or not doing right but I am struggling to find it. If anyone has any thoughts or can point me in the right direction I would appreciate it. If there is any information I failed to provide that would be useful please let me know and I will post it.
I had to add properties to my proxy in order to get this working. Below are the 2 properties I had to add.
disableAddressingForOutMessages so that the ESB was not adding WS-Addressing headers to outgoing messages
PRESERVE_WS_ADDRESSING so that the ESB will forward it on without altering the existing WS-Addressing headers
<property name="disableAddressingForOutMessages" scope="axis2" value="true"/>
<property name="PRESERVE_WS_ADDRESSING" scope="default" value="true"/>
We have the webservice xml request as below. for this I have developed the Orchestration. But while we are sending the request to client, we need to add the SOAP header.
Could you suggest me, how can I do this?
WebService XML Request
<?xml version="1.0" encoding="utf-8" ?>
<Request xmlns="http://modeler.ass.abc/efgh/">
<HeaderReq>
<PartnerID>E0</PartnerID>
<TimeStampSubmitted>2013-11-21T18:19:11</TimeStampSubmitted>
<Version>3.0</Version>
</HeaderReq>
<ApplicationREQ>
<ID>1</ID>
</ApplicationREQ>
</Request>
SOAP Header
<soapenv:Header>
<wsse:Security xmlns:wsse="http://adb.ddad-sdfad.org/wss/2010/01/fasd-201201-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-10">
<wsu:Created>2013-10-11T17:26:52.890Z</wsu:Created>
<wsu:Expires>2013-10-11T17:51:52.890Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-10">
<wsse:Username>User</wsse:Username>
<wsse:Password Type="http://adb.ddad-sdfad.org/wss/2010/01/fasd-201201-wss-username-token-profile-1.0#PasswordText">xxxxxxx</wsse:Password>
<wsse:Nonce EncodingType="http://adb.ddad-sdfad.org/wss/2010/01/fasd-201201-wss-soap-message-security-1.0#Base64Binary">xxxxxxx</wsse:Nonce>
<wsu:Created>2013-10-11T17:26:52.889Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
You would need to use the property WCF.OutboundCustomHeaders
Example:
xmlDoc.LoadXml("<headers><Origination>Home</Origination><Destination>Work</Destination></headers>");
And then
RequestMessageInstance(WCF.OutboundCustomHeaders) = xmlDoc.OuterXml;
I found this example at this page: http://msdn.microsoft.com/en-us/library/bb246026.aspx
Hope this helps!
I want to pass username/password of userA and userB in one SOAP message. Therefore I want to pass two UsernameToken in one SOAP message.
I am thinking in two options:
Option 1)
UsernameToken elements inside Security element:
<soapenv:Header>
<wsse:Security xmlns:wsse="sec" xmlns:wsu="ut">
<wsse:UsernameToken wsu:Id="UsernameToken-3">
<wsse:Username>userA</wsse:Username>
<wsse:Password Type="text">passA</wsse:Password>
</wsse:UsernameToken>
<wsse:UsernameToken wsu:Id="UsernameToken-4">
<wsse:Username>userB</wsse:Username>
<wsse:Password Type="text">passB</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
Option 2)
A Security element for each UsernameToken:
<soapenv:Header>
<wsse:Security xmlns:wsse="sec" xmlns:wsu="ut">
<wsse:UsernameToken wsu:Id="UsernameToken-3">
<wsse:Username>userA</wsse:Username>
<wsse:Password Type="text">passA</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsse:Security xmlns:wsse="sec" xmlns:wsu="ut">
<wsse:UsernameToken wsu:Id="UsernameToken-4">
<wsse:Username>userB</wsse:Username>
<wsse:Password Type="text">passB</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
--
What is the most standard option 1) or 2)? or other?
The most common case of using several users I might recollect is passing message through several intermediate nodes. In terms of SOAP specification they are named Actors and requires separate wsse:Security element with different soap:actor attributes. It corresponds to option 2) from your question.
Consider the next example from here:
<soap:Header>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<wsse:UsernameToken wsu:Id="sample" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsse:Username>sample</wsse:Username>
<wsse:Password Type="wsse:PasswordText">oracle</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsse:Security soap:actor="oracle" xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<wsse:UsernameToken wsu:Id="oracle" xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsse:Username>oracle</wsse:Username>
<wsse:Password Type="wsse:PasswordText">oracle</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
This example contains two blocks. The one with "oracle" attribute is used to authenticate the end-user, another without this attribute is used for authentication on the front-end gateway.
You may consider option 1) from your question if your use case supposes simultaneous authentication of several users that are not SOAP actors.
I'm using SOAPUI tool to access JAX-WS web services deployed in Weblogic 10.3.2
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.pc3.polk.com/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-12-03T21:10:43Z</wsu:Created>
<wsu:Expires>2010-12-03T21:44:03Z</wsu:Expires>
</wsu:Timestamp>
<wsu:Timestamp wsu:Id="Timestamp-60" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-12-03T20:10:39Z</wsu:Created>
<wsu:Expires>2010-12-03T20:43:59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-59" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>rwerqre</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ewrqwrwerqer</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Nmw0ksmiOX+hkiSoWb2Rjg==</wsse:Nonce>
<wsu:Created>2010-12-03T20:10:39.649Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ws:getMetadata/>
</soapenv:Body>
</soapenv:Envelope>
Response:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>SOAP-ENV:MustUnderstand</faultcode>
<faultstring>MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood</faultstring>
</SOAP-ENV:Fault>
</S:Body>
</S:Envelope>
You can configure a dummy SOAPHandler for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security that would mark this header as 'understood'.
Or you could change the SOAP request (on the caller side) to set mustUnderstand="0" in the security header.
Example security SOAP header with mustUnderstand="0":
<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security S:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</S:Header>
After much research, this article solves this issue.
http://dwuysan.wordpress.com/2012/04/02/jax-ws-wsimport-and-the-error-mustunderstand-headers-not-understood/#comment-215
As per WS security specification:
The processor MUST, after decrypting the encrypted header block, process the decrypted header block according to the SOAP processing guidelines. The receiver MUST raise a fault if any content required to adequately process the header block remains encrypted or if the decrypted SOAP header is not understood and the value of the S12:mustUnderstand or S11:mustUnderstand attribute on the decrypted header block is true. Note that in order to comply with SOAP processing rules in this case, the processor must roll back any persistent effects of processing the security header, such as storing a received token.
So please check Configuration of CallbackHandlers.
Issue is with the Handlers. You need to add following in handler implementation
public Set<QName> getHeaders() {
final QName securityHeader = new QName(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security",
"wsse");
final HashSet headers = new HashSet();
headers.add(securityHeader);
return headers;
}
In SOAP UI Navigator,
right-click your project->Show Project View->WS-Security Configurations->Outgoing WS-Security Configurations
Uncheck Must Understand, and then send request.