Authorize.NET GetCustomerProfile not returning data - authorize.net

I have been using Authorize.NET's GetCustomerProfile for many years and suddenly today the response is not returning a payment profile. It just returns an array of profiles, but all important fields (such as payment) are null.
(This is part of their CIM feature where an 'obfuscated' payment profile is returned and should be something like XXXX1234)
I am using a generated proxy within Visual Studio to the URL https://api.authorize.net/soap/v1/Service.asmx?WSDL (which generates a References.cs file)

I had a similar issue on the CreateCustomerPaymentProfile SOAP call (via .NET auto-generated proxy) that just started yesterday, 11/3/2015, even though we've been successfully interfacing the SOAP CIM for a couple years.
I was able to "fix" the issue by doing an "Update Service Reference" in Visual Studio to regenerate the proxy classes based on their latest WSDL. There were several changes in the WSDL.
Specifically, on my end it appeared as if the response was not including a value for the customerPaymentProfileId after being successfully created on their end. In reality, they were in fact still sending this value, but there was a new field above it in the XML response, customerProfileId. As Simon_Weaver mentioned in his answer, the proxy classes generated by Visual Studio have explicit ordering of fields that are required for proper deserialization. The addition of this previously "unknown" field above a known field caused it to break my code.
Luckily this new customerProfileId was included in their latest WSDL so an "Update Service Reference" and recompile fixed my issue.
I informed Authorize.net support of my issue in great detail and told them they need to include any new fields at the end of the "sequence" in the WSDL document in order to not break and clients using older versions of the WSDL. So far I have not heard a response from them, but I would encourage anyone else who experienced this issue, even if you've already worked-around it, to report it to them at support#authorize.net so they don't accidently do this again.

Well hello Simon!
It looks like Authorize.NET updated their service with new fields but forgot to add them to the WSDL.
This is a sample request that I sent (intercepted using Fiddler):
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo3vYq2eC/5VIuiUcm2hEtw8AABBBJr/dLQF7z02Y7UKwphq24W1n9j0XlQ1MiAlOjy5fO14ACQAA</VsDebuggerCausalityData>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetCustomerProfile xmlns="https://api.authorize.net/soap/v1/">
<merchantAuthentication>
<name>95U6bwXXXXX</name>
<transactionKey>8tf62gV7XXXXXX</transactionKey>
</merchantAuthentication>
<customerProfileId>37745529</customerProfileId>
</GetCustomerProfile>
</s:Body>
</s:Envelope>
This is the response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetCustomerProfileResponse xmlns="https://api.authorize.net/soap/v1/">
<GetCustomerProfileResult>
<resultCode>Ok</resultCode>
<messages>
<MessagesTypeMessage>
<code>I00001</code>
<text>Successful.</text>
</MessagesTypeMessage>
</messages>
<profile>
<merchantCustomerId>33938</merchantCustomerId>
<email>4691705#EXAMPLE.COM</email>
<customerProfileId>37745529</customerProfileId>
<paymentProfiles>
<CustomerPaymentProfileMaskedType>
<billTo>
<firstName>TEST</firstName>
<lastName>USER</lastName>
<company>Defender Razor</company>
<address>1 RODEO DRIVE</address>
<city>BEVERLY HILLS</city>
<state>CA</state>
<zip>90210</zip>
<country>UNITED STATES</country>
</billTo>
<customerProfileId>0</customerProfileId>
<customerPaymentProfileId>34313485</customerPaymentProfileId>
<payment>
<creditCard>
<cardNumber>XXXX5108</cardNumber>
<expirationDate>XXXX</expirationDate>
</creditCard>
</payment>
</CustomerPaymentProfileMaskedType>
</paymentProfiles>
</profile>
</GetCustomerProfileResult>
</GetCustomerProfileResponse>
</soap:Body>
</soap:Envelope>
Everything here is correct - as you can see the payment node is being sent correctly.
However - with .NET deserialization the order of attributes matters - as specified in the generated References.cs file.
[System.Xml.Serialization.XmlElementAttribute(Order=0)]
It turns out that two new fields were added to the response billTo and customerProfileId but they weren't added to the WSDL.
So when trying to deserialize the field billTo is found but that isn't what was expected - so everything ends up null.
If you add these two lines (and be careful to add them to exactly this type) then you can regenerate the references.cs file (by right clicking on the service reference and regenerating the file).
If you were generating your proxy from the URL https://api.authorize.net/soap/v1/Service.asmx?WSDL then you will need to download this file locally as Service.wsdl and generate the proxy from there.
<s:element minOccurs="1" maxOccurs="1" name="billTo" type="tns:CustomerAddressType"/>
<s:element minOccurs="1" maxOccurs="1" name="customerProfileId" type="s:long" />
<s:complexType name="CustomerPaymentProfileMaskedType">
<s:complexContent mixed="false">
<s:extension base="tns:CustomerPaymentProfileBaseType">
<s:sequence>
<s:element minOccurs="1" maxOccurs="1" name="billTo" type="tns:CustomerAddressType"/>
<s:element minOccurs="1" maxOccurs="1" name="customerProfileId" type="s:long" />
<s:element minOccurs="1" maxOccurs="1" name="customerPaymentProfileId" type="s:long" />
<s:element minOccurs="0" maxOccurs="1" name="payment" type="tns:PaymentMaskedType" />
<s:element minOccurs="0" maxOccurs="1" name="driversLicense" type="tns:DriversLicenseMaskedType" />
<s:element minOccurs="0" maxOccurs="1" name="taxId" type="s:string" />
</s:sequence>
</s:extension>
</s:complexContent>
</s:complexType>
I lost over 12 hours of payments before this was detected. Fortunately I have the customer's emails but this was very bad. You can't just add fields to a response where the order matters. And even worse than that you can't just forget to add them to the WSDL.
This was the quick fix for me. I may switch to using the proper API at some point - and I've reported this to Authorize.net hoping they may respond too.
This is the differences in References.cs after I made my change. As you can see the Order property has been incremented :

Related

Errors with using Scalaxb for code generation

I had to fiddle with a WSDL document for one of the implementations and I came across Scalaxb! I'm now trying to generate some scala classes from the WSDL file that I have and as expected I'm hitting into some issues:
Here is a snippet of the WSDL file:
<?xml version="1.0" encoding="UTF-8" ?>
<wsdl:definitions
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns="http://www.myservice.com/MyServices/2012/06/18/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:s="http://www.w3.org/2001/XMLSchema"
name="MyServices"
targetNamespace="http://www.myservice.com/MyServices/2012/06/18/">
<wsdl:types>
<s:schema elementFormDefault="qualified" targetNamespace="http://www.myservice.com/MyServices/2012/06/18/">
<s:complexType name="UserCredentials">
<s:sequence>
<s:element name="UserName" type="s:string" />
<s:element name="Password" type="s:string" />
</s:sequence>
</s:complexType>
<s:element name="UserCredentials" type="tns:UserCredentials" />
<s:complexType name="AnotherComplexType" >
<s:sequence>
<s:element name="Index" type="s:int" />
<s:element name="Name" type="s:string" />
<s:element name="Status" type="s:boolean" />
</s:sequence>
</s:complexType>
....
Assume that the rest of the WSDL file is completely fine, when I tried to compile the project, I hit the following error:
[error] /Users/joe/Desktop/scalaxb-soap-example/target/scala-2.11/src_managed/main/sbt-scalaxb/myservice/xmlprotocol.scala:1542: not found: value userCredentials
[error] scalaxb.toXML(userCredentials, Some("http://www.myservice.com/MyServices/2012/06/18/"), "UserCredentials", defaultScope), defaultScope, baseAddress, "POST", Some(new java.net.URI("http://1.1.1.1/cgi-bin/cgi.cgi?WebService=SetGPTimerChannel"))).transform({ case (header, body) =>
[error] ^
[error] /Users/joe/Desktop/scalaxb-soap-example/target/scala-2.11/src_managed/main/sbt-scalaxb/myservice/xmlprotocol.scala:1544: value toSeq is not a member of Any
[error] scala.xml.Elem(null, "Body", scala.xml.Null, defaultScope, true, body.toSeq: _*)
[error] ^
[error] /Users/joe/Desktop/scalaxb-soap-example/target/scala-2.11/src_managed/main/sbt-scalaxb/myservice/xmlprotocol.scala:1551: not found: value userCredentials
[error] scalaxb.toXML(userCredentials, Some("http://www.myservice.com/MyServices/2012/06/18/"), "UserCredentials", defaultScope), defaultScope, baseAddress, "POST", Some(new java.net.URI("http://1.1.1.1/cgi-bin/cgi.cgi?WebService=SomeServiceCall"))).transform({ case (header, body) =>
[error] ^
[error] /Users/joe/Desktop/scalaxb-soap-example/target/scala-2.11/src_managed/main/sbt-scalaxb/myservice/xmlprotocol.scala:1553: value toSeq is not a member of Any
[error] scala.xml.Elem(null, "Body", scala.xml.Null, defaultScope, true, body.toSeq: _*)
[error] ^
Any ideas what and why I'm facing this issue? Here is my build.sbt:
import ScalaxbKeys._
val scalaXml = "org.scala-lang.modules" %% "scala-xml" % "1.0.2"
val scalaParser = "org.scala-lang.modules" %% "scala-parser-combinators" % "1.0.1"
val dispatchV = "0.11.1" // change this to appropriate dispatch version
val dispatch = "net.databinder.dispatch" %% "dispatch-core" % dispatchV
organization := "com.eon"
name := "scalaxb-myservice-sample"
scalaVersion := "2.11.6"
scalaxbSettings
packageName in (Compile, scalaxb) := "rdmservice"
dispatchVersion in (Compile, scalaxb) := dispatchV
async in (Compile, scalaxb) := true
sourceGenerators in Compile <+= scalaxb in Compile
libraryDependencies ++= Seq(scalaXml, scalaParser, dispatch)
If you only need to generate WSDL client code, using scalaxb might be a bit too much. As an option, you could just use wsimport wrapped as a simple SBT task that would be executed before the main code compilation. Apart from one less dependency, it also keeps your repository pristine and frees it from committing the generated boilerplate Java code. Here's a sample template project if anyone is interested: https://github.com/sainnr/sbt-scala-wsdl-template.

Call RPC/encoded Webservice with Apache Camel and CXF Endpoint

There is a lot of information about Apache Camel + CXF-Endpoint and RPC/encoded legacy webservices.
But until now I did not find a solution for the problem.
I want to call an RPC/encoded webservice from Apache Camel over the CXF endpoint.
CXF does not support RPC/encoded Webservices.
So I tried two approaches to solve the problem.
Convert wsdl from RPC/encoded to RPC/literal and generate source files.
Call the webservice in RPC/literal style which is supported by CXF.
The following article suggests that this approach could be a solution for my problem: Best way to consume RPC/encoded webservice?
Send the complete SOAP-Message without mapping to objects (no JAXB).
Neither approach 1 nor approach 2 works.
In the following sections I will explain my approaches and the problems in more detail.
Prerequisites
Apache Tomcat 7
Apache Camel 2.14.1
Apache CXF 2.7.10
Webservice Endpoint is mocked with SOAP-UI 5.0.0 on http://localhost:9000/myfunctionalmock
First approach: Convert wsdl RPC/encoded to RPC/literal and generate sources
In the RCP/encoded wsdl I have changed following:
WSDL Bindings:
<wsdl:binding name="exampleSoapBinding" type="impl:MyFunctionalWebservices">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="isAlive">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="isAliveRequest">
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://my.example.com/myFunction" use="encoded"/>
</wsdl:input>
...
to
<wsdl:binding name="exampleSoapBinding" type="impl:MyFunctionalWebservices">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="isAlive">
<wsdlsoap:operation soapAction=""/>
<wsdl:input name="isAliveRequest">
<wsdlsoap:body namespace="http://my.example.com/myFunction" use="literal"/>
</wsdl:input>
…
Arrays of Objects:
<complexType name="ArrayOfMyElement">
<complexContent>
<restriction base="soapenc:Array">
<attribute ref="soapenc:arrayType" wsdl:arrayType="impl:MyElement[]"/>
</restriction>
</complexContent>
</complexType>
to
<complexType name="ArrayOfMyElement">
<xsd:sequence>
<xsd:element name="MyElement"
type="impl:MyElement"
minOccurs="0"
maxOccurs="unbounded"/>
</xsd:sequence>
</complexType>
Arrays of simple types:
<complexType name="ArrayOf_xsd_string">
<complexContent>
<restriction base="soapenc:Array">
<attribute ref="soapenc:arrayType" wsdl:arrayType="xsd:string[]"/>
</restriction>
</complexContent>
</complexType>
to
<complexType name="ArrayOf_xsd_string">
<xsd:sequence>
<xsd:element name="item"
type="xsd:string"
minOccurs="0"
maxOccurs="unbounded"/>
</xsd:sequence>
</complexType>
Arrays of undefined Type (anyType):
<complexType name="ArrayOf_xsd_anyType">
<complexContent>
<restriction base="soapenc:Array">
<attribute ref="soapenc:arrayType" wsdl:arrayType="xsd:anyType[]"/>
</restriction>
</complexContent>
</complexType>
to
<complexType name="ArrayOf_xsd_anyType">
<xsd:sequence>
<xsd:element name="item"
type="xsd:anyType" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</complexType>
After that I have generated source files with IntelliJ Webservice plugin (over CXF wsdl2java)
In Camel I have configured following Endpoint:
CxfEndpoint endpoint = new CxfEndpoint();
endpoint.setAddress("http://127.0.0.1:9000/myfunctionalmock");
endpoint.setWsdlURL("wsdl/myservice_literal.wsdl");
endpoint.setServiceClass("com.my.example.MyFunctionalWebservices");
endpoint.setEndpointNameString("{http://my.example.com/myFunction}rpcrouter");
endpoint.setServiceNameString("{http://my.example.com/myFunction}MyFunctionalWebservicesService");
endpoint.setDataFormat(DataFormat.POJO);
endpoint.setSynchronous(true);
endpoint.setCamelContext(camelContext);
endpoint.setEndpointUriIfNotSpecified(MY_ENDPOINT_URL);
camelContext.addEndpoint(MY_ENDPOINT_URL, endpoint);
Usage of CXF-Endpoint in Camel route:
I want to call following function of webservice:
public Result isAlive(java.lang.String identifier);
The timer in the camel route is only for triggering the webservice.
from("timer://myTimer?period=10000")
.log(LoggingLevel.INFO, "START Timer Webservice.")
.setBody().constant("1620000018")
.setHeader("operationName", constant("isAlive"))
.setHeader("operationNamespace", constant("http://my.example.com/myFunction"))
.to(MyCamelConfiguration.MY_ENDPOINT_URL);
Problems with this approach:
At runtime following message appears at deployment time:
2015-03-05 09:57:46,659; 2010; [localhost-startStop-1]; DEBUG; wsdl11.WSDLServiceBuilder; Operation {http://my.example.com/myFunction}isAlive cannot be unwrapped, input message must reference global element declaration with same localname as operation
Following exception occurs at runtime:
org.apache.cxf.binding.soap.SoapFault: No namespace on "HTML" element. You must send a SOAP request.
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.readVersion(ReadHeadersInterceptor.java:111)
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:155)
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:835)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1614)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1504)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1310)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:628)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
at org.apache.camel.component.cxf.CxfProducer.process(CxfProducer.java:149)
at org.apache.camel.impl.SynchronousDelegateProducer.process(SynchronousDelegateProducer.java:62)
at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:120)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:416)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)
at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:166)
at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:74)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Second approach: Send the SOAP-Message without mapping to Objects.
Endpoint definition in Camel:
CxfEndpoint endpoint = new CxfEndpoint();
endpoint.setAddress("http://127.0.0.1:9000/myfunctionalmock");
endpoint.setEndpointNameString("{http://my.example.com/myFunction}rpcrouter");
endpoint.setServiceNameString("{http://my.example.com/myFunction}MyFunctionalWebservicesService");
endpoint.setDataFormat(DataFormat.RAW);
endpoint.setWrappedStyle(false);
endpoint.setSynchronous(true);
endpoint.setCamelContext(camelContext);
endpoint.setEndpointUriIfNotSpecified(MY_TEMPLATE_ENDPOINT_URL);
camelContext.addEndpoint(MY_TEMPLATE_ENDPOINT_URL, endpoint);
Usage in route:
from("timer://myTimer?period=10000")
.log(LoggingLevel.INFO, "START Timer Webservice.")
.setBody().constant(
"<soapenv:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:myns=\"http://my.example.com/myFunction\">\n" +
" <soapenv:Header/>\n" +
" <soapenv:Body>\n" +
" <myns:isAlive soapenv:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n" +
" <identifier xsi:type=\"xsd:string\">1620000018</identifier>\n" +
" </myns:isAlive>\n" +
" </soapenv:Body>\n" +
"</soapenv:Envelope>"
)
.to(MyCamelConfiguration.MY_TEMPLATE_ENDPOINT_URL)
.log(LoggingLevel.INFO, "END Timer Webservice.")
.log(LoggingLevel.INFO, "Body after ws call = ${body}");
But the webservice on http://localhost:9000/myfunctionalmock is never called.
I found following log messages in logfile:
2015-03-05 10:56:35,522; 12843; [Camel (camel-1) thread #0 - timer://myTimer]; DEBUG; phase.PhaseInterceptorChain; Invoking handleMessage on interceptor org.apache.cxf.jaxb.attachment.JAXBAttachmentSchemaValidationHack#1d3694a
2015-03-05 10:56:35,523; 12844; [Camel (camel-1) thread #0 - timer://myTimer]; DEBUG; phase.PhaseInterceptorChain; Invoking handleMessage on interceptor org.apache.cxf.ws.policy.PolicyVerificationInInterceptor#1a0ff10
2015-03-05 10:56:35,523; 12844; [Camel (camel-1) thread #0 - timer://myTimer]; DEBUG; policy.PolicyVerificationInInterceptor; Verified policies for inbound message.
2015-03-05 10:56:35,523; 12844; [Camel (camel-1) thread #0 - timer://myTimer]; INFO ; helpers.MarkerIgnoringBase; END Timer Webservice.
2015-03-05 10:56:35,523; 12844; [Camel (camel-1) thread #0 - timer://myTimer]; INFO ; helpers.MarkerIgnoringBase; Body after ws call = <HTML>
<HEAD><TITLE>Redirection</TITLE></HEAD>
<BODY><H1>Redirect</H1></BODY>
Both approaches do not work.Is there a possibility to call RPC/encoded webservice over CXF in Camel?
Thanks in advance.
Regards,
Max
As you say Apache CXF does not support the old RPC style. You would need to use an older WS library such as Apache Axis 1.x. There is no Camel component for that, but as its all just java code, you can write some java code that uses Axis 1.x, and then let Camel call the java code, using its bean component / processor.
http://camel.apache.org/bean
Another alternative is that as SOAP is over HTTP you can just use Camel's HTTP components also. But you would need to build the message body and headers according to the RPC style, but that should not be so hard either to do.

How to call, invoke or test a Web Service that has Wssp Policy attached?

I'm unable to test a web service that has a Security Policy attached. I have been required to develop several Web Services and protect them with simple user and password. There is no further security requeriments (no encription, no SSL, etc).
In order to test the security bits, I built a dummy web service with top-down method using jDeveloper11G. The simple service works and can be tested vía HTTP analyzer and invoked with SoapUI while running in the integrated WebLogic server. The service also works when deployed to a stand alone WebLogic 10.3.6.0 server.
Then I try to attach security policies. I have succesfully attached using two methods:
1) At development time by adding the #Policy annotation
2) After deployment using the WLS console, going to the Web Service Configuration tab, then WS-Policy and attaching a policy and letting the console update the deployment plan as per instructed in this document.
(After any of these options the HTTP Analyzer is unable to test the service as it doesn't generate the SOAP stucture form to fill in the parameters, nor it allows to paste the text for a request. The Test applet in the server console can't access the WSDL either, so I'm left with SoapUI only)
I conclude that the attachment is correct because when consulting the WSDL from the server, it has Polici related nodes, where the original I wrote doesn't.
The problem comes when I test with SoapUI 5.0.0.
If I don't add any type of user/password information, the response contains:
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Unknown exception, internal system processing error.</faultstring>
</env:Fault>
If I add the following headers:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>usertext</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">passwordtext</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
then the response changes to:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Error codes: 3001 4001 3201 1008 1028 Error code:3001</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
If I add the security information in the properties of the request without removing the headers I added manually to the request then the response becomes:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Error on verifying message against security policy Error code:1025</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
The properties I change are: Username, Password, Domain, WSS-Password type (PasswordText), WSS-TimeToLive(50000). The property Authentication Type shows the fixed value "No Authorization" and cannot be changed.
If at this point I remove the manually added header the response becomes the same as the second response I included.
I have tried the following pre defined policies:
Wssp1.2-2007-Wss1.1-UsernameToken-Plain-X509-Basic256.xml
Wssp1.2-2007-Wss1.0-UsernameToken-Plain-X509-Basic256.xml
Wssp1.2-2007-Https-BasicAuth.xml
Wssp1.2-2007-Https-UsernameToken-Plain.xml
(The last two produce a different error related to the SSL configuration of the server)
I have also made several searches of wsse:InvalidSecurity, and the related error codes in the fault string, but have obtained no relevant information.
I have read several Oracle Docs (such like E17904_01, E23943_01, E12461_01), but there is no information on what to do after attaching the policies nor I find specific informaion on how to modify the request in order to fulfill the security requirements. Also made several searches for examples or the errors I get in this site and others.
So the question is What further steps are needed to be able to invoke this web service while protecting it with plain text user and password?
Secondary question is where do I specify which users can access the service? At the moment I assume that any user in the default realm will have access and so I'm testing with a user for wich I now the password in the default security realm "myrealm".
The wsdl as returned by the server after the policy is attached follows:
<!--
Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Oracle JAX-WS 2.1.5.
-->
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="asegurado.institution.org" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" targetNamespace="asegurado.institution.org">
<wsp:UsingPolicy wssutil:Required="true" />
<wsp:Policy wssutil:Id="Wssp1.2-2007-Wss1.0-UsernameToken-Plain-X509-Basic256.xml">
<ns0:AsymmetricBinding xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<ns0:InitiatorToken>
<wsp:Policy>
<ns0:X509Token ns0:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<ns0:WssX509V3Token10/>
</wsp:Policy>
</ns0:X509Token>
</wsp:Policy>
</ns0:InitiatorToken>
<ns0:RecipientToken>
<wsp:Policy>
<ns0:X509Token ns0:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<ns0:WssX509V3Token10/>
</wsp:Policy>
</ns0:X509Token>
</wsp:Policy>
</ns0:RecipientToken>
<ns0:AlgorithmSuite>
<wsp:Policy>
<ns0:Basic256/>
</wsp:Policy>
</ns0:AlgorithmSuite>
<ns0:Layout>
<wsp:Policy>
<ns0:Lax/>
</wsp:Policy>
</ns0:Layout>
<ns0:IncludeTimestamp/>
<ns0:ProtectTokens/>
<ns0:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</ns0:AsymmetricBinding>
<ns0:SignedEncryptedSupportingTokens xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<ns0:UsernameToken ns0:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<ns0:WssUsernameToken10/>
</wsp:Policy>
</ns0:UsernameToken>
</wsp:Policy>
</ns0:SignedEncryptedSupportingTokens>
<ns0:Wss10 xmlns:ns0="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<ns0:MustSupportRefKeyIdentifier/>
<ns0:MustSupportRefIssuerSerial/>
</wsp:Policy>
</ns0:Wss10>
</wsp:Policy>
<types>
<xsd:schema>
<xsd:import namespace="asegurado.institution.org" schemaLocation="http://hn-apli-dev:7001/Asegurado/asegurado?xsd=1" />
</xsd:schema>
</types>
<message name="intentarRequest">
<part name="request" type="tns:intentarRequest" />
</message>
<message name="intentarResponse">
<part name="response" type="tns:intentarResponse" />
</message>
<portType name="asegurado">
<operation name="intentar">
<input message="tns:intentarRequest" />
<output message="tns:intentarResponse" />
</operation>
</portType>
<binding name="aseguradoBinding" type="tns:asegurado">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
<operation name="intentar">
<wsp:PolicyReference URI="#Wssp1.2-2007-Wss1.0-UsernameToken-Plain-X509-Basic256.xml" />
<soap:operation style="document" soapAction="asegurado.isntitution.org/intentar" />
<input>
<soap:body use="literal" parts="request" />
</input>
<output>
<soap:body use="literal" parts="response" />
</output>
</operation>
</binding>
<service name="ServicioAsegurado">
<port name="asegurado" binding="tns:aseguradoBinding" />
</service>
</definitions>

mule simple web client soap request with wsdl

I would like to make request to web service from mule flow. So far I got WSDL generate classes (wsdl2java), prepared flow (below), and "successfully" send request. Now, problem is, that even thou I have taken base class from generated class and put it in payload it does not generate required soap.
My flow:
<flow name="flow1" doc:name="flow1">
<quartz:inbound-endpoint jobName="testingJob" repeatInterval="10810000" repeatCount="0" startDelay="5000" responseTimeout="10000" doc:name="Quartz">
<quartz:event-generator-job groupName="g1job" jobGroupName="g1job">
<quartz:payload>a</quartz:payload>
</quartz:event-generator-job>
</quartz:inbound-endpoint>
<logger message="Starting quartz for testing purpouses" level="INFO" doc:name="Logger"/>
<custom-transformer class="com.example.GenerateSimpleRoutePublish" doc:name="Java"/>
<cxf:simple-client doc:name="SOAP" serviceClass="com.example.ws.MyWebService" operation="send">
</cxf:simple-client>
<logger message="#[payload]" level="INFO" doc:name="Logger"/>
<http:outbound-endpoint exchange-pattern="request-response" host="localhost" port="9094" path="sync-server-web/services/myws" method="POST" connector-ref="http_internal" doc:name="HTTP"/>
</flow>
GenerateSimpleRoutePublish just put base object into payload and move on.
Result that is sent as soap request:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns1:send xmlns:ns1="http://somenamespace.si/">
<ns1:arg0>
<ns1:MyRequest>
...
But it should look like this:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns1:send xmlns:ns1="http://somenamespace.si/">
<ns1:MyRequest>
...
Notice that is not there anymore in desired xml.
Anyone knows how to achieve that? I did googled a lot but just don't find right solution. If more is required then I can provide info.
Thanks!
EDIT
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="MyWebService" targetNamespace="http://ws.example.com/" xmlns:ns1="http://schemas.xmlsoap.org/soap/http" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns="http://ws.example.com/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsdl:types>
<xs:schema elementFormDefault="unqualified" targetNamespace="http://ws.example.com/"
version="1.0" xmlns:tns="http://ws.example.com/" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="MyRequest" type="tns:MyRequest" />
<xs:element name="send" type="tns:send" />
<xs:element name="sendResponse" type="tns:sendResponse" />
<xs:complexType name="send">
<xs:sequence>
<xs:element minOccurs="0" ref="tns:MyRequest" />
</xs:sequence>
</xs:complexType>
<xs:complexType final="extension restriction" name="MyRequest">
<xs:complexContent>
...
Transformer class GenerateSimpleRoutePublish.java:
#Override
public MuleEvent process(MuleEvent event) throws MuleException {
event.setMessage(transformMessage(event.getMessage(), event.getEncoding()));
// TODO Auto-generated method stub
return event;
}
public MuleMessage transformMessage(MuleMessage message, String outputEncoding) throws TransformerException {
MyRequest myRequest = new MyRequest();
/**
* some filling of testing data that is formatted correctly when soap is sent.
*/
Send send = new Send();
send.setMSyequest(myRequest);//the only setter method available for Send
message.setPayload(send);
return message;
}
Send.java methods and xml definition:
#XmlAccessorType(XmlAccessType.FIELD)
#XmlType(name = "send", propOrder = {"myRequest"})
public MyRequest getMyRequest()
public void setMyRequest(MyRequest value)
Instead of using a custom-transformer you could use Groovy script to send SOAP request to webservice client just as Java pojo class... Please check the reference :- https://m-square.com.au/consuming-net-wcf-soap-web-services-from-mule/

Access to Navision codeunit via web service (xml)

I try to access the Navision 2009 R2 web service by generating a SOAP message from C#. I get the response only if the codeunit's function I call has no parameters.
Example for codeunit RunJob function Test (no parameters, returns a hardcoded string):
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<Test xmlns="urn:microsoft-dynamics-schemas/codeunit/runjob">
</Test>
</soap:Body>
</soap:Envelope>
As result I get that string...
Example for same codeunit RunJob function RunJob (takes 1 string parameter named parameter, returns an internal server error):
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<RunJob xmlns="urn:microsoft-dynamics-schemas/codeunit/runjob">
<parameter>aaaa</parameter>
</RunJob>
</soap:Body>
</soap:Envelope>
As result I get the error (WebResponse wr = request.GetResponse();) instead of the needed info.
The most interesting thing is that it worked before. The only changes (as for me) - NAV 2013 was installed.
Has anyone experienced the same issue or knows the solution?
P.S.
Here is a part of the web service definition for the RunJob function:
<element name="Runjob">
<complexType>
<sequence>
<element minOccurs="1" maxOccurs="1" name="parameter" type="string"/>
</sequence>
</complexType>
</element>
<element name="Runjob_Result">
<complexType>
<sequence>
<element minOccurs="1" maxOccurs="1" name="return_value" type="string"/>
</sequence>
</complexType>
</element>
It was all about the function/variables naming.
The first letter of the each parameter of the function should be small one.
The SOAP body should be like this ("codeunit" is in lowercase, but it's name is as exposed in NAV)
<RunJob xmlns="urn:microsoft-dynamics-schemas/codeunit/RunJob">
...params...
</RunJob>
the Request header (codeunit name in lower case, function name as it is)
"urn:microsoft-dynamics-schemas/codeunit/runjob:RunJob"
It sound awkward but try to put
<soap:Body><RunJob xmlns="urn:microsoft-dynamics-schemas/codeunit/runjob">
in single line, i.e. no carriage return between Body and RunJob.