My question is similar to this. How To Pass Soap Header When WSDL Doesn't Define It? But is different.
For a web service I use, all methods need authentication which is sent in cleartext inside a SOAP header. However, my WSDL doesn't include any soap header information. I have a custom platform tool which I must use to generate code from the WSDL. Since the header info is not available, am unable to use the generated class directly - I do not want to manually modify the code to accommodate the header.
I tried specifying the SOAP header in the WSDL but I failed to get the correct namespaces. The WSDL is here https://stage.totalcheck.sensis.com.au/service/webservice?wsdl and the SOAP header is as follows:
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
Can someone help me? Thanks!
From a conceptual point of view, WSDL is not supposed to define headers. WSDL is only for defining the functional aspects of a service, like operations, messages, binding and endpoints. Messages and bindings define how the payload of messages should be encoded and formatted.
The headers of SOAP messages however do not belong to the payload. They are typically used for configuring non-functional properties of a SOAP processor. Security is such a non-functional property. The functional aspect of the payload is not affected. It is only assured that the communication is secured and the WS tool stack, not the service implementation, should take care of that.
So the missing piece is now a standard that allows for attaching some non-functional requirements to WSDL services, so that code generators can automatically derive which headers need to be sent and/or understand in order to fulfill the non-functional property as desired -- without having to manually deal with header fields. This standard exists and is called WS-Policy. A policy contains typically a set of alternatives that expose a set of requirements that both, provider and consumer should be able to fulfill. When two services are supposed to interact with each other, both policies are taken and a so called "effective policy" is calculated. It defines the common non-functional requirements. Using this information, provider and consumer can configure themselves to add required headers, like the WS-Security headers. WS-SecurityPolicy also defines a set of policies that can be used. WS-PolicyAttachment defines how such policies can be attached to a WSDL.
There are code generators that can deal with WS-Policies, e.g. Metro or Axis2
You can add soap header information to method calls by decorating the methods in the proxy class generated from the wsdl with the SoapHeader attribute.
For example wsdl.exe will generate client proxy class Reference.cs for the web service reference when you "Add Web Reference". In the link mentioned above https://stage.totalcheck.sensis.com.au/service/webservice?wsdl there is a message suggestAddress which will translate to a method in the generated reference.cs client proxy code file when you add a web reference from visual studio. By default when this method is called there will be no Header in the soap envelope. To add a SoapHeader to the envelope for this request add a [SoapHeader("Security")] attribute to the top of the SuggestAddress method in the Reference.cs generated class, where "Security" is a class that inherits from SoapHeader base class.
Example for the above required Security SoapHeader you would create the following classes,
public partial class Security : SoapHeader
{
public UserNameToken UserNameToken { get; set; }
}
public partial class UserNameToken
{
public string UserName { get; set; }
public string Password { get; set; }
}
Then you would decorate the SuggestAddress method in the reference.cs like followed,
[SoapHeader("Security")]
public suggestAddressesResult suggestAddresses([System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] addressSearch search) {
object[] results = this.Invoke("suggestAddresses", new object[] {search});
return ((suggestAddressesResult)(results[0]));
}
This will ensure that every envelope created when method suggestAddress is invoked contains a security header that looks like the one mentioned above,
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
Key for me in using this question to help myself was recognizing (as some pointed out) that the headers in question are those of WS-Security standard.
If your proxy generating tool is "custom" it seems logical that you might have a switch to automatically add the headers for WS-Security. However, if you're using WSDL.exe ("Add Web Reference" in Visual Studio), consider svcutil.exe instead ("Add Service Reference").
If you use a WCF proxy, you can override the given config and allow WCF to add the headers for you:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
From there you can specify the password:
RemoteSvcProxy.TheirClient client = new RemoteSvcProxy.TheirClient();
client.ClientCredentials.UserName.UserName = "uname";
client.ClientCredentials.UserName.Password = "pwd";
I don't know what your custom tool is, but perhaps the framework it's based on also has similar configuration options.
Related
I have problems to get SOAP request through Zeep, I get a (client) validation error... I have also tested with SoapUI and that does NOT give me the same validation error...
The specification below is from the server... Based on that specification, the OrderStatus and SynchStatus are needed to perform the request.
<soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/ xmlns:web="WebServiceProvider">
<soapenv:Header/>
<soapenv:Body>
<web:Order_Get>
<!--Optional:-->
<web:orderOptions>
<web:FromDate>?</web:FromDate>
<web:ToDate>?</web:ToDate>
<web:OrderStatus>?</web:OrderStatus>
<web:SynchStatus>?</web:SynchStatus>
<!--Optional:-->
<web:OrderNumber>?</web:OrderNumber>
<web:FromOrderNumberToLastRecieved>?</web:FromOrderNumberToLastRecieved>
<web:PaymentStatus>?</web:PaymentStatus>
</web:orderOptions>
</web:Order_Get>
</soapenv:Body>
</soapenv:Envelope>
However, executing this from the SoapUI without OrderStatus and SynchStatus will give me a list of all the orders for the specified dates:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="WebServiceProvider">
<soapenv:Header/>
<soapenv:Body>
<web:Order_Get>
<web:orderOptions>
<web:FromDate>2021-03-30</web:FromDate>
<web:ToDate>2021-03-31</web:ToDate>
</web:orderOptions>
</web:Order_Get>
</soapenv:Body>
</soapenv:Envelope>
I want to do the same with Zeep (https://github.com/mvantellingen/python-zeep) but the client validation fails...
I initiate the request with the following code:
api_url = 'https://abc.se/Webservice20/v3.0/webservice.asmx?WSDL'
session.auth = HTTPDigestAuth(username, password)
api = Client(api_url, transport=Transport(session=session))
And then I try to execute the following request:
order_options = {
'FromDate': '2021-03-30',
'ToDate': '2021-03-31',
}
orders = api.service.Order_Get(orderOptions=order_options)
This will result in the following error:
zeep.exceptions.ValidationError: Missing element OrderStatus (Order_Get.orderOptions.OrderStatus)
If I add OrderStatus to the request, I will get a validation error saying that SynchStatus is missing. When that has been added as well, the request is sent to the server.
I.e. it seems like the zeep client is more strict with regards to validating the data in the request than what the server is... Is there a way to force the client to skip this validation?
Many thanks in advance!
Searched a bit more and found a workaround in this post: Getting zeep.exceptions.ValidationError: Missing element for method that worked with suds
So the solution in my case looks like this:
from zeep import xsd
...
order_options = {
'FromDate': '2021-03-30',
'ToDate': '2021-03-31',
'OrderStatus': xsd.SkipValue,
'SynchStatus': xsd.SkipValue,
}
response = api.service.Order_Get(orderOptions=order_options)
This will block zeep from doing client side validation of the parameters OrderStatus and SynchStatus.
it seems like the zeep client is more strict with regards to validating the data in the request than what the server is...
Looks like it.
Looking at the request SoapUI generates based on the WSDL, the two fields you mention are mandatory:
<web:orderOptions>
<web:FromDate>?</web:FromDate>
<web:ToDate>?</web:ToDate>
<web:OrderStatus>?</web:OrderStatus>
<web:SynchStatus>?</web:SynchStatus>
<!--Optional:-->
<web:OrderNumber>?</web:OrderNumber>
<web:FromOrderNumberToLastRecieved>?</web:FromOrderNumberToLastRecieved>
<web:PaymentStatus>?</web:PaymentStatus>
</web:orderOptions>
So the error that the zeep client displays is correct. Zeep inspects the WSDL and generates the corresponding code to use the types in the contract. Your WSDL contract says that OrderStatus and SynchStatus are mandatory. The fact that the server doesn't validate them shows a problem: the web service isn't respecting it's own documented contract
The WSDL and the behavior of the web service should be the same. I suggest you contact the web service owners and ask about this behavior. It might be a validation missing on the server and what you get is just some side effect of that, or the behavior is intentional but someone forgot to update the WSDL to say that you can also make the call without those parameters.
Meanwhile, the workaround is very simple. Download the WSDL, change it to make the two fields optional, then feed this changed WSDL to zeep for it to generate the code, instead of using the original WSDL. You should however clarify this with the web service provider. If it's indeed a neglect of someone, this might be spotted at some point and fixed, making your workaround call fail a server validation because of the missing fields.
I've tried web search to find answer to my question but found only articles like how to create SOAP message without header.
In wikipedia on SOAP:
SOAP header : A collection of one or more header blocks targeted at
each SOAP receiver. SOAP body : Contains the body of the message
intended for the SOAP receiver. The interpretation and processing of
SOAP body is defined by header blocks.
And:
A SOAP message is an ordinary XML document containing the following
elements:
Element - Required
Header - No
Body - Yes
...
How can be a message without header if processing of body is defined in header?
The SOAP header is optional. If a header is required, it is mainly mentioned in the WSDL file, that is bound to the webservice. The WSDL defines the functions of a webservice and the types, that are bound to the functions. It depends on how a function is defined. Some definitions need an action attribute in the soap header. Others are used by directly mentioning them in the SOAP Body. To keep it short: how a SOAP message should look like is more or less strictly defined in the webservice definition (wsdl).
I'm developing a Java application where I need to make a web service request using SOAP protocol. In that SOAP envelop request, one of the XML attribute/property called content will hold the XML file itself like below:-
<n1:envelope>
<message>
<id>67872894892424</id>
</message>
<sender agency="GS1" scheme="tGLK">ur.0</sender>
<recipients>
<id agency="GS1" scheme="tGLK">test</id>
</recipients>
<content encoding="XML" extension="A" format="ATTP">
------
----
</content></n1:envelope>
I'm new to it and requires some assistance in clarifying my doubts. I'm using JDK1.8 and Apache CXF. How can I do marshaling/unmarshalling for this particular content attribute? Normal SOAP envelops request is easy to do it but not sure how to pass an encoded XML itself in SOAP request. Is there any reference links? Thanks
Your case is an example of including XML inside XML. Yes, XML could be included inside an SOAP(XML), there are two ways, though both means almost same thing.
Using CDATA encoding
<hello><![CDATA[<El><E2><E3 attr="D1">Text</E3></E2></El>]]></hello>
Converting the XML into text by replacing, < with <, " with "e; and > with >
<hello><El><E2><E3 attr="D1">Text</E3></E2></El></hello>
To
<hello>>El<>E2<>E3 attr="D1"<Text>/E3<>/E2<>/El<</hello>
Hence, to include the XML inside SOAP, while adding the XML element, you need to follow either approach while marshaling/unmarshaling.
I am trying to produce both xml and json from my rest service.
#Produces({"application/xml", "application/json"})
However, when I try to use the service using curl/SOAPUI, I get back either xml or json depending on which is mentioned first. In simple words, only the first method is considered. Is there a workaround?
You should check this link out - oracle docs for #Produces
The spec says that it does indeed default to the first one if that is acceptable as specified by the media type on the request. You should check your soapUI tool and see what headers you are sending. If they are both being sent you will get a response with the first one listed in your #Produces annotation.
In BizTalk 2006, I am trying to set up a messaging-only scenario whereby the recieved message (a string) is passed to a web service method that takes a single string parameter. In other words, the whole body of the BizTalk message should be passed as the parameter to the web service call.
The service method looks like this:
[WebMethod]
public void LogAuditEvent(string auditEventMessage)
I have set up the assembly with the proxy class in the SOAP adapter configuration as required, but I can't figure out how to get the message body to be passed as the parameter. Without doing anything special, I get the following error message:
Failed to serialize the message part
"auditEventMessage" into the type
"String" using namespace "".
I think this means that the adapter cannot find a message part named after the parameter. So, my question is what do I need to do to get my message set up correctly? I was thinking that maybe I needed to add an outbound map, but was not sure what to use as the source schema and how to generate a proper schema for the web service request message.
Does anyone have any pointers on this seemingly simple task?
Thanks.
TDL,
I would take a look at the links below for some tips on how to do this. SOAP adapter can be problematic I would recommend WCF if your using R2. And if not look at the WSE adapters as well.
http://blogs.digitaldeposit.net/saravana/post/2007/01/31/Calling-Web-Service-from-BizTalk-2006-in-a-Messaging-only-Scenario-(aka-Content-based-Routing).aspx
-and-
http://www.pluralsight.com/community/blogs/aaron/archive/2005/10/07/15386.aspx
-and-
http://social.technet.microsoft.com/Forums/en-US/biztalkgeneral/thread/92f2cad3-39b9-47d0-9e6f-011ccd2f9e10/
-Bryan