function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
ritswaney007ritswaney007 

Secure WS - Please help !

Hi there

Does Apex support Secure Web Services. I need to consume an external WS, for one which need to be authenticated.
Authentication is via another WS, which accepts a X509 cert in the request and returns a Binary Security Token in the response.

This token needs to be embedded in all further requests, like this
<soap:Header>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-2b27a32b-ca9c-4405-b377-4444f63c8f29">
<wsu:Created>2007-02-20T16:36:54Z</wsu:Created>
<wsu:Expires>2007-02-20T16:41:54Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="ExperianWASP"
EncodingType="wsse:Base64Binary"
wsu:Id="SecurityToken-f64439f9-c12c-4d09-ac3d-fc478ad19775">
MjAtRTctQ0YtMTUtN0EtODEtNTk...
</wsse:BinarySecurityToken>

In .NET , this can be written as

AuthPlusWS.InteractiveWSWse service = new AuthPlusWS.InteractiveWSWse();
// Add the secure token to the secured service
service.RequestSoapContext.Security.MustUnderstand = false;
service.RequestSoapContext.Security.Tokens.Add(wt);

Is there a way to do this in apex ?

Cheers,
Ritesh
SuperfellSuperfell
No, there's no support for WS-Security.
ritswaney007ritswaney007
If there is no in-built support, is there a way to work around this?

How do I set soap headers on an outbound message to an external webservice.

The generated stub class (from the wsdl) has a map for http headers, but nothing for soap headers.

Cheers,
Ritesh
SuperfellSuperfell
There's no workaround available today. support for custom soap headers (that are not defined in the WSDL) is being discussed.
ritswaney007ritswaney007
Thanks for that  Simon.

Is it fair to conclude then, that if we explicitly define the WS-Security soap headers in the WSDL, WSDL2Apex would generate placeholders, and we would then be able to set these. A possible work-around?

Cheers,
Ritesh
dgrigsbydgrigsby

ritswaney007,

 

I know this is an old thread, but since I just went down this journey recently, I wanted to post a update.

 

There are lots of "clean up" items and limitiations going the WSDL2APEX path. It is currently NOT supported per SF support as called out in my post and by Simon.

 

My example covers ws-security both ways and where it falls down in WSDL2APEX classes and how it works in HTTP Requests via SOAP directly.

 

I have done a large post on the subject. Please review and comment on as appropriate.

 

 
or
 

 

1. WSDL - I would highly suggest using a WSDL/XML tool like Atlova XMLSpy (free trial) to examine the Types that are imported. It will allow you to trim down, and integrate the imported (manually - wish they had a merge - going to post that feature request at Atlova) xsd types, etc. I normally work with Visual Studio or Eclipse and they just couldn't get there. It will show you what is in the namespace and what is imported in the WDSL tab visually by color coding.

 

      a. WSDL Apex Class creation Limitations

          -Size of final Apex Class - 100K characters
        -Size of WSDL input - 1Meg
          - No Imports and no implied types from defined named spaces if they contain definitions (xsd which ws-security does).
           -No Attributes (xsd which ws-security does).
           -No annotations (xsd which ws-security does).

           -No multipe bindings (which most do 1 and 12)

 

2. Be prepared to spend some time (read as parse, fix error, rise and repeat) many times

3. Best SF reference I found was Link:

4. In the end, you may find to get it working that the HTTP request and manual soap xml codeup to be the quickest solution to get it running, Twitter and Facebook integrations work this way. It was really faster in the end for me.

5. The post covers both WSDL2APEX and Direct Soap calls via HTTP Request and examples so that you can choose the best option for your integration needs and the HTTP Request will allow ws-security to work properly.

 

Best Regards,

 

 

David W. Grigsby
Grigsby Consulting LLC
Intellectual Capital for Your Business
484 East Carmel Drive Suite 390
Carmel, IN 46032