Apex Code Development You need to sign in to do that
Don't have an account?
Imran Mohammed Ws Security : sending username, password, passwordtype, timestamp as part of soap header
Hi,
My webservice expects the security header to have username, password, password type and timestamp.
I am stuck with an issue and would like some assistance.
My Webservice code is
public static void setupSecurity(Object service) {
org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(service);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String, Object> outProps= new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN + ' ' + WSHandlerConstants.TIMESTAMP);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());
outProps.put(WSHandlerConstants.USER, "Admin");
PhaseInterceptor<SoapMessage> wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
}
As PasswordType also has to be sent as part of SOAP header i updated the WSDL.
Below is partial WSDL
<xsd:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
<xsd:element name="Security" type="s3:SecurityHeaderType"/>
<xsd:complexType name="SecurityHeaderType">
<xsd:sequence>
<xsd:element minOccurs="1" maxOccurs="1" name="UsernameToken" type="s3:UsernameToken"/>
<xsd:element minOccurs="1" maxOccurs="1" name="TimeStamp" type="s3:TimeStamp"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="UsernameToken">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="1" name="Username" type="xsd:string"/>
<xsd:element minOccurs="1" maxOccurs="1" name="Password">
<xsd:complexType>
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute name="Type" type="xsd:string"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="TimeStamp">
<xsd:sequence>
<xsd:element minOccurs="0" maxOccurs="1" name="Created" type="xsd:dateTime"/>
<xsd:element minOccurs="0" maxOccurs="1" name="Expires" type="xsd:dateTime"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
I added attribute Type for the Password element in WSDL. The Webservice is using PasswordText as the type.
Below is the generated code of the security class
public class OasisSecurity {
public class Password_element {
public String Type_x;
private String[] Type_x_att_info = new String[]{'Type'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{};
}
public class TimeStamp {
public DateTime Created;
public DateTime Expires;
private String[] Created_type_info = new String[]{'Created','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
private String[] Expires_type_info = new String[]{'Expires','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'Created','Expires'};
}
public class UsernameToken {
public String Username;
public OasisSecurity.Password_element Password;
private String[] Username_type_info = new String[]{'Username','http://www.w3.org/2001/XMLSchema','string','0','1','false'};
private String[] Password_type_info = new String[]{'Password','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','Password_element','1','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'Username','Password'};
}
public class SecurityHeaderType {
public OasisSecurity.UsernameToken UsernameToken;
public OasisSecurity.TimeStamp TimeStamp;
private String[] UsernameToken_type_info = new String[]{'UsernameToken','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','UsernameToken','1','1','false'};
private String[] TimeStamp_type_info = new String[]{'TimeStamp','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','TimeStamp','1','1','false'};
private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
private String[] field_order_type_info = new String[]{'UsernameToken','TimeStamp'};
}
}
The problem i am facing is, i am able to assign value to the Type_x of the Password_element class.
But i am unable to set the value to the Password .
This is how the header part of my request looks like
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><UsernameToken><Username>Administrator</Username><Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" /></UsernameToken><TimeStamp><Created>2010-07-28T17:42:25.966Z</Created><Expires>2010-11-25T17:42:25.966Z</Expires></TimeStamp></Security></env:Header>
And it can be seen in header that i am just able to pass the attribute Type of Password tag and unable to set Value for Password.
I am getting the below error message after the webservice callout.
System.CalloutException: Web service callout failed: WebService returned a SOAP Fault: Fault occurred while processing. faultcode=ns1:client faultactor=
Any help on this will be highly appreciated.
Experiencing a similar issue. Hope the SF experts reply.
Sanjeev
Did you ever figure this out?
Hi, have someone figured it out. Please post the solution i am facing the same issue.
I was never able to set the passwordtype parameter, but I was able to generate the following SOAP Header which worked for my implementation:
<env:Header> <Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <UsernameToken> <Username>aaaaaa</Username> <Password>xxxxxx</Password> <Nonce>MzI3MTUzODg0MjQy</Nonce> <wsu:Created>2013-04-23T16:09:00.701Z</wsu:Created> </UsernameToken> </Security> </env:Header>Security Class:
public class OasisOpenOrgWssSecuritySecext { // UserToken Class public class UsernameToken { // Constructor for UsernameToken used to pass in username and password parameters public UsernameToken(String username, String password) { this.Username = username; this.Password = password; this.Nonce = generateNounce(); this.Created = generateTimestamp(); } public String Username; public String Password; public String Nonce; public String Created; private String[] Username_type_info = new String[]{'Username','http://www.w3.org/2001/XMLSchema','string','0','1','false'}; private String[] Password_type_info = new String[]{'Password','http://www.w3.org/2001/XMLSchema','string','0','1','false'}; private String[] Nonce_type_info = new String[]{'Nonce','http://www.w3.org/2001/XMLSchema','string','0','1','false'}; private String[] Created_type_info = new String[]{'wsu:Created','http://www.w3.org/2001/XMLSchema','string','0','1','false'}; private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'}; private String[] field_order_type_info = new String[]{'Username','Password','Nonce','Created'}; // Generate Nounce, random number base64 encoded public String generateNounce() { Long randomLong = Crypto.getRandomLong(); return EncodingUtil.base64Encode(Blob.valueOf(String.valueOf(randomLong))); } // Generate timestamp in GMT public String generateTimestamp() { return Datetime.now().formatGmt('yyyy-MM-dd\'T\'hh:mm:ss\'Z\''); } } // SecurityHeaderType Class public class SecurityHeaderType { // Constructor for SecurityHeaderType used to pass in username and password parameters and instantiate the UsernameToken object public SecurityHeaderType(String username, String password) { this.UsernameToken = new OasisOpenOrgWssSecuritySecext.UsernameToken(username, password); } public String wsuNamespace = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'; public OasisOpenOrgWssSecuritySecext.UsernameToken UsernameToken; private String[] UsernameToken_type_info = new String[]{'UsernameToken','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','UsernameToken','1','1','false'}; private String[] wsuNamespace_att_info = new String[]{'xmlns:wsu'}; private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'}; private String[] field_order_type_info = new String[]{'UsernameToken'}; } }Add the lines of code between the comments to your class generated by apex2wsdl:
public class XyzWebService { public String endpoint_x = 'https://webservice/' // ADDITION TO WSDL public OasisOpenOrgWssSecuritySecext.SecurityHeaderType Security = new OasisOpenOrgWssSecuritySecext.SecurityHeaderType( 'aaaaaa', 'xxxxxx'); private String Security_hns = 'Security=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';** // END ADDITION TO WSDL public Map<String,String> inputHttpHeaders_x; public Map<String,String> outputHttpHeaders_x; public String clientCertName_x; public String clientCert_x; public String clientCertPasswd_x; public Integer timeout_x;