call webservice url with credentials - web-services

I know this is a bad idea since everyone can see the credentials but this is going to happen from a stored procedure so it is pretty secure anyway. I just want to call the webservice GetPerson method and send in SSN, username and password
http://79.171.249.41/nasherpopman/PopManWebService.asmx/GetPerson?personnumber=197310101212&username=myusername&password=mypassword
But when i do this the page goes blank and the only thing on the page is:
Index was outside the bounds of the array.
and i get 500 Internal Server Error if i go to chrome developer bar under network and look at the call. Do i have to send the credentials to the method in another way?
this is what the webservice method looks like:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetPerson xmlns="http://tempuri.org/">
<personnumber>string</personnumber>
<username>string</username>
<password>string</password>
</GetPerson>
</soap:Body>
</soap:Envelope>

Related

Basic Soap Request issue

I am very new to SOAP protocol.
I have this sample SOAP:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<processSOAPReq xmlns="http://tempuri.org/">
<sRequest>string</sRequest>
<sResponse>string</sResponse>
</processSOAPReq>
</soap:Body>
</soap:Envelope>
I am given another xml with sample request. I have been trying to put this sample request inside the <sRequest>string</sRequest> above but I always get Bad Request or
server was unable to process request. ---> Value cannot be null. Parameter name: input
What am I doing wrong. I have been trying for a long time now using SOAPUI.
Btw I also have wsdl but I still do not understand what the correct request should be.
I would suggest that you check if the values are matching the parameters, and double check the wsdl file.

SOAP Web Service Auth Headers issue

I am currently trying to use a web service from a Flex client, and hitting a small issue. The service reads a SOAP header called 'AuthHeader' for credentials, and it works from a test client (using Storm from CodePlex) using this request:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<AuthHeader xmlns="http://ns.stickykiwi.com/">
<Username />
<Password />
</AuthHeader>
</soap:Header>
<soap:Body>
<Authenticate xmlns="http://ns.stickykiwi.com/" />
</soap:Body>
</soap:Envelope>
The service returns true (Boolean) if the credentials are ok, false if not. Now when I call the service from Flex it sends this:
<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<ns0:AuthHeader xmlns:ns0="https://stickykiwi01">
<ns0:Password/>
<ns0:Username/>
</ns0:AuthHeader>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<tns:Authenticate xmlns:tns="http://ns.stickykiwi.com/"/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
This returns,
'System.NullReferenceException: Object reference not set to an instance of an object'
because for some reason, probably best known to someone with better eyesight than me, there is a serious difference between these 2 requests, I am just not seeing it.
So, how do I create the headers in Flex? I have this code in the web service definition file:
var qname:QName = new QName("https://stickykiwi01","AuthHeader");
var header:SOAPHeader = new SOAPHeader(qname,{Username:"",Password:""});
_serviceControl.addHeader(header);
Which is in a file called _Super_AuthenticationServices.as. I pulled the Flex request from the network monitor.
A couple of points to note,
The service isn't mine, but I assume it works as I can test it from another client successfully.
Yes I know SOAP services are now depreciated and we should be moving all our code to WCF, it is in progress and will be brought in house eventually.
We wanted to use Basic auth for the service but Flex doesn't allow me to add the HTTP headers to a SOAP request so that is out.
All of this is run over HTTPS, because I know it is not secure as credentials are passed as plain text, once we have this running we will pass a single hashed string (same as basic auth) and unhash it on the server too, this way is just MUCH easier to debug.
Thank you for your advice.
EDIT
This is what the service is expecting, and I think I am meeting that criteria, I cannot see an issue here at all.
POST /services/_authentication/authenticationservices.asmx HTTP/1.1
Host: stickykiwi01
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://ns.stickykiwi.com/Authenticate"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<AuthHeader xmlns="http://ns.stickykiwi.com/">
<Username>string</Username>
<Password>string</Password>
</AuthHeader>
</soap:Header>
<soap:Body>
<Authenticate xmlns="http://ns.stickykiwi.com/" />
</soap:Body>
</soap:Envelope>
No, it works.
Not sure what was going on, but I changed nothing, but this morning the headers are working exactly as expected, here is the request
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<tns:AuthHeader xmlns:tns="http://ns.stickykiwi.com/">
<tns:Username></tns:Username>
<tns:Password></tns:Password>
</tns:AuthHeader>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<tns:Authenticate xmlns:tns="http://ns.stickykiwi.com/"/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The only difference I can see is that now the prefix is tns on everything instead of ns0. But anyway, issue resolved, possibly via magic.
Thanks

SOAP re-declaring qname inside body

I have a SOAP request of this form:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:myqname="http://example.com/hello"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<myqname:MyRequest xmlns:myqname="http://example.com/hello">
...
</myqname:MyRequest>
</soapenv:Body>
</soapenv:Envelope>
If I ask SOAPUI to "Format XML" this request,
it removes the second declaration of myqname, so I get this:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:myqname="http://example.com/hello"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<myqname:MyRequest>
...
</myqname:MyRequest>
</soapenv:Body>
</soapenv:Envelope>
The original request works fine,
but the Application Servers fails with the modified request with this error:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Client</faultcode>
<faultstring>Unmarshalling Error: UndeclaredPrefix: Cannot resolve 'myqname:MyRequest' as a QName: the prefix 'myqname' is not declared.</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
According to the web services specification,
is it mandatory for the qname to be re-declared inside the soapenv:Body node?
Is this a SOAPUI bug, or an Application Server bug? or a misunderstanding from my part?
SOAPUI 4.0.1, WebLogic Server Version: 10.3.2.0
Edit: ups, even if using WebLogic application server, I was using the CXF web services framework. I posted the issue there. issues.apache.org/jira/browse/CXF-4026
So: SOAPUI 4.0.1, CXF 2.5.0
I'd describe it as a bug in the code that strips the SOAP envelope; it should preserve the namespace context yet it isn't doing so, and that's breaking the XML. I guess that's because it is doing the stripping by taking a substring rather than operating at the DOM element level (whether or not it's using DOM processing to do the stripping is beside the point). I'm not sure which component is doing that stripping because of the way these things can be nested, but I suspect it's WebLogic…
[EDIT]: I've checked the SOAP specification and it does not say that the contents of the body has to directly declare the namespace used (see §5.3.1), though it does say that it SHOULD be namespaced. Because of that, normal XML namespacing rules apply — the whole SOAP message is simply an XML document — and that would make WebLogic's behavior a bug.

Coldfusion Web Service Response Problem

I have a problem with the Web Service I recently developed.
The problem is about the Web Service response. More precisely sometimes the Web Service sends back the following response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<ns1:GetConstants2Response soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://usermanagerwstest">
<GetConstants2Return xsi:type="ns2:CFComponentSkeleton" xmlns:ns2="http://rpc.xml.coldfusion"/>
</ns1:GetConstants2Response>
</soapenv:Body>
</soapenv:Envelope>
Instead the correct response (that sometimes shows up in an intermittent way) is reported below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<ns1:GetConstants2Response soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://usermanagerwstest">
<GetConstants2Return xsi:type="ns1:Constants2">
<BooleanTypeFalse xsi:type="xsd:string">0</BooleanTypeFalse>
<BooleanTypeTrue xsi:type="xsd:string">1</BooleanTypeTrue>
<GenderFemale xsi:type="xsd:string">F</GenderFemale>
<GenderMale xsi:type="xsd:string">M</GenderMale>
<LanguageEnglish xsi:type="xsd:string">inglese</LanguageEnglish>
<LanguageItalian xsi:type="xsd:string">italiano</LanguageItalian>
</GetConstants2Return>
</ns1:GetConstants2Response>
</soapenv:Body>
</soapenv:Envelope>
Where does the CFCComponentSkeleton comes from?
I thank everybody in advance.
It sounds like perhaps the method was missing. When you hit a CFC and don't pass a method, you get the descriptor - a HTML view of the CFC methods. When you do that with ?wsdl in the URL, it should send the WSDL back. But maybe something is getting in the way. Maybe check your web server logs and see if something odd was passed in the URL. Also look into adding some logging within the CFC as well.

Move namespace declaration from payload to envelope on an axis created web service

I just created a web service client using axis and eclipse that does not work with my web service provider. The message created by the web service client looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<enviarMensajeRequest
xmlns="http://www.springframework.org/spring-ws/Imk-Zenkiu-Services">
<usuario>someuser</usuario>
<clave>somepassword</clave>
<mensaje>somemessage</mensaje>
<contacto>
<buzonSMS>somenumber</buzonSMS>
<primerNombre>somefirstname</primerNombre>
<primerApellido>somelastname</primerApellido>
</contacto>
</enviarMensajeRequest>
</soapenv:Body>
</soapenv:Envelope>
I see nothing wrong with the message but my provider insists the message should be:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:imk="http://www.springframework.org/spring-ws/Imk-Zenkiu-Services">
<soapenv:Body>
<imk:enviarMensajeRequest>
<imk:usuario>someuser</imk:usuario>
<imk:clave>somepassword</imk:clave>
<imk:mensaje>somemessage</imk:mensaje>
<imk:contacto>
<imk:buzonSMS>somenumber</imk:buzonSMS>
<imk:primerNombre>somefirstname</imk:primerNombre>
<imk:primerApellido>somelastname</imk:primerApellido>
</imk:contacto>
</imk:enviarMensajeRequest>
</soapenv:Body>
</soapenv:Envelope>
Notice the namespace declaration moving from the enviarMensajeRequest to the soapenv:Envelope and the qualification with imk: on the parameters. I've tried many combinations on the process but my web service, wsdl and xml knowledge is very limited. The provider says that they can't help beyond telling me this. Any ideas? Perhaps a different framework that I can use to create the correct client.
Your provider is wrong, the messages are semantically equivalent; yours is unqualified, theirs is qualified. Are you using Axis or Axis2? If you're using Axis, I suggest you switch to Axis2 for a more robust, standards-compliant SOAP stack (both products are bad, but Axis2 is less-bad).
I assume you are creating your client with wsdl2java? If you can't get this tool to generate the message the way you like, then your best bet is to generate the message programmatically.
With Axis2, you can do this with the AXIOM API. See this link for some example API usage. Note that with most of the methods, e.g. createOMElement, you optionally pass the namespace prefix. So, if your provider requires it, then you could pass a String containing "imk" as the namespacePrefix parameter.
If you end up doing this programmatically and you are only going to be writing a simple client, then I STRONGLY suggest you abandon the Axis/Axis2 approach and use the JAX-WS stack instead, as it is part of Java since 1.6. The API is cleaner and the documentation is better. For example, following is a very simple client I wrote to send a SOAP request to our JIRA server. The sample code creates both qualified and unqualified elements.
QName port = new QName(endpoint, "subversionsoapservice-v2");
QName serviceName = new QName(endpoint, "ISubversionSoapServiceService");
Service service = Service.create(serviceName);
service.addPort(port, SOAPBinding.SOAP11HTTP_BINDING, endpoint);
Dispatch<SOAPMessage> dispatch = service.createDispatch(port, SOAPMessage.class, Service.Mode.MESSAGE);
MessageFactory factory = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL);
SOAPMessage request = factory.createMessage();
SOAPBody body = request.getSOAPBody();
SOAPElement reindexRepository = body.addChildElement("reindexRepository", "jira", "http://soap.ext.plugin.jira.atlassian.com");
SOAPElement in0 = reindexRepository.addChildElement("in0");
in0.addTextNode("test");
request.saveChanges();
dispatch.invoke(request);
The XML sent by the client looks like this:
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<jira:reindexRepository xmlns:jira="http://soap.ext.plugin.jira.atlassian.com">
<in0>test</in0>
</jira:reindexRepository>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>