We Keep Coding

SOAP request uneffective on smartserver2.2

I am new here. I work as a developper on a very small company. I am in charge of developping a software (asp.net/c#) in order to monitor street lightings via smartservers (old version : 2.2).
I use SOAP messages to change the configuration and the values of each individual lamp (via datapoint).
I mostly succeeded to create schedulers and also to add datapoints.
But I am facing an issue when I want to add presets to a datapoint.
For example, these are 3 presets that could be used by the scheduler to control the lamp power (nviLampValue):
ON with a power lamp value of 100% represented by the formatted value '100.0 1'
OFF with a power lamp value of 0% represented by the formatted value '0.0 0'
PRESET1 at 80% with the formatted value '80.0 1'
I created a SOAP request (SET) to configure the presets for a datapoint (i.e. Net/LON/P68/OLC[0]/nviLampValue_1) but after a lot of trials and despite having no errors, the smartserver still ignore my request.
If someone have an idea about what is wrong with the request, it would help me a lot.
Thanks by advance
Regards,
Here is the SOAP request I made :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mes="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<soapenv:Header>
<mes:messageProperties>
<!--Optional:-->
<mes:UCPTuniqueId>cid:38089712644</mes:UCPTuniqueId>
<!--Optional:-->
<mes:UCPTipAddress>192.168.1.222</mes:UCPTipAddress>
<!--Optional:-->
<mes:UCPTport>8080</mes:UCPTport>
</mes:messageProperties>
</soapenv:Header>
<soapenv:Body>
<mes:Set xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<mes:iLonItem xsi:type="Item_Coll" xmlns:xsi="xsi">
<!--Zero or more repetitions:-->
<mes:Item xsi:type="Dp_Cfg" xmlns:xsi="xsi">
<mes:UCPTname>Net/LON/P68/OLC[0]/nviLampValue_1</mes:UCPTname>
<!--Optional:-->
<mes:UCPTannotation>Dp_In;xsi:type=\"LON_Dp_Cfg\"</mes:UCPTannotation>
<mes:UCPTbaseType LonFormat="#8000010128000000[4].UCPTbaseType">BT_STRUCT</mes:UCPTbaseType>
<UCPTformatDescription>#0000000000000000[0].SNVT_switch</UCPTformatDescription>
<mes:ValueDef>
<mes:UCPTindex>0</mes:UCPTindex>
<mes:UCPTname>OFF</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>0.0 0</mes:UCPTvalue>
</mes:ValueDef>
<mes:ValueDef>
<mes:UCPTindex>1</mes:UCPTindex>
<mes:UCPTname>ON</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>100.0 1</mes:UCPTvalue>
</mes:ValueDef>
<mes:ValueDef>
<mes:UCPTindex>2</mes:UCPTindex>
<mes:UCPTname>PRESET1</mes:UCPTname>
<mes:UCPTvalue LonFormat='#0000000000000000[0].SNVT_switch'>80.0 1</mes:UCPTvalue>
</mes:ValueDef>
</mes:Item>
</mes:iLonItem>
</mes:Set>
</soapenv:Body>
</soapenv:Envelope>
And here is the response of the smartserver (seems to indicate no error, but no processing too)
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Header>
<p:messageProperties xmlns:p="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<p:UCPTtimeStamp>2022-01-10T17:33:18.040+01:00</p:UCPTtimeStamp>
<p:UCPTuniqueId>0300003B44F2</p:UCPTuniqueId>
<p:UCPTipAddress>192.168.1.222</p:UCPTipAddress>
<p:UCPTport>8080</p:UCPTport>
<p:UCPTlastUpdate>2022-01-10T16:23:36Z</p:UCPTlastUpdate>
<p:UCPTprocessingTime>21</p:UCPTprocessingTime>
</p:messageProperties>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<SetResponse xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<iLonItem xsi:type="Item_Coll">
<UCPTfaultCount>0</UCPTfaultCount>
<UCPTcurrentConfig>4.0</UCPTcurrentConfig>
</iLonItem>
</SetResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Ok, I found a solution that seems to work. I share in case someone could face the same (or a similar) problem.
This is what I found that worked after sending the request using SOAPUI:
I had to edit the < Enveloppe >, < MessageProperties > and < Set > tags with the correct namespaces.
I also added more parameters in the tag but I didn't check if they are all necessary, except UCPTname, UCPTannotation, UCPTFormatDescription, UCPTDirection and UCPTbaseType and that are important to define the presets.
Regards,
Here is the request that worked for me :
<?xml version="1.0" encoding="utf-8"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<Header>
<messageProperties xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/"/>
</Header>
<Body>
<Set xmlns="http://wsdl.echelon.com/web_services_ns/ilon100/v4.0/message/">
<iLonItem>
<Item xsi:type="Dp_Cfg">
<UCPTname>Net/LON/P68/OLC[0]/nviLampValue_1</UCPTname>
<UCPTannotation>Dp_In;xsi:type=\"LON_Dp_Cfg\"</UCPTannotation>
<UCPThidden>0</UCPThidden>
<UCPTformatDescription>#0000000000000000[0].SNVT_switch</UCPTformatDescription>
<UCPTlength>2</UCPTlength>
<UCPTdirection LonFormat="#8000010128000000[4].UCPTdirection">DIR_IN</UCPTdirection>
<UCPTbaseType LonFormat="#8000010128000000[4].UCPTbaseType">BT_STRUCT</UCPTbaseType>
<UCPTmaxFields>2</UCPTmaxFields>
<SCPTmaxSendTime>0</SCPTmaxSendTime>
<SCPTminSendTime>0</SCPTminSendTime>
<SCPTmaxRcvTime>0</SCPTmaxRcvTime>
<ValueDef>
<UCPTindex>0</UCPTindex>
<UCPTname>OFF</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">0.0 0</UCPTvalue>
</ValueDef>
<ValueDef>
<UCPTindex>1</UCPTindex>
<UCPTname>ON</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">100.0 1</UCPTvalue>
</ValueDef>
<ValueDef>
<UCPTindex>2</UCPTindex>
<UCPTname>PRESET1</UCPTname>
<UCPTvalue LonFormat="#0000000000000000[0].SNVT_switch">80.0 1</UCPTvalue>
</ValueDef>
</Item>
</iLonItem>
</Set>
</Body>
</Envelope>

SOAP request with certain tags without namespace

Would be the following SOAP request valid according to the standard?
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<ns2:ServiceReq xmlns:ns2="http://www.tibco.com/service" xmlns:ns1="http://www.tibco.com/framework">
<ns1:HeaderIn>
<ns1:countryISO>FR</ns1:countryISO>
<ns1:callerDateTime>2021-11-26T15:50:08.742Z</ns1:callerDateTime>
</ns1:HeaderIn>
<ns2:request>
<entete>
<profile>Default</profile>
</entete>
<input>
<type>W</type>
<codeRegion>X</codeRegion>
</input>
</ns2:request>
</ns2:ServiceReq>
</soapenv:Body>
</soapenv:Envelope>
I am not sure because certain tags don't have a namespace

There are multiple levels of valid here:
Is it a valid SOAP message as per the SOAP standard? Yes. The SOAP envelope and body tags seem valid.
Is it a valid XML format? Yes, it's a well formed XML file.
Are those elements without a namespace prefix valid? Yes. Elements can be in a default namespace or in no namespace at all.
Is the actual content of the body a valid messages? You can only tell if you verify the message you posted against the expected message as defined in the WSDL file of the web service.
All the elements in the body of the SOAP message should belong to specific namespaces, but sometimes a developer forgets to add a namespace annotation on the element, or copy-pastes something from some place else, or whatever, and you end up with weird looking XMLs like that. The service works and the message is correctly parsed, but it just looks funny.

Server.userException when sending a SOAP-Request with VBScript

When sending a SOAP-Request the answer XML contains a Server.userException faultstring
<faultstring>No such operation 'TabellenExport'</faultstring>
As far a i know this is not specific to the web service i am trying to reach. My suspicion is, that i am doing something wrong when creating the Request and setting the headers.
Dim http, soapRequest
Set http = CreateObject("Microsoft.XmlHttp")
http.open "POST", wsdl, False
http.setRequestHeader "Content-Type", "text/xml"
http.setRequestHeader "SOAPAction", url
http.send xml
request = http.responseText
This is the XML i´m sending:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice_2010.genesis">
<soapenv:Header/>
<soapenv:Body>
<web:TabellenExport soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<kennung xsi:type="xsd:string">*********</kennung>
<passwort xsi:type="xsd:string">********</passwort>
<namen xsi:type="xsd:string">61111-0002</namen>
<bereich xsi:type="xsd:string">Alle</bereich>
<format xsi:type="xsd:string">xml</format>
<strukturinformation xsi:type="xsd:boolean">false</strukturinformation>
<komprimieren xsi:type="xsd:boolean">false</komprimieren>
<transponieren xsi:type="xsd:boolean">false</transponieren>
<startjahr xsi:type="xsd:string"></startjahr>
<endjahr xsi:type="xsd:string"></endjahr>
<zeitscheiben xsi:type="xsd:string"></zeitscheiben>
<regionalmerkmal xsi:type="xsd:string"></regionalmerkmal>
<regionalschluessel xsi:type="xsd:string"></regionalschluessel>
<sachmerkmal xsi:type="xsd:string"></sachmerkmal>
<sachschluessel xsi:type="xsd:string"></sachschluessel>
<sachmerkmal2 xsi:type="xsd:string"></sachmerkmal2>
<sachschluessel2 xsi:type="xsd:string"></sachschluessel2>
<sachmerkmal3 xsi:type="xsd:string"></sachmerkmal3>
<sachschluessel3 xsi:type="xsd:string"></sachschluessel3>
<stand xsi:type="xsd:string"></stand>
<auftrag xsi:type="xsd:boolean"></auftrag>
<sprache xsi:type="xsd:string">de</sprache>
</web:TabellenExport>
</soapenv:Body>
</soapenv:Envelope>
It is according to the documentation that is available to me.
The WSDL is located here: https://www-genesis.destatis.de/genesisWS/services/ExportService_2010?wsdl
i tried switching the url and the wsdl but i got the same result.
Am i doing something wrong?
wsdl is the location of the WSDL-File, url ist the target address provided to me by the web service and xml is juste the text of the xml i wont to send.

How to get response value from Currency Converter service response through groovy script in SoapUI?

I'm using Currency Converter webservice to practice groovy script in SoapUI Pro.
In that, I have created a property that should get response / output of the Currency Converter service through groovy script.
For that, I tried the following script which gets all the raw response data :(
I need to get the exact result i.e. converted value and assign to the property.
Can anyone provide me the correct groovy script?
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://www.webserviceX.NET/">
<soapenv:Header/>
<soapenv:Body>
<web:ConversionRate>
<web:FromCurrency>USD</web:FromCurrency>
<web:ToCurrency>INR</web:ToCurrency>
</web:ConversionRate>
</soapenv:Body>
</soapenv:Envelope>
Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<ConversionRateResponse xmlns="http://www.webserviceX.NET/">
<ConversionRateResult>60.54</ConversionRateResult>
</ConversionRateResponse>
</soap:Body>
</soap:Envelope>
Thanks
Karunagara Pandi

First you need access to the Response.
def conversionRateResult = context.expand( '${step_name#Response#//*:ConversionRateResult}' )
Then to assign it to a property depends on multiple things: 1) where are you doing it from, and 2) where do you want the property assigned.
To crawl the hierarchy from a script step, you would do something like:
testRunner.testCase.setPropertyValue("property_name", conversionRateResult)
Consider browsing through the documentation and API.

ColdFusion CFHTTP connection to remote web service

I have successfully connected to a remote webservice using SOAPUI (www.soapui.org). But, I am having trouble calling it successfully from CF9.2.
Here is my entire CFC function. There are dynamic vars but I've tested the output in the soapUI interface and it works:
<cffunction name="getOrganisation" access="remote" returnType="any" output="true">
<cfargument name="iPageNumber" type="any" required="false" default="0">
<cfargument name="iPageSize" type="any" required="false" default="0">
<cfargument name="bCurrentNamesOnly" type="boolean" required="false" default="1">
<cfargument name="bExcludeNotRtos" type="boolean" required="false" default="0">
<cfargument name="bExcludeRtoWithoutActiveRegistration" type="boolean" required="false" default="0">
<cfargument name="sFilter" type="any" required="false" default="">
<cfargument name="bIncludeCode" type="boolean" required="false" default="1">
<cfargument name="sRegistrationManagers" type="any" required="false" default="">
<cfargument name="sClassificationFilters" type="any" required="false" default="">
<cfargument name="sScheme" type="any" required="false" default="">
<cfset var endpoint = "https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc/Organisation">
<cfsavecontent variable="soapBody">
<cfoutput>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://training.gov.au/services/"
xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soapenv:Header/>
<soapenv:Body>
<ser:Search>
<ser:request>
<ser:PageNumber>#arguments.iPageNumber#</ser:PageNumber>
<ser:PageSize>#arguments.iPageSize#</ser:PageSize>
<ser:ClassificationFilters>
<ser:ClassificationFilter>
<ser:Scheme>#arguments.sScheme#</ser:Scheme>
<ser:Values>
<cfif len(arguments.sClassificationFilters)>
<cfloop list="#arguments.sClassificationFilters#" index="item">
<arr:string>#item#</arr:string>
</cfloop>
</cfif>
</ser:Values>
</ser:ClassificationFilter>
</ser:ClassificationFilters>
<ser:CurrentNamesOnly>#arguments.bCurrentNamesOnly#</ser:CurrentNamesOnly>
<ser:ExcludeNotRtos>#arguments.bExcludeNotRtos#</ser:ExcludeNotRtos>
<ser:ExcludeRtoWithoutActiveRegistration>#arguments.bExcludeRtoWithoutActiveRegistration#</ser:ExcludeRtoWithoutActiveRegistration>
<ser:Filter>#arguments.sFilter#</ser:Filter>
<ser:IncludeCode>#arguments.bIncludeCode#</ser:IncludeCode>
<ser:RegistrationManagers>
<cfif len(arguments.sRegistrationManagers)>
<cfloop list="#arguments.sRegistrationManagers#" index="item">
<arr:string>#item#</arr:string>
</cfloop>
</cfif>
</ser:RegistrationManagers>
</ser:request>
</ser:Search>
</soapenv:Body>
</soapenv:Envelope>
</cfoutput>
</cfsavecontent>
<cfhttp
url="#endpoint#"
method="post"
username="#variables.username#"
password="#variables.password#">
<cfhttpparam type="header" name="accept-encoding" value="no-compression" />
<cfhttpparam type="xml" value="#trim(soapBody)#"/>
</cfhttp>
<cfdump var="#cfhttp.FileContent#"><cfabort>
<cfreturn cfhttp.FileContent>
</cffunction>
Running this, I get the error:
An error occurred when verifying security for the message.
Following is the complete return xml
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-AU">An error occurred when verifying security for the message.</faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
So, it appears to be an authorisation issue.
Here is the SoapUI request screen:
So, how do I construct the cfhttp, or maybe cfinvoke, to emulate the soapUI call?
EDIT
SOAP Request XML
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://training.gov.au/services/" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soapenv:Header/>
<soapenv:Body>
<ser:Search>
<ser:request>
<ser:PageNumber>0</ser:PageNumber>
<ser:PageSize>0</ser:PageSize>
<ser:ClassificationFilters>
<ser:ClassificationFilter>
<ser:Scheme></ser:Scheme>
<ser:Values>
<arr:string></arr:string>
</ser:Values>
</ser:ClassificationFilter>
</ser:ClassificationFilters>
<ser:CurrentNamesOnly>true</ser:CurrentNamesOnly>
<ser:ExcludeNotRtos>0</ser:ExcludeNotRtos>
<ser:ExcludeRtoWithoutActiveRegistration>0</ser:ExcludeRtoWithoutActiveRegistration>
<ser:Filter></ser:Filter>
<ser:IncludeCode>1</ser:IncludeCode>
<ser:RegistrationManagers>
<arr:string></arr:string>
</ser:RegistrationManagers>
</ser:request>
</ser:Search>
</soapenv:Body>
</soapenv:Envelope>
EDIT 2
Further information:
Here is the url directly to the service: https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc
Below is a screenshot of some authentication related information from the docs

I'm thinking that you need to post the username and password in cfhttpparam tags, not as attributes in the cfhttp tag.

SOAPUI is a fantastic tool, and one I've bee using a lot recently when debugging SOAP requests or transferring them from static .wsdl files into a ColdFusion component.
The first thing to look at is the error message itself:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-AU">An error occurred when verifying security for the message. </faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
The faultcode node contains a link to the OASIS security namespace document:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Viewing that in the browser, you can see what security values are required and you can clarify the naming conventions. So, we can confirm from this that you do need to send through the following with the following format:
Username
Password
Without having access to the request you are testing in SOAPUI, we can also see that the Username and Password values are visible in the property window (your screen grab from the interface, above).
Are these values set within the XML of the request in SOAPUI? Perhaps in the SOAP request header, like so:
<soapenv:Header>
<authInfo xsi:type="soap:authentication">
<Username xsi:type="xsd:string">?</Username>
<Password xsi:type="xsd:string">?</Password>
</authInfo>
</soapenv:Header>
If that is the case, you will also need to include this header in your ColdFusion component when building the soapBody variable.
Also, can you view the URL of the SOAP request directly in the browser to see what variables it expects?
https://ws.staging.training.gov.au/Deewr.Tga.WebServices/OrganisationService.svc/Organisation
The overall structure of your CFC and soapBody looks good, so without having access to the file you are running in SOAPUI to see it running, debugging it and providing answers would be a little tricky.
If you can rule out all of the possibilities mentioned above and still have issues, let me know.

Yes, you were not originally passing a Oasis security header. The answers here so far probably aren't going to work however. Oasis standard can allow for many an varied combinations of user/password/nonce/digest/created and encoding attributes.
As you may or may not have found, the Axis 1 library (CF9 and lower user Axis 1 (versions 1.1-1.4); CF10 also has Axis 2 (Axis version 1.6)). And thus you must POST (cfhttp/http) to pass and receive an Oasis header. The Axis 1 library will cry about trying to understand the Oasis node in the header area.**
Since you are manually posting, you can simply construct your Oasis header in your header much like the example fro Matt Gifford.
Depending on what exactly the receiving party is expecting, you may will have something like this:
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<wsse:UsernameToken wsu:Id="UsernameToken-15">
<wsse:Username>
<!-- Removed-->
</wsse:Username>
<wsse:Password>
<!-- Removed-->
</wsse:Password>
<wsse:Nonce>
<!-- Removed-->
</wsse:Nonce>
<wsu:Created>2012-07-11T02:02:48.410Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
or this (from early cladding method pre-output):
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >
<wsse:Username>#Arguments.szUserName#</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">#Arguments.szPassword#</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
or this (final output):
<wsse:Security soapenv:mustUnderstand="1"xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-974900"xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>SuperJellyMan</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">jellybeanboom</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">SmVsbHlCZWFuQm9vbTk3NDkwMA==</wsse:Nonce>
<wsu:Created>2012-07-26T17:00:34Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
And so on and so forth. I have seen people invoke java libraries to do this more dynamically. I simply built a few simple methods to build my nonce and format my xml time stamp. But basically, it is pretty simple to build some kind of function or other helper methods to clad the values required in xml with the proper Oasis attributes and xsd references and then insert that in your header of your request of the manual post.
The tricky part is knowing exactly what they want in the Oasis security header if they do not tell you. The xsd simply shows what is acceptable according to Oasis standards, but not necessarily what they are using (and in what combination). If you can get that from them, you can pretty easily put that together from the Oasis docs.
Usually, the combination is User/Pwd (first example). If a Nonce is used, very often a Password Digest is also used (the password gets a ##PasswordDigest instead of ##PasswordText) and is an encoded hash of the created time and password (see Oasis docs for more explanation).
But, the last project I worked on had a plain text pwd plus a nonce with no digest. Not exactly logical since the nonce is supposed to make a fake request more difficult and use a non-clear text password which needs to be decoded by receiver and compared to validate... So it is totally up to the service on what they want/use/need.
You should be able to paste your concocted Oasis header into SoapUI and pretty quickly figure out what they might need/want from their responses to same.
If they have specified user/password (as text), you might find one of these examples (probably the second one) workable and not passing the nonce and created elements.
** Here is the Axis 1 fault for fun reference when Oasis is used with CF9 or less using actual SOAP methods (web service stub, rather than manual post):**
The fault returned when invoking the web service operation is: AxisFault faultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity faultSubcode: faultString: An error occurred when verifying security for the message. faultActor: faultNode:
faultDetail: {http://xml.apache.org/axis/}stackTrace:An error occurred when verifying security for the message. at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:221) at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:128) at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Conf...
[EDIT]
Here is a bit more info as I am working on another webservice that is similar.
Your [SOAP] xml with the cannot possibly be working. I use soapUI as well and unless I add in a security header values in their proper spot the service will return exactly the response you are receiving ("InvalidSecurity") so not very sure this xml is what you should be trying to replicate. I have also successfully built a simple cf based script version to build the header which properly generates the header and adds it to a createObject() invoked javastubbed webservice:
doc = xmlNew();
doc['Security'] = XmlElemNew(doc,'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', 'Security');
doc.Security['UsernameToken'] = XmlElemNew(doc, 'UsernameToken');
doc.Security.UsernameToken['Username'] = XmlElemNew(doc, 'Username');
doc.Security.UsernameToken.username.XmlText = "TESTERDUDE" ;
doc.Security.UsernameToken.username.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken['Password'] = XmlElemNew(doc, 'Password');
doc.Security.UsernameToken.password.XmlText = "YetAnotherPassword";
doc.Security.UsernameToken.password.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken.password.XmlAttributes["Type"] = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordDigest";
doc.Security.UsernameToken['Nonce'] = XmlElemNew(doc, 'Nonce');
doc.Security.UsernameToken.nonce.XmlText = "tKUH8ab3Rokm4t6IAlgcdg9yaEw="; // This would be generated if needed
doc.Security.UsernameToken.nonce.XmlAttributes["xsi:type"] = "xsd:string";
doc.Security.UsernameToken['Created'] = XmlElemNew(doc, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", 'Created');
doc.Security.UsernameToken.created.XmlText = "2010-08-10T10:52:42Z";
doc.Security.UsernameToken.created.XmlAttributes["xsi:type"] = "xsd:string";
addSOAPRequestHeader(ws, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", doc);
This properly generates [taken from the server side xml using getSoapRequest() which grabs the entire xml request] :
<soapenv:Header>
<Security soapenv:actor="" soapenv:mustUnderstand="0" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken>
<Username xsi:type="xsd:string">TESTERDUDE</Username>
<Password xsi:type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">My Password is my Voice</Password>
<Nonce xsi:type="xsd:string">tKUH8ab3Rokm4t6IAlgcdg9yaEw=</Nonce>
<Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xsi:type="xsd:string">2010-08-10T10:52:42Z</Created>
</UsernameToken>
</Security>
</soapenv:Header>