I believe I found bug in WSO2 ESB.
I defined proxy service for our customer.
With security turned off I always get expected result, but when I enable security (scenario 1 - UsernameToken), then I get error "SOAP Envelope can not have children other than SOAP Header and Body".
I'm able to reproduce this bug with 'echo' service.
Here is request:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:echo="http://echo.services.core.carbon.wso2.org">
<soap:Body>
<echo:echoString>
<in>ABC</in>
</echo:echoString>
</soap:Body>
</soap:Envelope>
Turning security off or adding <soap:Header /> element before <soap:Body> element provides expected response again.
I'm using WSO2 ESB version 4.8.1, SoapUI 5.0.0 as client.
The SOAP headers contain application specific information related to the SOAP message. They typically contain routing information, authentication information, transaction semantics etc.
If you removed <soapenv:Header/> SoapUI will not send your user name and password to rampart.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<echo:echoString>
<!--Optional:-->
<in>ABC</in>
</echo:echoString>
</soapenv:Body>
</soapenv:Envelope>
So your error was return by org.apache.axiom.soap.SOAPProcessingException due to AxisEngine System error.
When your sending request to secured one header is must..
Related
I used JMeter as proxy to record all requests of a test scenario of our web services, and JMeter created request and one HTTP Authorization Manager, with stored authorizations for each request.
But when I launch this scenario, I get a 401 response code for all requests. I move HTTP Authorization manager in Thread Group, but I still get a 401 code.
All requests of our WS require authentication.
How do add authentication in one place for each request ? And, how parameterized them ?
Thanks, Denis
The answers may vary depending on web service security type and there are a lot of options, for example web service may require custom authentication header, custom HTTP header, custom cookie, custom token somewhere, etc.
Exhibit A: request without authentication
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://www.webserviceX.NET">
<soap:Header/>
<soap:Body>
<web:GetCitiesByCountry>
<!--Optional:-->
<web:CountryName>India</web:CountryName>
</web:GetCitiesByCountry>
</soap:Body>
</soap:Envelope>
Exhibit B: request with username/password authentication
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://www.webserviceX.NET">
<soap:Header>
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-29FBADA106D95AD8E114818886210611">
<wsse:Username>johndoe</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
secret
</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
jnXB+PJ34M7aqfDU88glzg==
</wsse:Nonce>
<wsu:Created>2016-12-16T11:43:40.755Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<web:GetCitiesByCountry>
<!--Optional:-->
<web:CountryName>India</web:CountryName>
</web:GetCitiesByCountry>
</soap:Body>
</soap:Envelope>
The most commonly used way of parametrizing a request is using CSV Data Set Config.
See Take the Pain out of Load Testing Secure Web Services article for more detailed explanation of some web services authentication types bypassing in JMeter test.
I have enabled the admin services from carbon.xml for API Manager and extracted the wsdl successfully. Now I am trying to invoke the service RemoteTenantManagerService using SOAP UI. I have loaded the wsdl in SOAP UI and also provided the Basic authentication Username/Password as admin/admin. But I am getting following message back. Port for API Manager is Offset 1
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<ser:getAllTenants/>
</soapenv:Body>
</soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>The service cannot be found for the endpoint reference (EPR) /services/RemoteTenantManagerService.RemoteTenantManagerServiceHttpsSoap11Endpoint</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
There are two types of transports, PassThrough and servlet. The admin services are exposed through servlet transport. Hence those must be invoked using servlet transport port.
For ex:- https://{host}:9443/services/RemoteTenantManagerService
In your case you have set offset to the "1" so please call the service using the URL https://{host}:9444/services/RemoteTenantManagerService
The generated WSDL contains the endpoint with Passthrough port hence soapUI shows it as the default endpoint. Please change the port to servlet port (your case it should be 9444) and run again.
I have deployed a custom Proxy Service in WSO2 ESB and I can't obtain any response from the web service i call with it in "Try this service" page. I've tried to send the request with SOAP UI passing through the Proxy Service of WSO2ESB (I put the endpoint of the Proxy Service, and NOT of the WS, in SOAP UI) and it works correctly. The same SOAP request doesn't work in the WSO2ESB page unreasonably.
So, when i create a scheduled task with the selected proxy service it returns me an error. I don't know how to change the content of the SOAP message in order to make it correct for ESB.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://ec.europa.eu/eurostat/sri/service/2.0">
<soapenv:Header/>
<soapenv:Body>
<ns:QueryStructure>
<!--Optional:-->
<ns:Query>
<RegistryInterface xsi:schemaLocation="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/message SDMXMessage.xsd" xmlns="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/message" xmlns:common="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/common" xmlns:compact="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/compact" xmlns:cross="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/cross" xmlns:generic="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/generic" xmlns:query="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/query" xmlns:structure="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/structure" xmlns:registry="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/registry" xmlns:utility="http://www.SDMX.org/resources/SDMXML/schemas/v2_0/utility" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Header>
<ID>JD014</ID>
<Test>true</Test>
<Truncated>false</Truncated>
<Name xml:lang="en">Trans46302</Name>
<Prepared>2001-03-11T09:30:47-05:00</Prepared>
<Sender id="BIS"/>
</Header>
<QueryStructureRequest resolveReferences="false">
<registry:DataflowRef/>
</QueryStructureRequest>
</RegistryInterface>
</ns:Query>
</ns:QueryStructure>
</soapenv:Body>
</soapenv:Envelope>
This runs on SOAP UI (through ESB) and not on the same ESB.
For changing the content of a message you can use Payload Mediator.
There's also an example on how to do this.
Hope that helps.
I want to add wsse Security header to my web service client on ASP 3.5. I test the web service from SoapUI using this Soap Envelope and get an answer:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:comp="http://myCompany.org.tr"> <soapenv:Header xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
<wsse:Username>MyUsername</wsse:Username>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
(Body Info.)
</soapenv:Body>
</soapenv:Envelope>
I want to create this envelope through classic Web Service Reference which created by Visual Studi 2012. Which class should I use to add Username Info to my envelope?
Thank you John, and Ladislav.
Turns out that you should add the header via web.config file to get properly ordered SOAP message. Otherwise .Net tries to nest your code with its own capsulation (even you dont ask for it), and sends some rubbish as a result.
I have a SOAP request of this form:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:myqname="http://example.com/hello"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<myqname:MyRequest xmlns:myqname="http://example.com/hello">
...
</myqname:MyRequest>
</soapenv:Body>
</soapenv:Envelope>
If I ask SOAPUI to "Format XML" this request,
it removes the second declaration of myqname, so I get this:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:myqname="http://example.com/hello"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<myqname:MyRequest>
...
</myqname:MyRequest>
</soapenv:Body>
</soapenv:Envelope>
The original request works fine,
but the Application Servers fails with the modified request with this error:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>Unmarshalling Error: UndeclaredPrefix: Cannot resolve 'myqname:MyRequest' as a QName: the prefix 'myqname' is not declared.</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
According to the web services specification,
is it mandatory for the qname to be re-declared inside the soapenv:Body node?
Is this a SOAPUI bug, or an Application Server bug? or a misunderstanding from my part?
SOAPUI 4.0.1, WebLogic Server Version: 10.3.2.0
Edit: ups, even if using WebLogic application server, I was using the CXF web services framework. I posted the issue there. issues.apache.org/jira/browse/CXF-4026
So: SOAPUI 4.0.1, CXF 2.5.0
I'd describe it as a bug in the code that strips the SOAP envelope; it should preserve the namespace context yet it isn't doing so, and that's breaking the XML. I guess that's because it is doing the stripping by taking a substring rather than operating at the DOM element level (whether or not it's using DOM processing to do the stripping is beside the point). I'm not sure which component is doing that stripping because of the way these things can be nested, but I suspect it's WebLogic…
[EDIT]: I've checked the SOAP specification and it does not say that the contents of the body has to directly declare the namespace used (see §5.3.1), though it does say that it SHOULD be namespaced. Because of that, normal XML namespacing rules apply — the whole SOAP message is simply an XML document — and that would make WebLogic's behavior a bug.