I'm working on a Spring-WS project and I'm trying to consume a certain SOAP service but I'm getting some issues with the request's Header tag.
PS: I ran the same request on SOAP UI and it works perfectly.
This is the code I ran:
JAXBElement<ChangeOtherIDsRequestType> request = createRequestBody();
WebServiceTemplate template = new WebServiceTemplate(marshaller);
template.setDefaultUri(URI);
#SuppressWarnings({ "unchecked" })
JAXBElement<ChangeOtherIDsResponseType> response = (JAXBElement<ChangeOtherIDsResponseType>) template
.marshalSendAndReceive(request, new WebServiceMessageCallback() {
#Override
public void doWithMessage(WebServiceMessage message) {
Instant instant = Instant.now();
SaajSoapMessage saajSoapMessage = (SaajSoapMessage) message;
SOAPMessage soapMessage = saajSoapMessage.getSaajMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
try {
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
Name headerElementName = soapEnvelope.createName("Security", "wsse",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
// Add "Security" soapHeaderElement to soapHeader
SOAPHeaderElement soapHeaderElement = soapHeader.addHeaderElement(headerElementName);
soapHeaderElement.setMustUnderstand(true);
soapHeaderElement.addNamespaceDeclaration("wsu",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
// Add usernameToken to "Security" soapHeaderElement
SOAPElement usernameTokenSOAPElement = soapHeaderElement.addChildElement("UsernameToken",
"wsse");
// Add username to usernameToken
QName userQname = soapHeaderElement.createQName("Username", "wsse");
SOAPElement userNameSOAPElement = usernameTokenSOAPElement.addChildElement(userQname);
userNameSOAPElement.addTextNode("username");
// Add password to usernameToken
QName passwordQname = usernameTokenSOAPElement.createQName("Password", "wsse");
SOAPElement passwordSOAPElement = usernameTokenSOAPElement.addChildElement("Password");
passwordSOAPElement.setAttribute("Type",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
passwordSOAPElement.addTextNode("password");
// Add Nonce to usernameToken.
QName nonceQname = soapHeaderElement.createQName("Nonce", "wsse");
SOAPElement nonceSOAPElement = usernameTokenSOAPElement.addChildElement("Nonce");
nonceSOAPElement.setAttribute("EncodingType",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
// Add Created to usernameToken.
QName createdQname = soapHeaderElement.createQName("Created", "wsu");
SOAPElement createdElement = usernameTokenSOAPElement.addChildElement(createdQname);
createdElement.addTextNode(instant.toString());
} catch (SOAPException | UnsupportedEncodingException e) {
e.printStackTrace();
}
}
});
template.marshalSendAndReceive(URI, request);
This code is supposed to add the Header tag in the request and it serves to authenticate the user through "username" and "password".
The result I'm expecting is the same that is generated by SOAP UI for the same request. The result is this:
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-C17C5A667A3F11A8DA153735499778322">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Tl6jznnHitsSE9F16FWTsw==</wsse:Nonce>
<wsu:Created>2018-09-19T11:03:17.783Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
But the result I'm getting looks like this:
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
<Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"> </Nonce>
<wsu:Created>2018-09-19T11:02:21.918Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
Let's see that there are some things that are missing in my result such as:
"wsse" prefix on the tags "Password" and "Nonce".
"UsernameToken" attribute on the "Username" tag.
The value of "Nonce" tag.
I faced some issues when trying to fix these things but I still have some problems:
When I try to add "wsse" prefix to "Username" and "Nonce" tags: the whole "Header" tag dissapears. (I used the same technique as in the "Username" tag)
How does SOAP UI generate the "Nonce" value ?
How does SOAP UI generate the "UsernameToken" value ?
Last resort, is there another way to mock the SOAP UI request ?
Thanks in advance.
You are trying to shoehorn security into your request whereas there is an interceptor and default way of doing that. Configure the Wss4jSecurityInterceptor for your WebServiceTemplate.
Something like the following should do the trick.
#Bean
public Wss4jSecurityInterceptor securityInterceptor() {
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementUsername("username");
interceptor.setSecurementPassword("password");
interceptor.setSecurementUsernameTokenNonce(true);
interceptor.setSecurementActions("UsernameToken Timestamp");
return interceptor;
}
Then inject this into your WebServiceTemplate. That should add the needed headers without you having to do anything else. Ideally you would configure the WebServiceTemplate once and reuse it.
#Bean
public WebServiceTemplate webServiceTemplate(Marshaller marshaller) {
WebServiceTemplate wsTemplate = new WebServiceTemplate(marshaller);
wsTemplate.setInterceptors(new ClientInterceptor[]{ securityInterceptor() });
return wsTemplate;
}
Then use the pre configured WebServiceTemplate in your code.
Related
I need to add header elements to a Soap Request, but the child elements inside the header dont have any prefix defined. When I try to add the element without specifing a prefix, this throws a exception.
private SOAPHeader addSecuritySOAPHeader(SOAPMessageContext context) {
SOAPEnvelope envelope = context.getMessage().getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration("S", "http://schemas.xmlsoap.org/soap/envelope/");
envelope.addNamespaceDeclaration("SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");
SOAPEnvelope header = envelope.getHeader();
// ACTION NODE
SOAPElement action = header.addChildElement("Action");
return header;
}
Last line produces next exception
"com.sun.xml.messaging.saaj.SOAPExceptionImpl: HeaderElements must be namespace qualified"
Heaser i need to create:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<Action xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://cgbridge.rategain.com/2011A/ReservationService/HotelResNotif</Action>
</S:Header>
..............
</S:Envelope>
If I include any prefix, like S, request fail, server response with "Bad request"
How can i add a "clean" Action node?
Is I add a prefix in action:
SOAPElement action = header.addChildElement("Action","S");
Service responses with a "Bad request" message.
<S:Action xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://cgbridge.rategain.com/2011A/ReservationService/HotelResNotif</S:Action>
Any help, please?
This should work:
#Test
public void someTest() throws Exception {
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage soapMessage = messageFactory.createMessage();
SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
var header = soapEnvelope.getHeader();
var actionElement = header.addChildElement("Action", "prefix", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
actionElement.addTextNode("http://cgbridge.rategain.com/2011A/ReservationService/HotelResNotif");
ByteArrayOutputStream out = new ByteArrayOutputStream();
soapMessage.writeTo(out);
System.out.println(new String(out.toByteArray()));
}
Prints:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><prefix:Action xmlns:prefix="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://cgbridge.rategain.com/2011A/ReservationService/HotelResNotif</prefix:Action></SOAP-ENV:Header><SOAP-ENV:Body/></SOAP-ENV:Envelope>
I've been trying to write a webservice client using Apache Axis in Intellij Idea 13 and having some difficulties. I already can connect that webservice with a .net c# project and now i need to achieve that with java. WebService wants username and password within a security header.
Here is the response from WebService:
nested fault: No Username Security Token found in the WS block with actor: current actor
Here is the code that i use.
SomeWebServiceServiceLocator locator = new SomeWebServiceServiceLocator();
SomeWebServicePortBindingStub stub = (SomeWebServicePortBindingStub) locator.getSomeWebServicePort();
stub.setUsername("usr111");
stub.setPassword("pass111");
SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
javax.xml.soap.SOAPPart sOAPPart = soapMessage.getSOAPPart();
SOAPEnvelope envelope = sOAPPart.getEnvelope();
SOAPHeader header = envelope.getHeader();
if (header == null) {
System.out.println("no header yet, create one");
header = envelope.addHeader();
}
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
Name tUserTokenElementName = envelope.createName("UsernameToken", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement tUserTokenElement = security.addChildElement(tUserTokenElementName);
tUserTokenElement.removeNamespaceDeclaration("wsse");
tUserTokenElement.addNamespaceDeclaration("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
//
tUserTokenElement.addAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "u"), "UsernameToken-usr111");
// user name child
Name tUsernameElementName = envelope.createName("Username", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement tUsernameElement = tUserTokenElement.addChildElement(tUsernameElementName);
tUsernameElement.removeNamespaceDeclaration("wsse");
tUsernameElement.addTextNode("usr111");
// password child
Name tPasswordElementName = envelope.createName("Password", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement tPasswordElement = tUserTokenElement.addChildElement(tPasswordElementName);
tPasswordElement.removeNamespaceDeclaration("wsse");
tPasswordElement.addTextNode("pass111");
tPasswordElement.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
Element assertion = (Element) security;
SOAPHeaderElement header0 = new SOAPHeaderElement(assertion);
stub.setHeader(header0);
That code generates following header.
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:actor="" soapenv:mustUnderstand="0" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken wsu:Id="UsernameToken-usr111" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>usr111</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass111</wsse:Password>
</wsse:UsernameToken> </wsse:Security>
I also trace the working .net cs application's connection with Fiddler but failed to trace my java call. Here is the working request's header.
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo1zQ7/YYhJpArMKDUdofV4QAAAAAvGLoItf+KkC8k4KQjqtXUK0D00UQcXJBtCFGkgP0qBkACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-de9cefc3-6ab9-407f-8658-7ecf007559bc-17">
<o:Username>usr111</o:Username>
<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass111</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
Also here's a example xml provided from webservice owner
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-11111111" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>someuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
There is also two .crt certificates provided by owner of webservice. I added them to the javakeystore but it helps nothing.
Finally i can't request that webservice with SoapUI.
Okay, if somebody else faces with this kind of error, this method below worked for me. I can't remember where i found this but thanks to the owner. . thanks to him.
void addWsSecurityHeader(org.apache.axis.client.Stub binding, String wsUser,String wsPass)throws SOAPException {
// Create the top-level WS-Security SOAP header XML name.
QName headerName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
SOAPHeaderElement header = new SOAPHeaderElement(headerName);
// no intermediate actors are involved.
header.setActor(null);
// not important, "wsse" is standard
header.setPrefix("wsse");
header.setMustUnderstand(true);
// Add the UsernameToken element to the WS-Security header
SOAPElement utElem = header.addChildElement("UsernameToken");
SOAPElement userNameElem = utElem.addChildElement("Username");
userNameElem.removeContents();
userNameElem.setValue(wsUser);
SOAPElement passwordElem = utElem.addChildElement("Password");
passwordElem.setValue(wsPass);
// Finally, attach the header to the binding.
binding.setHeader(header);
}
Also for tracing what i send and recieve i used this
I am trying to hit a webservice using spring-ws, but the webservice producer requires a custom element in the soap header. I am very new to webservices, and am having trouble trying to inject the values into the soap header. I am using XMLBeans to transform from xsd to java and also to do the marshaling and unmarshaling. I have constructed the xmlbean document and set all values for the custom header element, I just need to get the document or maybe even just the element attached to that document to be injected into the soap header. Listed below is the wsdl (just header) in soapui (what I used to learn and do initial testing)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://www.ups.com/XMLSchema/XOLTWS/UPSS/v1.0" xmlns:v11="http://www.ups.com/XMLSchema/XOLTWS/Rate/v1.1" xmlns:v12="http://www.ups.com/XMLSchema/XOLTWS/Common/v1.0">
<soapenv:Header>
<v1:UPSSecurity>
<v1:UsernameToken>
<v1:Username>name</v1:Username>
<v1:Password>password</v1:Password>
</v1:UsernameToken>
<v1:ServiceAccessToken>
<v1:AccessLicenseNumber>accesskey</v1:AccessLicenseNumber>
</v1:ServiceAccessToken>
</v1:UPSSecurity>
</soapenv:Header>
I found a solution that works, and isn't much code. I had to ditch using xmlbeans, and just create the elements, but at least the functionality is there and the webservice calls works.
#Override
public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException
{
try
{
SOAPMessage soapMessage = ((SaajSoapMessage)message).getSaajMessage();
SOAPHeader header = soapMessage.getSOAPHeader();
SOAPHeaderElement soapHeaderElement = header.addHeaderElement(new QName("http://www.ups.com/XMLSchema/XOLTWS/UPSS/v1.0", "UPSSecurity", "v1"));
SOAPEnvelope envelope = soapMessage.getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration("v1", "http://www.ups.com/XMLSchema/XOLTWS/UPSS/v1.0");
SOAPElement usernameToken = soapHeaderElement.addChildElement("UsernameToken", "v1");
SOAPElement username = usernameToken.addChildElement("Username", "v1");
SOAPElement password = usernameToken.addChildElement("Password", "v1");
SOAPElement serviceAccessToken = soapHeaderElement.addChildElement("ServiceAccessToken", "v1");
SOAPElement accessLicenseNumber = serviceAccessToken.addChildElement("AccessLicenseNumber", "v1");
username.setTextContent("username");
password.setTextContent("password");
accessLicenseNumber.setTextContent("key");
}
catch (SOAPException e)
{
e.printStackTrace();
}
}
You can marshal to a SoapHeader's Result, like so:
SoapMessage msg = ...
SoapHeader header = msg.getSoapHeader();
XmlBeansMarshaller marshaller = ...
MyXmlBeansDocument doc = ...
marshaller.marshal(doc, header.getResult());
You can convert an XmlObject (XmlBeans model) to a SOAPElement using the following factory method:
YourModel xmlObject = YourModelDocument.Factory.newInstance().addNewYourModel();
SOAPElement soapElement = SOAPFactory.newInstance()
.createElement((Element) xmlObject.getDomNode());
The XmlObject must be part of a document otherwise getDomNode() will return an XmlFragment rather than an Element.
Once converted to a SOAP element, the XML can be added to most parts of a SOAPMessage using addChildElement(). For example:
SOAPMessage soapMessage = MessageFactory.newInstance().createMessage();
soapMessage.getSOAPBody().addChildElement(soapElement);
I am trying to call a webservice from java. This is basically not that difficult, except that the webservice expects some security in the form of a username and password and a nonce.
When I try to call the webservice from SoapUi, I see that the raw message looks like this:
<soapenv:Envelope xmlns:sch="http://somedomain.com/pe/ws/schema"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-E70691ACBDEFEC750814238295617871">
<wsse:Username>usr</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
>pw</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>4smQZF5KMSktEXrQc0v5yw==</wsse:Nonce>
<wsu:Created>2015-02-13T12:12:41.784Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<sch:EventSubmitRequest>
<sch:Event>
<sch:EventId>392</sch:EventId>
<sch:Recoverable>false</sch:Recoverable>
</sch:Event>
</sch:EventSubmitRequest>
</soapenv:Body>
</soapenv:Envelope>
The obvious elements in the message are the Username, Password and Created, but what puzzles me is the nonce. In the example this field has the value 4smQZF5KMSktEXrQc0v5yw==, but this value difference upon each request (which makes sense, since according to wikipedia, a nonce is an arbitrary number used only once). When searching around, I can't find any usable examples of how to generate the nonce in java (Although I did find some php examples here on stack overflow, but I can't easily verify weather they work) . While I don't mind construction this nonce myself, I'm wondering if this is really necessary, I kind of would expect this to be standard functionality in java.
Below is the code I'm using:
import java.text.SimpleDateFormat;
import java.util.Calendar;
import javax.xml.namespace.QName;
import javax.xml.soap.*;
import javax.xml.transform.*;
import javax.xml.transform.stream.*;
public class soaptest {
public static void main(String args[]) {
try {
// Create SOAP Connection
SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
SOAPConnection soapConnection = soapConnectionFactory.createConnection();
// Send SOAP Message to SOAP Server
String url = "http://142.10.10.52:8080/pe/ws/pe/";
SOAPMessage soapResponse = soapConnection.call(createSOAPRequest(), url);
// Process the SOAP Response
printSOAPResponse(soapResponse);
soapConnection.close();
} catch (Exception e) {
System.err.println("Error occurred while sending SOAP Request to Server");
e.printStackTrace();
}
}
private static SOAPMessage createSOAPRequest() throws Exception {
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage soapMessage = messageFactory.createMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
SOAPHeader header = soapMessage.getSOAPHeader();
SOAPElement security = header.addChildElement("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
SOAPElement usernameToken = security.addChildElement("UsernameToken", "wsse");
usernameToken.addAttribute(new QName("xmlns:wsu"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPElement username = usernameToken.addChildElement("Username", "wsse");
username.addTextNode("usr");
SOAPElement password = usernameToken.addChildElement("Password", "wsse");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.addTextNode("pw");
SOAPElement nonce = usernameToken.addChildElement("Nonce", "wsse");
nonce.setAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
nonce.addTextNode("???");
SOAPElement created = usernameToken.addChildElement("Created", "wsse");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
Calendar c1 = Calendar.getInstance();
created.addTextNode(sdf.format(c1.getTime()));
String serverURI = "http://somedomain.com/pe/ws/schema";
envelope.addNamespaceDeclaration("sch", serverURI);
// SOAP Body
SOAPBody soapBody = envelope.getBody();
SOAPElement soapBodyElem = soapBody.addChildElement("EventSubmitRequest", "sch");
SOAPElement soapBodyElem1 = soapBody.addChildElement("Event", "sch");
soapBodyElem.addChildElement(soapBodyElem1);
SOAPElement soapBodyElem2 = soapBodyElem1.addChildElement("EventId", "sch");
soapBodyElem2.addTextNode("392");
SOAPElement soapBodyElem3 = soapBodyElem1.addChildElement("Recoverable", "sch");
soapBodyElem3.addTextNode("false");
MimeHeaders headers = soapMessage.getMimeHeaders();
headers.addHeader("SOAPAction", serverURI + "EventSubmitRequest");
soapMessage.saveChanges();
/* Print the request message */
System.out.print("Request SOAP Message = ");
soapMessage.writeTo(System.out);
System.out.println();
return soapMessage;
}
/**
* Method used to print the SOAP Response
*/
private static void printSOAPResponse(SOAPMessage soapResponse) throws Exception {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer();
Source sourceContent = soapResponse.getSOAPPart().getContent();
System.out.print("\nResponse SOAP Message = ");
StreamResult result = new StreamResult(System.out);
transformer.transform(sourceContent, result);
}
}
The Oasis reference for the UsernameToken helped me fill in some of the blanks. Pages 7,8,9 are most appropriate in this case. In particular these sections
/wsse:UsernameToken/wsse:Nonce
This optional element specifies a cryptographically random nonce. Each message
including a element MUST use a new nonce value in order for web
service producers to detect replay attacks.
and
/wsse:UsernameToken/wsse:Nonce/#EncodingType
This optional attribute URI specifies the encoding type of the nonce (see the definition of
<wsse:BinarySecurityToken> for valid values). If this attribute isn't specified then
the default of Base64 encoding is used.
In regards to generating the 'cryptographically random' nonce, can suggest you use this answer and then create an encoded string from it. Base64 encoding in your case, as that is the encodingType you are using in your XML request above.
For Spring WS users: check securityPolicy.xml contains line
<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="true" />
It fixes exception Receiver Requirement for nonce has not been met for SoapUi.
In case there is no "nonce" in request, set
nonceRequired="false"
I am trying to use SharePoint Web service to retrieve list changes but there seems to be a namespace conflict between what the jax-ws client generates and what SharePoint will accept. Below is the xml that is generated by jax-ws.
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<GetListItemChanges xmlns="http://schemas.microsoft.com/sharepoint/soap/">
<listName>Documents</listName>
<viewFields>
<FieldRef Name="Modified"/>
<FieldRef Name="_CheckinComment"/>
<FieldRef Name="Title"/>
<FieldRef Name="Created"/>
</viewFields>
<since>1970-01-01T00:00:00</since>
<contains/>
</GetListItemChanges>
</S:Body>
</S:Envelope>
i need to remove the xmlns="http://schemas.microsoft.com/sharepoint/soap/" from GetListItemChanges. I have tried the following (and various permutations thereof) but the changes seem to be ignored. The xmlns is removed when debugging but the output xml does not change.
public class SharePointSoapHandler implements SOAPHandler<SOAPMessageContext> {
...
#Override
public boolean handleMessage(SOAPMessageContext p_soapMessageContext) {
try {
SOAPMessage l_soapMessage = p_soapMessageContext.getMessage();
l_soapMessage.getSOAPBody().getFirstChild().getAttributes().removeNamedItem("xmlns");
l_soapMessage.saveChanges();
ByteArrayOutputStream l_outputStream = new ByteArrayOutputStream();
l_soapMessage.writeTo(l_outputStream);
m_logger.info(new String(l_outputStream.toByteArray()));
} catch (Exception ex) {
m_logger.error("Soap exception modifying xml for request", ex);
}
return true;
}
}
Am I missing something? Is there a better way to accomplish this or do I need to generate the xml by hand?
EDIT: A valid soap request using soap ui. jax-ws drops the second prefix and moves the xmlns attribute.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.microsoft.com/sharepoint/soap/">
<soapenv:Header/>
<soapenv:Body>
<soap:GetListItemChanges>
<!--Optional:-->
<soap:listName>Shared Documents</soap:listName>
...
<soap:since>2012-02-15T00:00:00</soap:since>
</soap:GetListItemChanges>
</soapenv:Body>
</soapenv:Envelope>
See Changing the default XML namespace prefix generated with JAXWS for using a handler to intercept the soap and modify it as needed; also a useful technique for debugging the soap as its sent over the wire.
you can also set the namespace declarations in the soap header like so:
SOAPMessage request = factory.createMessage();
SOAPEnvelope envelope = request.getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration("uri", "uri:foo.bar.com");
request.saveChanges();
and then create elements with the namespace prefix like this:
SOAPBody body = request.getSOAPBody();
SOAPElement ping = body.addChildElement("foo", "uri");
without setting the declaration in the header first, adding the element with the prefix will fail.
doing things this way seems to circumvent having the namespace declaration hanging off of body nodes, which was breaking what i was trying to do.
here's my jUnit test that i used to verify this works:
public void testPing() throws Exception {
String endpoint = "http://www.foo.bar/ws/someWebservice";
QName port = new QName(endpoint, "uri");
QName serviceName = new QName(endpoint, "someWebserviceMethod");
Service service = Service.create(serviceName);
service.setHandlerResolver(new MyHandlerResolver());
service.addPort(port, SOAPBinding.SOAP11HTTP_BINDING, endpoint);
Dispatch<SOAPMessage> dispatch = service.createDispatch(port, SOAPMessage.class, Service.Mode.MESSAGE);
MessageFactory factory = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL);
SOAPMessage request = factory.createMessage();
SOAPEnvelope envelope = request.getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration("uri", "uri:bar.foo");
request.saveChanges();
SOAPBody body = request.getSOAPBody();
SOAPElement element = body.addChildElement("someRequestElement", "uri");
SOAPElement child = ping.addChildElement("someRequestChild");
SOAPElement text_node = child.addChildElement("someTextNode");
messageType.addTextNode("test text");
request.saveChanges();
System.out.println();
request.writeTo(System.out);
System.out.println();
Object o = dispatch.invoke(request);
System.out.println("ret: " + o.toString());
assertNotNull( o );
}