I'm getting a cryptic error message - Wrong element order encountred at Reason
Here's a summary of what I am doing:
I’ve applied the UsernameToken security policy to the Security Token
Service.
I've added my app (http://localhost:3000/) as a trusted service.
I attempt to invoke the IssueToken operation at
https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/
Using this message:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:To s:mustUnderstand="1">https://localhost:9443/services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint/</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
<o:Username>user1</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>http://localhost:3000/</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
</trust:RequestSecurityToken>
</s:Body>
</s:Envelope>
I get this error:
<html><head><title>Apache Tomcat/7.0.34 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - Wrong element order encountred at Reason</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>Wrong element order encountred at Reason</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.apache.axiom.om.impl.exception.OMBuilderException: Wrong element order encountred at Reason
org.apache.axiom.soap.impl.builder.SOAP12BuilderHelper.handleEvent(SOAP12BuilderHelper.java:94)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:429)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:273)
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createNextOMElement(StAXSOAPModelBuilder.java:234)
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249)
org.apache.axiom.om.impl.dom.NodeImpl.build(NodeImpl.java:447)
org.apache.axiom.om.impl.dom.ParentNode.getChildNodes(ParentNode.java:168)
org.apache.ws.security.util.WSSecurityUtil.findChildElement(WSSecurityUtil.java:596)
org.apache.ws.security.util.WSSecurityUtil.findWsseSecurityHeaderBlock(WSSecurityUtil.java:717)
org.apache.ws.security.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:145)
org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:406)
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
org.apache.axis2.engine.Phase.invoke(Phase.java:313)
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:515)
org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433)
org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398)
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188)
org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.34 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.34</h3></body></html>
Any ideas on what I am doing wrong?
I am not sure about the exact error that you mentioned. But, if i just look, i could see that timestamp has been missed in the security header. However i would copy the request message that i tried out...I use this message with SOAPUI to get the SAML Assertion from the STS service.. I guess this may help you.. If you are using this message, Please consider about timestamp value.. you can change it as it is not signed.
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2014-03-04T17:53:57.033Z</wsu:Created>
<wsu:Expires>2014-03-04T17:58:57.033Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wst:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:53:56.768Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-03-04T17:58:56.768Z</wsu:Expires>
</wst:Lifetime>
<wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
<wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
<wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
</wst:Claims>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
Related
The request works in SoapUI but as we are using Postman-Newman for Automation of this API so how to make this work in Postman.
I saw some solutions where it says to add security tag in request body but what's the username to provide there as we don't provide any user name in SoapUI.
How I config in SoapUI
Select Keystores and select the certificate and add password
Set "Outgoing WS-Security Configurations" attaching screenshot to show what we have to send in that. keystore, password, key identifier Type and parts
Postman config:
Added the certificate in postman using settings as well added the password.
Created a request and added the request body
in request body I tried below but I am not sure what is the username or nonce as we don't give this info in SoapUI. This returns an error The SOAP request has not been signed, or is signed incorrectly
<wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsu:Timestamp wsu:Id='TS-11b7d3261c994de099eb8c431b33947b'>
<wsu:Created>2019-09-06T12:09:15.604Z</wsu:Created>
<wsu:Expires>2019-09-06T12:09:25.619Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id='UsernameToken-238be95be3bf445fb8534666a7a8693c'>
<wsse:Username>***login***</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordDigest'>***Base64 (SHA-1 (nonce + created + password) )***</wsse:Password>
<wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soapmessage-security-1.0#Base64Binary'>***Base64 nonce***</wsse:Nonce>
<wsu:Created>2019-09-06T12:09:15.604Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
Also tried below and here I get soap fault
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>XXXXX</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Also tried below solution but not sure what username to provide here as we only provide Password in SoapUI and not UserName
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>Whattogivehere</wsse:Username>
<wsse:Password>******</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Include the WS-Security header part in your soap header like bellow. Also please make sure to enter the correct Username and Password as plaintext.
<soapenv:Header>
------
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-16" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:Username>XXXXX</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXX</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
----
</soapenv:Header>
I want to call one soap service through mulesoft.
To attach header to soap request body I used these links -Mule 3.7. Add custom SOAP header to web-service-consumer. As mentioned in this link, I have added "Message Properties" component before "Web Service Consumer", but I am getting below exception -
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "soapenv" (for attribute "actor")
Also I tried it using Property component as mentioned here - https://dzone.com/articles/working-with-headers-in-mule-flows
Still I am not able to hit soap service. Is there any other way to add header to soap request body?
Header that i want to add to my soap request -
<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>Pilot\ABCD</wsse:Username>
<wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password>
</wsse:UsernameToken>
--Update- My code-
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw" xmlns:ws="http://www.mulesoft.org/schema/mule/ws" xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="Web_Service_Consumer_2" wsdlLocation="https://soa.abc.com/abcd_v4_0?wsdl" service="abcdService_vs0" port="xyz_Internal" serviceAddress=""https://soa.abc.com:56655/abcd_v4_0" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<sub-flow name="tempSub_Flow">
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/></wsse:Security>" doc:name="Property"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
{
ns0#addTransaction:{
ns0#aTransaction: {
ns0#transactionCode: "xyz",
ns0#methodCode: "abc",
ns0#amount: flowVars.amount,
ns0#effectiveDate: now as :string {format: "yyyy-MM-dd"}
}
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="Web_Service_Consumer_2" operation="addEftTransaction" doc:name="Web Service Consumer"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
%namespace ns0 urn:abc.com:schemas:gfr:a:b:service:2014-01-10
---
payload.ns0#addTransactionResponse.ns0#transactionNumber
]]></dw:set-payload>
</dw:transform-message>
</sub-flow>
</mule>
--- UPDATE ---
Two parts to the answer really, for the direct question of how to add SOAP headers, it looks like you might have missed declaring the namespace of soapenv for the Security element you were adding. For example, the below code should work for adding the "Security" header to the SOAP Envelope. The whole XML element must be defined, including any namespaces it uses.
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken><wsse:Username>Pilot\ABCD</wsse:Username><wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yt15#58</wsse:Password></wsse:UsernameToken></wsse:Security>" doc:name="Set soap.Security"/>
That looks pretty unattractive though, and since you are adding a username/password security header then you probably want to add this directly into the security element of the Web Service Consumer configuration itself:
<ws:consumer-config name="WSConfig" wsdlLocation="MyService.wsdl" service="MyService" port="MyPort" serviceAddress="https://example.com" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="Pilot\ABCD" password="yt15#58" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
The issue with the above is that it won't add the soapenv:actor="appId" attribute.
It looks like the security configuration on the WS consumer will overwrite the actor attribute. The below code mostly works on Mule 3.8 and uses the sample WSDL found here: https://github.com/skjolber/mockito-soap-cxf/tree/master/src/test/resources/wsdl
The first flow builds the request to the SOAP web service, the second flow just receives the request made by the first flow and logs it.
<mule xmlns:metadata="http://www.mulesoft.org/schema/mule/metadata"
xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw"
xmlns:ws="http://www.mulesoft.org/schema/mule/ws"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd">
<ws:consumer-config name="BankCustomerService_WS_Consumer" wsdlLocation="BankCustomerService.wsdl" service="BankCustomerService" port="BankCustomerServicePort" serviceAddress="http://localhost:8778/services/bankCustomer" doc:name="Web Service Consumer">
<ws:security>
<ws:wss-username-token username="user" password="password" passwordType="TEXT"/>
</ws:security>
</ws:consumer-config>
<http:listener-config name="HTTP_TestListener" host="0.0.0.0" port="8092" doc:name="HTTP Listener Configuration"/>
<http:listener-config name="HTTP_WebServiceStub" host="0.0.0.0" port="8778" doc:name="HTTP Listener Configuration"/>
<flow name="soapsandboxFlow">
<http:listener config-ref="HTTP_TestListener" path="/soap" doc:name="HTTP"/>
<set-property propertyName="soap.Security" value="<wsse:Security soapenv:actor="AppID" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" />" doc:name="Set soap.Security"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 http://example.bank.skjolber.github.com/v1
---
{
ns0#getAccountsRequest: {
ns0#customerNumber: 987654321,
ns0#certificate: 1234
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="BankCustomerService_WS_Consumer" operation="getAccounts" doc:name="Web Service Consumer"/>
</flow>
<flow name="soapsandboxFlow1">
<http:listener config-ref="HTTP_WebServiceStub" path="services/bankCustomer" doc:name="HTTP"/>
<logger message="#[message.payloadAs(String)]" level="INFO" doc:name="Logger"/>
</flow>
</mule>
Running a simple GET request to localhost:8092 creates a static web service request and sends that to through the WS Consumer Component. The logger in the stub prints out the entire SOAP envelope, which as shown below includes the security header, but not the actor attribute:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-CA524029E5DEDE6E3715320371056746">
<wsse:Username>user</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ns0:getAccountsRequest xmlns:ns0="http://example.bank.skjolber.github.com/v1">
<ns0:customerNumber>987654321</ns0:customerNumber>
<ns0:certificate>1234</ns0:certificate>
</ns0:getAccountsRequest>
</soap:Body>
</soap:Envelope>
I will do a bit more research to see if I can include the actor attribute in the security header. As this is a standard attribute I it should be possible. I will update this answer when I can.
Johnson.
and need to know few things as I am getting Internal error from server and I think it is related how am I generating Header port of SOAP.
Here is how it should look like:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-CA07017CE54cDFC14720230904344">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">******</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">xgy3s2Owe4zUNGc/2t3twA==</wsse:Nonce>
<wsu:Created>2016-08-24T07:18:10.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
ok, so:
- username is username :)
- password is cleardText from what I can see
- Nonce I am generating like this:
var nonce = new Date().getTime() * 1000;
nonce = new Buffer(nonce.toString()).toString('base64'); (Nodejs)
- And date is generated like below in sample.
My questions:
- UsernameToken ID: how this is generated? Must this be presented?
If my SOAP request looks like this, is this ok:
<soap:Header>
<wsse:UsernameToken>
<wsse:Password>1231231</<wsse:Password>
<wsse:Nonce>1232132131</wsse:Nonce>
<wsu:Created>2016-08-24T07:18:10.434Z</wsu:Created>
</wsse:UsernameToken>
</soap:Header>
Or must I put all http stuff end etc?
thank you very much!
MIha
I am trying to customize the soap header in Mule 3.7. By default using the web-service-consumer I get the following:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-6CF0E33EE8AA1E3DB414700278333141">
<wsse:Username>TEST/wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
However, I would like to change the SOAP header to be:
<soap:Header>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken>
<Username>TEST</Username>
</UsernameToken>
</Security>
Where in Mule do I need to add the below?
<set-property propertyName="soap.Authorization"
value="<auth>Bearer MWYxMDk4ZDktNzkyOC00Z</auth>"/>
Does the above need to be added in the ws:consumer-config below?
<ws:consumer-config name="WSConsumerConfig" wsdlLocation="${wsdl.location}"
service="aService" port="aServiceHttpPort" serviceAddress="${service.url}"
connectorConfig="HTTPRequestConfig" doc:name="Web Service Consumer">
I have fixed by adding a message-property-transformer just before the call to the ws-consumer:
<message-properties-transformer doc:name="Message Properties">
<add-message-property key="soap.header" value="${web.service.username.token}"/>
</message-properties-transformer>
I'm using SOAPUI tool to access JAX-WS web services deployed in Weblogic 10.3.2
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.pc3.polk.com/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-12-03T21:10:43Z</wsu:Created>
<wsu:Expires>2010-12-03T21:44:03Z</wsu:Expires>
</wsu:Timestamp>
<wsu:Timestamp wsu:Id="Timestamp-60" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2010-12-03T20:10:39Z</wsu:Created>
<wsu:Expires>2010-12-03T20:43:59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-59" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>rwerqre</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ewrqwrwerqer</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Nmw0ksmiOX+hkiSoWb2Rjg==</wsse:Nonce>
<wsu:Created>2010-12-03T20:10:39.649Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ws:getMetadata/>
</soapenv:Body>
</soapenv:Envelope>
Response:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>SOAP-ENV:MustUnderstand</faultcode>
<faultstring>MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood</faultstring>
</SOAP-ENV:Fault>
</S:Body>
</S:Envelope>
You can configure a dummy SOAPHandler for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security that would mark this header as 'understood'.
Or you could change the SOAP request (on the caller side) to set mustUnderstand="0" in the security header.
Example security SOAP header with mustUnderstand="0":
<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security S:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</S:Header>
After much research, this article solves this issue.
http://dwuysan.wordpress.com/2012/04/02/jax-ws-wsimport-and-the-error-mustunderstand-headers-not-understood/#comment-215
As per WS security specification:
The processor MUST, after decrypting the encrypted header block, process the decrypted header block according to the SOAP processing guidelines. The receiver MUST raise a fault if any content required to adequately process the header block remains encrypted or if the decrypted SOAP header is not understood and the value of the S12:mustUnderstand or S11:mustUnderstand attribute on the decrypted header block is true. Note that in order to comply with SOAP processing rules in this case, the processor must roll back any persistent effects of processing the security header, such as storing a received token.
So please check Configuration of CallbackHandlers.
Issue is with the Handlers. You need to add following in handler implementation
public Set<QName> getHeaders() {
final QName securityHeader = new QName(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
"Security",
"wsse");
final HashSet headers = new HashSet();
headers.add(securityHeader);
return headers;
}
In SOAP UI Navigator,
right-click your project->Show Project View->WS-Security Configurations->Outgoing WS-Security Configurations
Uncheck Must Understand, and then send request.