I am trying to access a SOAP service. To do this I am creating the SOAP request manually (which I preefer). The problem is that when I do
URL urli = new URL("http://www.myserver.com//x/y/z/a/b/c/d/myUrlWS.jws");
HttpURLConnection c = (HttpURLConnection) urli.openConnection();
c.setRequestMethod("POST");
c.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
c.setRequestProperty("Content-Length", bytes.length+"");
c.setRequestProperty("SOAPAction", "");
...
c.getInputStream();
The thing is that the http header shows this way:
POST /x/y/z/a/b/c/d/myUrlWS.jws
...(reset of http header)...
SOAP Message
I am getting an error form the server and I think that the POST in the http should be like:
POST /
or
POST /action
or
POST /myUrlWS.jws
So I dont know how to change the POST parameter in the header. How do I do that without changing the connection URL/address?
EDIT - The SOAP Reply from server
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>[Server CodecHandler] Failed to decode
-> Unable to find xml element for parameter: documentos
</faultstring><detail><java:string xmlns:java="java.io">weblogic.wsee.codec.CodecException: Unable to find xml element for parameter: documentos
</java:string></detail></env:Fault></env:Body></env:Envelope>
FULL HTTP REQUEST
POST /x/y/z/a/b/c/d/myUrlWS.jws HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction:
User-Agent: Java/1.7.0_75
Host: wwwW.somehost.some.gov.br
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 2026
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:WL5G3N0="http://schemas.xmlsoap.org/wsdl/" xmlns:WL5G3N1="http://www.openuri.org/" xmlns:WL5G3N2="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:WL5G3N3="http://www.openuri.org/2006/12/wsdl/upgradedJWS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<WL5G3N1:enviarDados xmlns:WL5G3N1="http://www.openuri.org/">
<emitente>
<CNPJEmitente>11111111</CNPJEmitente>
<Email>my#email.com</Email>
</emitente>
<documentos>
<Documento>
<TipoPagamento>1</TipoPagamento>
<TipoDocumento>2</TipoDocumento>
<DataPagamento>13/04/15</DataPagamento>
<ItensPagamentos>
<ItemPagamento>
<TipoId>1</TipoId>
<Cnpj>1111111111</Cnpj>
<CodigoProduto>11111</CodigoProduto>
<DataFatoGerador>13/04/15</DataFatoGerador>
<DataVencimento>13/04/15</DataVencimento>
<DddContribuinte>16</DddContribuinte>
<EnderecoContribuinte>SOME NAME</EnderecoContribuinte>
<MunicipioContribuinte>NAME</MunicipioContribuinte>
<UFContribuinte>SP</UFContribuinte>
<CepContribuinte>11111111</CepContribuinte>
<TelefoneContribuinte>111111</TelefoneContribuinte>
<Natureza>1</Natureza>
<NomeRazaoSocial>SOME NAME</NomeRazaoSocial>
<NotaFiscalCnpj>1111111</NotaFiscalCnpj>
<NotaFiscalDataEmissao>2014-12-04</NotaFiscalDataEmissao>
<NotaFiscalNumero>111111</NotaFiscalNumero>
<NotaFiscalSerie>1</NotaFiscalSerie>
<NotaFiscalTipo>NF-e</NotaFiscalTipo>
<NumControleContribuinte>111111</NumControleContribuinte>
<TipoApuracao>2</TipoApuracao>
<PeriodoReferenciaAno>2015</PeriodoReferenciaAno>
<PeriodoReferenciaMes>04</PeriodoReferenciaMes>
<PeriodoReferenciaDecendio>2</PeriodoReferenciaDecendio>
<DiaVencimento>13/04/15</DiaVencimento>
<ValorICMSPrincipal>221.21</ValorICMSPrincipal>
<ValorTotal>221.21</ValorTotal>
</ItemPagamento>
</ItensPagamentos>
</Documento>
</documentos>
</WL5G3N1:enviarDados>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
WSDL here:
WSDL
By looking at the exeption that you Got, I can guess that your SOAP payload message is malformed.
The each tag of XML message should be mentioned by a namespace. In your case you are mentioning the namespace as "WL5G3N1" in the following tag.
<WL5G3N1:enviarDados xmlns:WL5G3N1="http://www.openuri.org/">
So You should use WL5G3N1 throughout the message for refering each and every XML element.
So the following XML should work.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:WL5G3N0="http://schemas.xmlsoap.org/wsdl/" xmlns:WL5G3N1="http://www.openuri.org/"
xmlns:WL5G3N2="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:WL5G3N3="http://www.openuri.org/2006/12/wsdl/upgradedJWS"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<WL5G3N1:enviarDados xmlns:WL5G3N1="http://www.openuri.org/">
<WL5G3N1:emitente>
<WL5G3N1:CNPJEmitente>11111111</WL5G3N1:CNPJEmitente>
<WL5G3N1:Email>my#email.com</WL5G3N1:Email>
</WL5G3N1:emitente>
<WL5G3N1:documentos>
<WL5G3N1:Documento>
<WL5G3N1:TipoPagamento>1</WL5G3N1:TipoPagamento>
<WL5G3N1:TipoDocumento>2</WL5G3N1:TipoDocumento>
<WL5G3N1:DataPagamento>13/04/15</WL5G3N1:DataPagamento>
<WL5G3N1:ItensPagamentos>
<WL5G3N1:ItemPagamento>
<WL5G3N1:TipoId>1</WL5G3N1:TipoId>
<WL5G3N1:Cnpj>1111111111</WL5G3N1:Cnpj>
<WL5G3N1:CodigoProduto>11111</WL5G3N1:CodigoProduto>
<WL5G3N1:DataFatoGerador>13/04/15</WL5G3N1:DataFatoGerador>
<WL5G3N1:DataVencimento>13/04/15</WL5G3N1:DataVencimento>
<WL5G3N1:DddContribuinte>16</WL5G3N1:DddContribuinte>
<WL5G3N1:EnderecoContribuinte>SOME NAME</WL5G3N1:EnderecoContribuinte>
<WL5G3N1:MunicipioContribuinte>NAME</WL5G3N1:MunicipioContribuinte>
<WL5G3N1:UFContribuinte>SP</WL5G3N1:UFContribuinte>
<WL5G3N1:CepContribuinte>11111111</WL5G3N1:CepContribuinte>
<WL5G3N1:TelefoneContribuinte>111111
</WL5G3N1:TelefoneContribuinte>
<WL5G3N1:Natureza>1</WL5G3N1:Natureza>
<WL5G3N1:NomeRazaoSocial>SOME NAME</WL5G3N1:NomeRazaoSocial>
<WL5G3N1:NotaFiscalCnpj>1111111</WL5G3N1:NotaFiscalCnpj>
<WL5G3N1:NotaFiscalDataEmissao>2014-12-04</WL5G3N1:NotaFiscalDataEmissao>
<WL5G3N1:NotaFiscalNumero>111111</WL5G3N1:NotaFiscalNumero>
<WL5G3N1:NotaFiscalSerie>1</WL5G3N1:NotaFiscalSerie>
<WL5G3N1:NotaFiscalTipo>NF-e</WL5G3N1:NotaFiscalTipo>
<WL5G3N1:NumControleContribuinte>111111
</WL5G3N1:NumControleContribuinte>
<WL5G3N1:TipoApuracao>2</WL5G3N1:TipoApuracao>
<WL5G3N1:PeriodoReferenciaAno>2015</WL5G3N1:PeriodoReferenciaAno>
<WL5G3N1:PeriodoReferenciaMes>04</WL5G3N1:PeriodoReferenciaMes>
<WL5G3N1:PeriodoReferenciaDecendio>2
</WL5G3N1:PeriodoReferenciaDecendio>
<WL5G3N1:DiaVencimento>13/04/15</WL5G3N1:DiaVencimento>
<WL5G3N1:ValorICMSPrincipal>221.21</WL5G3N1:ValorICMSPrincipal>
<WL5G3N1:ValorTotal>221.21</WL5G3N1:ValorTotal>
</WL5G3N1:ItemPagamento>
</WL5G3N1:ItensPagamentos>
</WL5G3N1:Documento>
</WL5G3N1:documentos>
</WL5G3N1:enviarDados>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Related
When i perform a request using HTTP POST method from Angular, response comes without set-cookie header, contrary when I perform a request using HTTP GET method response comes with set-cookie Header.
I know that when POST method is used a preflight OPTIONS request is automatically issued by a browser. I am looking for advice what can i make so after POST method request client get set-cookie header as it already works with GET method?
My Angular request:
this.http.post<UserDto>("//localhost:8080/users", this.user, {withCredentials: true}).subscribe( user => {
alert("User created successfully.");
});;
Those are response headers i get:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST,PUT,DELETE,GET,OPTIONS
Access-Control-Allow-Origin: http://localhost:4200
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Date: Sun, 05 May 2019 09:22:55 GMT
Expires: 0
Pragma: no-cache
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
And my request headers:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:4200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
My Spring Security configuration:
#Configuration
#EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.
cors().and().
csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().addFilterBefore(
new StatelessCSRFFilter(), CsrfFilter.class);
}
#Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(ImmutableList.of("http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("POST","PUT","DELETE","GET","OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(ImmutableList.of("Authorization", "Cache-Control", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
I have found such an advice:
" I got it to work by adding a response filter for the pre-flight OPTIONS request that works without credentials.
<security-constraint>
<display-name>No check for options</display-name>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
I am not sure how to implement that solution is spring.
The CORS configuration has been set up correctly on the SpringFramework backend, as the methods succeed as expected, and Angular does set the cookies for GET requests. It is only POST operations that do not succeed if not preceded by HTTP.GET request.
I have built Spring WS application (based on Spring WS 2.2.3) that exposes a small web service with couple of Operations. Each Operation receives input parameters to search a backend database and return response. Some of the parameters are mandatory (e.g. Street Name) and the Client have requested that if a request to the service is missing some of these mandatory parameters (e.g. empty Street Name) then my service should return proper SOAP Fault with HTTP status of 400.
My exception handling is working fine and I am able to return the correct SOAP Fault to the client if some a required parameter was missing form the request message and Spring WS takes care of the rest by wrapping a SOAP Fault and sends it back to the client with status code of 500 like the following:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
Content-Type: text/xml;charset=utf-8
Content-Length: 503
Date: Thu, 10 Dec 2015 22:28:02 GMT
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">Street Name is required</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Which is good except that I really want the HTTP status code to be '400 Bad Request' instead of the '500 Internal Server Error' I can't figure out how to change the status code from 500 to 400 and get similar response like the following:
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Accept: text/xml, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
SOAPAction: ""
Content-Type: text/xml;charset=utf-8
Content-Length: 503
Date: Thu, 10 Dec 2015 22:28:02 GMT
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">Street Name is required</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Any ideas?
I have deployed a cxf-jaxws-javafirst maven project with its default method: HelloWorld.sayHi(String text).
http://localhost:8080/prueba/HelloWorld?wsdl
On the other hand, I have a soap client implemented on Nodejs with soap module.
var express = require('express')
var app = express()
//soap module
var soap = require('soap');
//url of the wsdl
var url = 'http://localhost:8080/prueba/HelloWorld?wsdl';
//variable
var args = {arg0: 'friend'};
app.get('/', function (req, res) {
soap.createClient(url, function(err, client) {
client.sayHi(args, function(err, result) {
res.send(result);
});
});
})
var server = app.listen(3000, function () {
var host = server.address().address
var port = server.address().port
console.log('Example app listening at http://%s:%s', host, port)
})
I have try to send soap message to other WebService, e.g. http://wsf.cdyne.com/WeatherWS/Weather.asmx?wsdl and my client code works, so I think I have some error in my WebService.
In my maven project I have just added this line of code just above the declaration of the interface for debugging messages into and out of my web service :
#org.apache.cxf.feature.Features(features = "org.apache.cxf.feature.LoggingFeature")
In this way I got the input message(soap client) and output message(WebService response):
Input Message:
mar 05, 2015 1:33:08 PM org.apache.cxf.services.HelloWorldImplService.HelloWorldImplPort.HelloWorld
INFORMACIÓN: Inbound Message
----------------------------
ID: 17
Address: http://localhost:8080/prueba/HelloWorld
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=utf-8
Headers: {Accept=[text/html,application/xhtml+xml,application/xml,text/xml;q=0.9,*/*;q=0.8], accept-charset=[utf-8], accept-encoding=[none], connection=[close], Content-Length=[230], content-type=[text/xml; charset=utf-8], host=[localhost:8080], SOAPAction=[""], user-agent=[node-soap/0.8.0]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="http://prueba.prueba/"><soap:Body><sayHi><arg0>Hola</arg0></sayHi></soap:Body></soap:Envelope>
Output Message:
mar 05, 2015 1:33:08 PM org.apache.cxf.services.HelloWorldImplService.HelloWorldImplPort.HelloWorld
INFORMACIÓN: Outbound Message
---------------------------
ID: 17
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Unexpected wrapper element sayHi found. Expected {http://prueba.prueba/}sayHi.</faultstring></soap:Fault></soap:Body></soap:Envelope>
And Java error:
mar 05, 2015 1:33:08 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
ADVERTENCIA: Interceptor for {http://prueba.prueba/}HelloWorldImplService#{http://prueba.prueba/}sayHi has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Unexpected wrapper element sayHi found. Expected {http://prueba.prueba/}sayHi.
at org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:106)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Whit SoapUI, I achieve send the string:
This is the InputMessage (Client: SoapUI).
ID: 18
Address: http://localhost:8080/prueba/HelloWorld
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive],
Content-Length=[285], content-type=[text/xml;charset=UTF-8], host=[localhost:8080],
SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:pru="http://prueba.prueba/">
<soapenv:Header/>
<soapenv:Body>
<pru:sayHi>
<!--Optional:-->
<arg0>"?"</arg0>
</pru:sayHi>
</soapenv:Body>
</soapenv:Envelope>
I do not know I'm doing wrong, I hope someone can help me.
Thank you in advance.
I have tried to remove the namespace pru from SoapUI and I have got the same error so this is my error, I have to get add the namespace. Pru refers to namespace tns of my wsdl.
I read the issues of github of node-soap and one refers to the namespace tns.
https://github.com/vpulim/node-soap/issues/537
I have changed these line of wsdl.js file:
this.ignoredNamespaces= [ 'tns', 'targetNamespace', 'typedNamespace']
WSDL.prototype._ignoredSchemaNamespaces = ['tns', 'xs', 'xsd'];
by
this.ignoredNamespaces= [ 'targetNamespace', 'typedNamespace']
WSDL.prototype._ignoredSchemaNamespaces = ['xs', 'xsd'];
and my code works.
Thank you herom
I'm one of the maintainers/collaborators over at node-soap.
I don't know cxf-jaxws-javafirst but looking at your image of the wsdl I can't find the pru: prefix defined anywhere, so I don't know where SoapUI is assuming that the <sayHI> element should have this prefix attached...
To me the produced SOAP Body of node-soap:
<soap:Body>
<sayHi>
<arg0>
Hola
</arg0>
</sayHi>
</soap:Body>
seems valid, based on the input wsdl.
I'm trying to send a request to a web service that has "Wssp1.2-2007-Https-UsernameToken-Digest.xml" as policy.
below is my code, I'm using apache cxf library on eclipse:
public static void main(String[]args){
CardDetails_Service cds = new CardDetails_Service();
CardDetails cdsPort = cds.getCardDetailsPort();
//End_Init_load
//Retrieve the client object from the port
Client client = ClientProxy.getClient(cdsPort);
Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> ctx = ((BindingProvider) cdsPort).getRequestContext();
ctx.put("ws-security.username", "weblogicdev");
ctx.put("ws-security.password", "weblogic123");
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
CustomerRequestParam crp = new CustomerRequestParam();
crp.setCustomerID("dasd");
crp.setDataLevel("adsa");
crp.setInstitution("11");
CustomerResponseParam crpResponse = cdsPort.getCardDetailByCustomerOperation(crp);
System.out.println(crpResponse.getResponseDetails().getResponseCode()+"]["+crpResponse.getResponseDetails().getResponseDescription());
}
When I change the policy of the web service to Wssp1.2-2007-Https-UsernameToken-Plain.xml, the code above works, and I get a response.
But when I switch it back to digest, it doesn't work.
Below is an output of the generated request of the requests in both policies:
UsernameToken-Digest:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9cec2846-7695-4c8b-b7c3-4c8cf6887b9e">
<wsu:Created>2014-06-26T12:55:32.262Z
</wsu:Created>
<wsu:Expires>2014-06-26T13:00:32.262Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-36511701-a842-4ba5-8e29-dc8841fb3a61">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">m5nhNFD+LT9e9sk8CAClHdFNTdQ=
</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MKlsVkLpcQykOosbGnszvg==
</wsse:Nonce>
<wsu:Created>2014-06-26T12:55:32.270Z
</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
UsernameToken-Plain:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-9140d6d2-ce36-4efd-aedd-bfc338480993">
<wsu:Created>2014-06-26T12:45:49.342Z
</wsu:Created>
<wsu:Expires>2014-06-26T12:50:49.342Z
</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-a16f2785-c64d-44df-87e8-b8b840612192">
<wsse:Username>weblogicdev
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic123
</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<soap:Body>
<CustomerRequest xmlns="www.mdsl.eft.cms.com">
<Institution>11
</Institution>
<Customer_ID>dasd
</Customer_ID>
<Data_Level>adsa
</Data_Level>
</CustomerRequest>
</soap:Body>
</soap:Envelope>
The requests are changing to suit the switch of policies but I don't understand why I'm getting a "Failed to assert identity with UsernameToken".
For more info, below is the full trace:
Jun 26, 2014 5:32:18 PM io.netty.util.internal.logging.Slf4JLogger info
INFO: Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system unstability.
Jun 26, 2014 5:32:19 PM org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
INFO: Creating Service {http://test/}CardDetails from WSDL: https://localhost:7002/testWebService/CardDetailsPort?wsdl
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Outbound Message
---------------------------
ID: 1
Address: https://localhost:7002/TestWebService/CardDetailsPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/], SOAPAction=["urn:Test/getCardDetailByCustomerOperation"]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-2f3ad257-f56f-4658-8553-2867143f2188"><wsu:Created>2014-06-26T14:32:19.664Z</wsu:Created><wsu:Expires>2014-06-26T14:37:19.664Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-bcb0d1b1-3ee3-4182-bdc6-476f86006153"><wsse:Username>weblogicdev</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iqb9Xe1/GqwfPW0CU1NOO96eH2I=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3BkQP6r7MPJrs5AIohRwEQ==</wsse:Nonce><wsu:Created>2014-06-26T14:32:19.671Z</wsu:Created></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><soap:Body><CustomerRequest xmlns="www.mdsl.eft.cms.com"><Institution>11</Institution><Customer_ID>dasd</Customer_ID><Data_Level>adsa</Data_Level></CustomerRequest></soap:Body></soap:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.services.CardDetails.CardDetailsPort.CardDetails
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml;charset="utf-8"
Headers: {Content-Length=[380], Content-Type=[text/xml;charset="utf-8"], Date=[Thu, 26 Jun 2014 14:32:19 GMT], X-ORACLE-DMS-ECID=[37cb61f8f3397d86:62376f09:146d4fa0d76:-8000-0000000000000c23], X-Powered-By=[Servlet/2.5 JSP/2.1]}
Payload: <?xml version='1.0' encoding='UTF-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:FailedAuthentication</faultcode><faultstring>Failed to assert identity with UsernameToken.</faultstring></env:Fault></env:Body></env:Envelope>
--------------------------------------
Jun 26, 2014 5:32:19 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Failed to assert identity with UsernameToken.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:159)
at $Proxy35.getCardDetailByCustomerOperation(Unknown Source)
at Test.Tester.main(Tester.java:83)
Caused by: org.apache.cxf.binding.soap.SoapFault: Failed to assert identity with UsernameToken.
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1636)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1525)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.http.netty.client.NettyHttpConduit$NettyWrappedOutputStream.close(NettyHttpConduit.java:153)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:137)
... 2 more
By default, WebLogic doesn't store the password in a retrievable manner, necessary for the digest method to work.
To fix it, in the admin console, go to providers configuration of your security realms setting (by default: Security Realm -> myrealm -> Providers) and for the DefaultAuthenticator, under the Provider Specific tab, make sure Enable Password Digests is enabled.
Also make sure that wsse:PasswordDigest is active in the DefaultIdentityAsserter settings.
NOTE: After you turn on Enable Password Digests, you have to reset the password of any user(s) you want to participate in the authentication for you web service.
From page 6 of this Document
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
Can you verify that your digest is correctly following this formula?
The actual code that performs the validation on the server side can be found here
I'm trying to learn CXF and want to implement ws security with a simple hello world example.
I followed bottom up approach to create a cxf service which is runing and I tested with soap ui. I wrote a spring client and it is working fine too.
Then I tried to add the timestamp. I added
the WSS4J and saaj interceptors in both server and clent spring bean config files. I followed this blog.
cxf-spring-and-ws-security-putting-it
I exactly followed the same steps and I added timestamp action. When I run the client I get this
I get this exception
org.apache.ws.security.WSSecurityException: An error was discovered processing the
<wsse:Security> header
My wsdl does not have any entries concerning the security or the interceptors I added.
The SOAP request is the same as the one before interceptors were added. I figured out that the header is missing from the request. How can I add header in the request in this scenario?
Please check below for stack trace.
ID: 4
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml;charset=UTF-8
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[294], content-type=[text/xml;charset=UTF-8], host=[localhost:8080], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.spring.demo/">
<soapenv:Header/>
<soapenv:Body>
<ser:sayHi>
<!--Optional:-->
<arg0>Yamini</arg0>
</ser:sayHi>
</soapenv:Body>
</soapenv:Envelope>
--------------------------------------
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor checkActions
WARNING: Security processing failed (actions mismatch)
Sep 21, 2012 10:53:51 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Sep 21, 2012 10:53:51 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://service.spring.demo/}HelloWorldImplService has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:733)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:333)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:191)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:359)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:312)
... 27 more
Sep 21, 2012 10:53:51 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 4
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered processing the <wsse:Security> header</faultstring></soap:Fault></soap:Body></soap:Envelope>
--------------------------------------
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 5
Address: http://localhost:8080/HelloWorldWithSecurity/services/HelloWorldImplPort
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], cache-control=[no-cache], connection=[keep-alive], Content-Length=[610], content-type=[text/xml; charset=UTF-8], host=[localhost:8080], pragma=[no-cache], SOAPAction=[""], user-agent=[Apache CXF 2.4.9]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-1"><wsu:Created>2012-09-21T16:31:29.958Z</wsu:Created><wsu:Expires>2012-09-21T16:36:29.958Z</wsu:Expires></wsu:Timestamp></wsse:Security></soap:Header><soap:Body><ns2:sayHi xmlns:ns2="http://service.spring.demo/"><arg0>Yamini</arg0></ns2:sayHi></soap:Body></soap:Envelope>
--------------------------------------
sayHi called
Sep 21, 2012 11:31:29 AM org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Outbound Message
---------------------------
ID: 5
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayHiResponse xmlns:ns2="http://service.spring.demo/"><return>Hello Yamini</return></ns2:sayHiResponse></soap:Body></soap:Envelope>
--------------------------------------
I do not see any security headers in the request. So I'm getting the exception when the response is getting processed for them. What I want to get an idea is how to add security headers in the case when the web service is developed in java first approach.
Thank you so much.
Your header should look like this...
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
You would need to add wsse:Security header in your SOAP request
<soapenv:envelope ...
<soapenv:header>
<wsse:security soapenv:mustunderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:usernametoken wsu:id="UsernameToken-27777511" xmlns:wsu="http://Pdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:username>admin</wsse:username>
<wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pass</wsse:password>
</wsse:usernametoken>
</wsse:security>
</soapenv:header>
<soapenv:body>
--
</soapenv:body>
</soapenv:envelope>