I have been working on integrating a SOAP API with my Spring API. I have to add headers to my request,but i'm getting this is,
Could not complete request
org.springframework.ws.soap.client.SoapFaultClientException: No WS-Security header found
Please find my code below
public String createSaleOrder(Suborder suborder)
{
SaleOrder saleorder = new SaleOrder();
saleorder = setSaleOrderObject(suborder);
CreateSaleOrderRequest request = new CreateSaleOrderRequest();
request.setSaleOrder(saleorder);
this.getWebServiceTemplate().marshalSendAndReceive(uri, request,
new WebServiceMessageCallback() {
public void doWithMessage(WebServiceMessage message) throws IOException, TransformerException
{
SoapMessage soapmessage = (SoapMessage)message;
SoapHeader header = soapmessage.getSoapHeader();
StringBuilder soapheader = new StringBuilder();
soapheader.append("<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://wewewqdad.com/services/\">");
soapheader.append("<soapenv:Header>");
soapheader.append("<wsse:Security soapenv:mustUnderstand=\"1\" xmlns:wsse=\"http://docs.oasis-open.asdasda-1.0.xsd\"> ");
soapheader.append("<wsse:UsernameToken wsu:Id=\"UsernameToken-2\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oaasdasd-dasdasd-1.0.xsd\">");
soapheader.append("<wsse:Username>username</wsse:Username>");
soapheader.append("<wsse:Password Type=\"http://docs.aseasdasd-wss-username-token-profile-1.0#PasswordText\">password</wsse:Password>");
soapheader.append("<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">VMEZT//J0bZw7HfZZyXAZQ==</wsse:Nonce>");
soapheader.append("<wsu:Created>2014-09-04 T1015.41.649Z</wsu:Created>");
soapheader.append("</wsse:UsernameToken>");
soapheader.append("</wsse:Security>");
soapheader.append("</soapenv:Header>");
soapheader.append("<soapenv:Body>");
soapheader.append("</soapenv:Body>");
soapheader.append("</soapenv:Envelope>");
StringSource HeaderSource = new StringSource(soapheader.toString());
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(HeaderSource,header.getResult());
}
});
return "Pushed";
}
UPDATE
The header is set. But the request object now contains extra tags which is not required and hence throwing errors. And also the tags like how can we change these to
Raw soaprequest is given below :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><soapenv:Envelope xmlns:ser="http://abc.efg.com/services/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/asdasdasd-1.0.xsd" soapenv:mustUnderstand="1"> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2"><wsse:Username>asdasdasd</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oaasdasda-1.0#PasswordText">adsasdasdasda</wsse:Password><wsse:Nonce EncodingType="http://dasdasda004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">VMESASDASZT//asdasdasd</wsse:Nonce><wsu:Created>2014-09-04 T1015.41.649Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header></soapenv:Envelope></SOAP-ENV:Header><SOAP-ENV:Body><ns2:CreateSaleOrderRequest xmlns:ns2="http://asdasd.com/services/"><ns2:SaleOrder><ns2:DisplayOrderCode>156</ns2:DisplayOrderCode></ns2:SaleOrder></ns2:CreateSaleOrderRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>
In your soapHeader you wrote more than the actual header but the whole Soap Envelope. Not sure this is expected.
Anyway, you could use a library to handle WS Security like WSS4J (often included in other frameworks).
Related
I created a proxy-camel which accepts SOAP (over HTTP) and RESTful requests and forwards them to the correct web service. The Camel is unaware of message-structure, it doesn't know the WSDL or anything, it just knows if it is SOAP or not according to a http header. There is no CXF endpoint.
Further it does some Processing. Exception can occur inside there, for example when a service is not found or the url is invalid.
Is there an easy way to return a valid SOAPFault directly from this camel?
I tried to write a simple processor which is called onException. It looks like this:
.choice().when().header("SOAP").processRef(ExceptionToSoapProcessor())
The Processor that should transform any Exception into a SOAPFault looks like this
#Override
public void process(Exchange exchange) throws Exception {
Exception exception = (Exception) exchange.getProperty(Exchange.EXCEPTION_CAUGHT);
Integer responseCode = (Integer) exchange.getOut().getHeader(Exchange.HTTP_RESPONSE_CODE);
QName qName = SoapFault.FAULT_CODE_SERVER;
if (responseCode != null && responseCode < 500) {
qName = SoapFault.FAULT_CODE_CLIENT;
}
SoapFault fault = new SoapFault(exception.getMessage(), qName);
Message outMessage = exchange.getOut();
outMessage.setHeader(Message.RESPONSE_CODE, 500);
outMessage.setFault(true);
outMessage.setBody(fault);
exchange.setException(null);
exchange.removeProperty(Exchange.EXCEPTION_CAUGHT);
exchange.setProperty(Exchange.EXCEPTION_HANDLED, true);
}
But now I don't understand how I will marshal it, the response looks like this:
org.apache.cxf.binding.soap.SoapFault: Unauthorized
("Unauthorized" is the actual message)
PS: I used the dataformat SOAP before, but as mentioned, I don't have any ServiceInterface in this Camel.
I would move the handling of the error scenario to an onException() block. That way you can "declare" some of the behavior, like marking the exception as handled. IMHO makes it a little cleaner.
Just returning the SOAP fault would not result in a valid SOAP response. You have to build the complete message structure. I don't think there is a type converter for SOAP messages to a text stream, so you have to marshal the SOAP response yourself.
This is the code I am using to do the job:
<onException>
<exception>java.lang.Exception</exception>
<handled>
<constant>true</constant>
</handled>
<bean beanType="some.package.WSHelper" method="createSOAPFaultServerError" />
</onException>
public static String createSOAPFaultServerError(final Exception cause) {
String result = null;
LOG.error("Creating SOAP fault, hiding original cause from client:", cause);
try {
SOAPMessage message = MessageFactory.newInstance().createMessage();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
SOAPBody body = message.getSOAPBody();
SOAPFault fault = body.addFault();
fault.setFaultCode("Server");
fault.setFaultString("Unexpected server error.");
Detail detail = fault.addDetail();
Name entryName = envelope.createName("message");
DetailEntry entry = detail.addDetailEntry(entryName);
entry.addTextNode("The server is not able to complete the request. Internal error.");
result = soapMessage2String(message);
} catch (Exception e) {
LOG.error("Error creating SOAP Fault message", e);
}
return result;
}
private static String soapMessage2String(final SOAPMessage message) throws SOAPException, IOException {
String result = null;
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
message.writeTo(outStream);
result = new String(outStream.toByteArray(), StandardCharsets.UTF_8);
return result;
}
HTH
When I add soap headers from handler.handlResponse(), I can see the headers added in the handler but these headers do not make it to the client.
Here is my handleResponse() method.
public static final String WEB_SERVICE_NAMESPACE_PREIFX = "dm";
public static final String WEB_SERVICE_NAMESPACE_URI = "urn:com.qwest.dms.dto";
public boolean handleResponse(MessageContext context)
{
logger.debug("TransactionLoggerHandler.handleResponse invoked");
try
{
SOAPMessageContext soapContext;
soapContext = (SOAPMessageContext)context;
SOAPMessage message = soapContext.getMessage();
SOAPHeader soapHeader = message.getSOAPHeader();
String version = "version";
SOAPHeaderElement header;
SOAPFactory soapFactory;
Name name;
logger.debug("Adding soap header ["+version+"] with value [2.0].");
soapHeader.addNamespaceDeclaration(Constants.WEB_SERVICE_NAMESPACE_PREIFX, Constants.WEB_SERVICE_NAMESPACE_URI)
SOAPHeaderElement headerElement
= (SOAPHeaderElement)message.getSOAPPart().getEnvelope().getHeader().addChildElement(
"version",
Constants.WEB_SERVICE_NAMESPACE_PREIFX,
Constants.WEB_SERVICE_NAMESPACE_URI );
headerElement.addTextNode("2.0");
String headerName="protocol";
String headerValue="2.0.0";
logger.debug("Adding soap header ["+headerName+"] with value ["+headerValue+"].");
soapFactory = SOAPFactory.newInstance();
name = soapFactory.createName(headerName,
Constants.WEB_SERVICE_NAMESPACE_PREIFX,
Constants.WEB_SERVICE_NAMESPACE_URI );
header = soapHeader.addHeaderElement( name );
header.addTextNode(headerValue);
message.saveChanges();
DmsUtil.printSOAPMessage(message);
logger.debug("Soap header ["+version+"] with value [2.0] added.");
}
catch (Exception e)
{
logger.error(e);
}
return true;
}
I see the output from this method as the following:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header xmlns:dm="urn:com.qwest.dms.dto">
<dm:version>2.0</dm:version>
<dm:protocol>2.0.0</dm:protocol>
</env:Header>
<env:Body>
From the Client i get the following:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
</env:Envelope>
I am not sure why these headers not sent over the wire. Any help is appreciated. BTW, I am using jax rpc webservices under jboss4 (I know, i have to upgrade this but can not due to some constraints :( ).
Hi! I'm trying to add a header to a SOAP call.
I'm new at working with web services.
Every time I need to use the web service for download a file, I need to add a header like:
<UserIdHeader xmlns="http://www.stats.com/">
<TicketId>defe3a08-4c8a-47c4-9303-98e09c475532</TicketId>
</UserIdHeader>
I'm using CXF. I have one example made with Axis 1.4.
The only thing that is remaining (I hope) is to add this header.
This is what I have to update:
private static void addHeader(String ticketId) {
SOAPHeaderElement header = new SOAPHeaderElement("http://www.stats.com/", "UserIdHeader");
SOAPElement node;
org.apache.axis.client.Stub s = (Stub) service;
s.clearHeaders();
try {
node = header.addChildElement("TicketId");
node.addTextNode(ticketId);
s.setHeader((org.apache.axis.message.SOAPHeaderElement) header);
} catch (SOAPException e) {
e.printStackTrace();
}
}
And this is how I tried to update that:
private static void addHeader(String ticketId) throws JAXBException, ParserConfigurationException {
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element eTicketId = doc.createElement("TicketId");
eTicketId.setTextContent(ticketId);
List<Header> headers = new ArrayList<Header>();
Header header = new Header(new QName("http://www.stats.com/", "UserIdHeader"), eTicketId,
new JAXBDataBinding(String.class));
headers.add(header);
BindingProvider.class.cast(service).getRequestContext().put(Header.HEADER_LIST, headers);
}
But I'm getting the following exception:
[PhaseInterceptorChain] Interceptor for {http://www.stats.com/}Service#{http://www.stats.com/}GetFileList has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Marshalling Error: org.apache.xerces.dom.ElementImpl is not known to this context
at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(JAXBEncoderDecoder.java:261)
at org.apache.cxf.jaxb.io.DataWriterImpl.write(DataWriterImpl.java:168)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.writeSoapEnvelopeStart(SoapOutInterceptor.java:156)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:81)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:61)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
I tried even add an interceptor, but I didn't know how to pass the ticketId.
Any idea?
If you are creating a DOM element, you shouldn't set a databinding into the Header object. You only need the Databinding if you are using a JAXB (or other) type. CXF handles DOM elements directly.
This is how I have the method working (for some reason, with the previous approach the header wasn't written):
private static void addHeader(String ticketId) {
try {
SOAPFactory sf = SOAPFactory.newInstance();
SOAPElement userIdHeaderElement = sf.createElement(new QName("http://www.stats.com/", "UserIdHeader"));
SOAPElement ticketIdElement = sf.createElement(new QName(null, "TicketId"));
ticketIdElement.addTextNode(ticketId);
userIdHeaderElement.addChildElement(ticketIdElement);
List<Header> headers = new ArrayList<Header>();
Header dummyHeader = new Header(new QName("http://www.stats.com/"), userIdHeaderElement);
headers.add(dummyHeader);
BindingProvider.class.cast(service).getRequestContext().put(Header.HEADER_LIST, headers);
} catch (SOAPException e) {
e.printStackTrace();
}
}
I have a spring-ws (2.0.2) service I have implemented that requires some custom elements in the soap header. I am trying to use Spring's MockWebServiceClient to generate a valid request to test the dispatcher, marshallers, etc.
The problem I am getting is that the MockWebSerivce only seems to support the Soap Body (the payload).
How can I access the soap request being generated to get the right headers into it?
If there is a better library for doing this other than Spring's MockWebServiceClient, that would be fine too.
Related Links:
http://forum.springsource.org/showthread.php?101708-MockWebServiceClient-amp-WS-Security
Add SoapHeader to org.springframework.ws.WebServiceMessage
I had the similar problem when I wanted to test spring web service with Security, I ended up using the Spring Interceptors to modify the header before they reach end point, I enabled the interceptors only for testing.
Create an interceptor, I implemented the SmartEndpointInterceptor, You can use the other interceptors if you choose
public class ModifySoapHeaderInterceptor implements
SmartEndpointInterceptor
{
//WSConstants.WSSE_NS;
private static final String DEFAULT_SECURITY_URL = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
private static final String SECURITY_TAG = "Security";
private static final String SECURITY_PREFIX = "wsse";
private static final String USER_NAME_TOKEN = "UsernameToken";
#Override
public boolean handleRequest(MessageContext messageContext, Object endpoint)
throws Exception
{
SaajSoapMessage saajSoapMessage(SaajSoapMessage)messageContext.getRequest());
SOAPHeader soapHeader = saajSoapMessage.getSaajMessage().getSOAPPart()
.getEnvelope().getHeader();
//you can modify header's as you choose
Name headerElement = saajSoapMessage.getSaajMessage().getSOAPPart()
.getEnvelope()
.createName(SECURITY_TAG, SECURITY_PREFIX, DEFAULT_SECURITY_URL);
SOAPHeaderElement soapHeaderElement = soapHeader
.addHeaderElement(headerElement);
SOAPElement usernameToken = soapHeaderElement.addChildElement(
USER_NAME_TOKEN, SECURITY_PREFIX);
SOAPElement userNameElement = usernameToken.addChildElement("Username",
SECURITY_PREFIX);
userNameElement.addTextNode("userid");//you can inject via spring
SOAPElement passwordElement = usernameToken.addChildElement("Password",
SECURITY_PREFIX);
passwordElement.addTextNode("password");
return true;
}
}
Configure this interceptor in spring context
<sws:interceptors>
<bean class="prasanna.ws.security.wss4j.ModifySoapHeaderInterceptor"/>
</sws:interceptors>
This will add the necessary security headers to the message before it reaches the end point, You can still use MockWebServiceClient to test your web service.
As you noted, the MockWebServiceClient sendRequest() method only sets up the SOAP body with the payload given it. It does not touch the SOAP header.
To set up the SOAP header as well you can create a class that implements the RequestCreator interface and sets the SOAP header. Pass an instance of this class to the sendRequest() method.
For example:
class SoapActionCreator implements RequestCreator {
private final Source payload;
public SoapActionCreator(Source payload) {
this.payload = payload;
}
#Override
public WebServiceMessage createRequest(WebServiceMessageFactory webServiceMessageFactory)
throws IOException {
WebServiceMessage webServiceMessage =
new PayloadMessageCreator(payload).createMessage(webServiceMessageFactory);
SoapMessage soapMessage = (SoapMessage) webServiceMessage;
SoapHeader header = soapMessage.getSoapHeader();
// Add an Action element to the SOAP header
StringSource headerSource = new StringSource(
"<wsa:Action xmlns:wsa=\"http://www.w3.org/2005/08/addressing\">https://example.com/foo/bar</wsa:Action>");
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(headerSource, header.getResult());
return webServiceMessage;
}
}
Then use SoapActionCreator like this:
SoapActionCreator soapActionCreator = new SoapActionCreator(requestPayload);
mockClient.sendRequest(soapActionCreator).
andExpect(payload(responsePayload));
where requestPayload is the SOAP request body and responsePayload is the entire SOAP response (header and body).
I did find the smock library which does what I really wanted: just takes a text file with the whole request in it.
http://code.google.com/p/smock/wiki/SpringWs
It supports the same request and response matchers as the spring provided stuff. It also keeps my tests very self contained. (Rather than a whole new class that would only be used in my test cases.)
I'm trying to write an interceptor for a web service that will modify the contents of the Soap message before is sent on to the endpoint. If a client sent a message where the value of some element is 1, I want to be able to alter that element to a 2 so that, when the message arrives at the endpoint, it looks as if the client submitted a 2 instead of a 1. I'm not sure if this is a difficult task which is elluding me, or an easy task which I am making harder than it needs to be.
I have stepped through some of the Spring interceptors; but the validation and logging interceptors don't every alter the message that is in transit. The Wss4jSecurityInterceptor does add some properties to the MessageContext; but I haven't been able to leverage anything that it is doing. I have a shell of an interceptor; but nothing that is doing anything of any value.
public boolean handleRequest(MessageContext messageContext, Object endpoint)
throws Exception {
SaajSoapMessage saajSoapMessage = (SaajSoapMessage) messageContext
.getRequest();
SOAPMessage soapMessage = saajSoapMessage.getSaajMessage();
SOAPBody soapBody = soapMessage.getSOAPBody();
return true;
}
I was hoping there was a chance that soembody else had already solved this particular problem. Any insight would be appreciated. Thanks.
Modifying the payload is a little bit tricky. The only way I've found to make this work is to use the getPayloadSource() and getPayloadResult() methods on SoapBody, which expose javax.xml.transform-friendly objects for manipulating the data.
It's annoyingly heavyweight, but you can do something like this:
Transformer identityTransform = TransformerFactory.newInstance().newTransformer();
DOMResult domResult = new DOMResult();
identityTransform.transform(soapBody.getPayloadSource(), domResult);
Node bodyContent = domResult.getNode(); // modify this
identityTransform.transform(new DOMSource(bodyContent), soapBody.getPayloadResult());
I'd love to see a better way of doing this.
I modified the code in this answer to insert an <authentication/> element into all SOAP body requests:
#Override
public boolean handleRequest(MessageContext messageContext) throws WebServiceClientException {
logger.trace("Enter handleMessage");
try {
SaajSoapMessage request = (SaajSoapMessage) messageContext.getRequest();
addAuthn(request);
} catch (Exception e) {
logger.error(e.getMessage(),e);
}
return true;
}
protected void addAuthn(SaajSoapMessage request) throws TransformerException {
Transformer identityTransform = TransformerFactory.newInstance().newTransformer();
DOMResult domResult = new DOMResult();
identityTransform.transform(request.getPayloadSource(), domResult);
Node bodyContent = domResult.getNode();
Document doc = (Document) bodyContent;
doc.getFirstChild().appendChild(authNode(doc));
identityTransform.transform(new DOMSource(bodyContent), request.getPayloadResult());
}
protected Node authNode(Document doc) {
Element authentication = doc.createElementNS(ns, "authentication");
Element username = doc.createElementNS(ns, "username");
username.setTextContent(authn.getUsername());
Element password = doc.createElementNS(ns, "password");
password.setTextContent(authn.getPassword());
authentication.appendChild(username);
authentication.appendChild(password);
return authentication;
}
This solution was used because the WebServiceMessageCallback would require me to change the Document, and the SaajSoapMessageFactory is activated before the soap body has been inserted by the configured Jaxb2Marshaller.
I realized that it was easer to alter the request at a later point. I did not need to modify the original SOAP message, so long as I was able to modify the data before it reached my endpoint.
The endpoints I am working with all extend AbstractDom4jPayloadEndpoint - so I wrapped these endpoints in a proxy that allowed me to modify the request element before proceeding to my endpoint. i.e.:
public class MyProxyEndpoint extends AbstractDom4jPayloadEndpoint
#Override
protected Element invokeInternal(
Element requestElement,
Document responseDocument ) throws Exception
{
if( requestElement != null )
{
// alter request element
}
return ( Element ) this.invokeMethod.invoke(
this.target,
requestElement,
responseDocument );
}