+ Start a Discussion
GoForceGoGoForceGo 

WebService Callout: Sending Username/Password as part of SOAP Header.

 

I have a Web Service that is expecting it as a part of SOAP header. How do I send it?

 

 


<soapenv:Header>

<wsse:Security

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-

secext-1.0.xsd">

<wsse:UsernameToken>

<wsse:Username>username</wsse:Username>

<wsse:Password>password</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>
<soapenv:Body>
<actual callout method here>
</soapenv:Body>

 

 

The only documentation I see is for inputHttpHeaders_x which can send http header and can send username password as part of 'Authorization' Header.

 

 

 

 

 

Message Edited by GoForceGo on 07-14-2009 05:03 PM
Message Edited by GoForceGo on 07-14-2009 05:03 PM
Message Edited by GoForceGo on 07-14-2009 05:05 PM
Imran MohammedImran Mohammed

Hi,

 

I would like to know how did you pass username and password in the security header.

Were you able to get a solution for your question?

GoForceGoGoForceGo

I did. I don't fully remember.

 

The WSDL had a schema for Security Information (e.g called securityHeader)

 

The SOAP binding referred to this header with <soap:header> tag.

 

The Apex code has a class for SecurityHeader. You just new on it, and set the username/password.

 

 

          stub.Security = new OasisSecurity.SecurityHeaderType(); 
          stub.Security.UserNameToken = new OasisSecurity.UsernameToken();
          stub.Security.UserNameToken.UserName = mc.Application_UserName__c;
          stub.Security.UserNameToken.passWord = mc.Application_Password__c;

 

 

 

 

Imran MohammedImran Mohammed

Thanks for the response,

 

I checked my WSDL and do not have any schema for security information.

How OasisSecurityHeader class are generated.

 

Are they generated from  WSDL?

 

Can you add little more information on how i can get the above classes and also let me know with your suggestions?

GoForceGoGoForceGo

 

yes, they are generated from WSDL. The WSDL had schema that looked like.

 

 

    <!--schema for OASIS security hdr-->
    <xsd:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <xsd:element name="Security" type="s3:SecurityHeaderType"/>
      <xsd:complexType name="SecurityHeaderType">
        <xsd:sequence>
          <xsd:element minOccurs="1" maxOccurs="1" name="UsernameToken" type="s3:UsernameToken"/>
        </xsd:sequence>
      </xsd:complexType>
      <xsd:complexType name="UsernameToken">
        <xsd:sequence>
          <xsd:element minOccurs="0" maxOccurs="1" name="Username" type="xsd:string"/>
          <xsd:element minOccurs="0" maxOccurs="1" name="Password" type="xsd:string"/>
        </xsd:sequence>
      </xsd:complexType>
    </xsd:schema>
....

  <message name="PUTOasisSecurity">
    <part name="Security" element="s3:Security"/>
  </message>

....

      <input>
        <soap:header message="tns:PUTOasisSecurity" part="Security" use="literal"/>
        <soap:body use="literal"/>
      </input>

 

 

 

 

Imran MohammedImran Mohammed

Thanks for your answer. It really helped me move further.

I am stuck with an issue and would like some assistance.

 

My Webservice code is

    public static void setupSecurity(Object service) {

        org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy.getClient(service);

        org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();

        Map<String, Object> outProps= new HashMap<String, Object>();

        outProps.put(WSHandlerConstants.ACTION,

                WSHandlerConstants.USERNAME_TOKEN + ' ' + WSHandlerConstants.TIMESTAMP);

        outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);

        outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());

        outProps.put(WSHandlerConstants.USER, "Admin");

        PhaseInterceptor<SoapMessage> wssOut = new WSS4JOutInterceptor(outProps);

        cxfEndpoint.getOutInterceptors().add(wssOut);

        cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());

    }

 

As PasswordType also has to be sent as part of SOAP header i updated the WSDL.

Below is partial WSDL

 <xsd:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
     <xsd:element name="Security" type="s3:SecurityHeaderType"/>
       <xsd:complexType name="SecurityHeaderType">
        <xsd:sequence>
          <xsd:element minOccurs="1" maxOccurs="1" name="UsernameToken" type="s3:UsernameToken"/>
          <xsd:element minOccurs="1" maxOccurs="1" name="TimeStamp" type="s3:TimeStamp"/>
        </xsd:sequence>
      </xsd:complexType>
      <xsd:complexType name="UsernameToken">
        <xsd:sequence>
          <xsd:element minOccurs="0" maxOccurs="1" name="Username" type="xsd:string"/>
          <xsd:element  minOccurs="1" maxOccurs="1" name="Password">
           <xsd:complexType>
             <xsd:simpleContent>
                 <xsd:extension base="xsd:string">
                       <xsd:attribute name="Type" type="xsd:string"/>
                     </xsd:extension>
              </xsd:simpleContent>
          </xsd:complexType>
           </xsd:element>          
         </xsd:sequence>
      </xsd:complexType>
     
      <xsd:complexType name="TimeStamp">
        <xsd:sequence>
          <xsd:element minOccurs="0" maxOccurs="1" name="Created" type="xsd:dateTime"/>
          <xsd:element minOccurs="0" maxOccurs="1" name="Expires" type="xsd:dateTime"/>
        </xsd:sequence>
      </xsd:complexType>

    </xsd:schema>

 

I added attribute Type for the Password element in WSDL. The Webservice is using PasswordText as the type.

 

Below is the generated code of the security class

public class OasisSecurity {
    public class Password_element {
        public String Type_x;
        private String[] Type_x_att_info = new String[]{'Type'};
        private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
        private String[] field_order_type_info = new String[]{};
    }
    public class TimeStamp {
        public DateTime Created;
        public DateTime Expires;
        private String[] Created_type_info = new String[]{'Created','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
        private String[] Expires_type_info = new String[]{'Expires','http://www.w3.org/2001/XMLSchema','dateTime','0','1','false'};
        private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
        private String[] field_order_type_info = new String[]{'Created','Expires'};
    }
    public class UsernameToken {
        public String Username;
        public OasisSecurity.Password_element Password;
        private String[] Username_type_info = new String[]{'Username','http://www.w3.org/2001/XMLSchema','string','0','1','false'};
        private String[] Password_type_info = new String[]{'Password','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','Password_element','1','1','false'};
        private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
        private String[] field_order_type_info = new String[]{'Username','Password'};
    }
    public class SecurityHeaderType {
        public OasisSecurity.UsernameToken UsernameToken;
        public OasisSecurity.TimeStamp TimeStamp;
        private String[] UsernameToken_type_info = new String[]{'UsernameToken','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','UsernameToken','1','1','false'};
        private String[] TimeStamp_type_info = new String[]{'TimeStamp','http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','TimeStamp','1','1','false'};
        private String[] apex_schema_type_info = new String[]{'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd','true','false'};
        private String[] field_order_type_info = new String[]{'UsernameToken','TimeStamp'};
    }
}

 

The problem i am facing is, i am able to assign value to the Type_x of the Password_element class.

But i am unable to set the value to the Password .

 

This is how the header part of my request looks like

<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Header><Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ><UsernameToken><Username>Admin</Username><PasswordType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" /></UsernameToken><TimeStamp><Created>2010-07-28T17:42:25.966Z</Created><Expires>2010-11-25T17:42:25.966Z</Expires></TimeStamp></Security></env:Header>

 And it can be seen in header that i am just able to pass the attribute Type of Password tag and unable to set Value for Password.

 

I am getting the below error message after the webservice callout.

System.CalloutException: Web service callout failed: WebService returned a SOAP Fault: Fault occurred while processing. faultcode=ns1:client faultactor=

 

Any help on this will be highly appreciated.

Imran MohammedImran Mohammed

GoForceGo,

 

Any thoughts on the issue i am facing.

Let me know if anything is not clear in previous post.

 

LVSLVS

Hi Imran,

 

Am facing a similar problem. Can you share the whole WSDL? Maybe we can work something between ourselves...

 

Thanks,

LVS

pjmsfdcpjmsfdc

I realize this discussion took place a long time ago, but it seems relevant to my current situation.  I've tried to mimic what you suggested, but I'm getting the following error:

 

Error: Failed to parse wsdl: Failed to parse WSDL: No message found for:PUTOasisSecurity

 

when I try to Parse WSDL on the "New Apex Code from WSDL" screen.

 

The WSDL I've been provided didn't originally include references to the OASIS security extension, so I've used the snippets in this thread to try to modify it:

  1. added the xmlns for the OASIS WSSecurity schema
  2. added the <schema> with types: SecurityHeaderType, UsernameToken and TimeStamp
  3. added the <message> with name="PUTOasisSecurity" and <wsdl:part name="Security"
  4. added the <soap:header> with message="tns:PUTOasisSecurity"

Any ideas what I'm missing?

 

Thanks for any help,

pjmsfdc

LVSLVS

Hi pjmsfdc,

 

Here's the route I went. I took the original WSDL and let SFDC generate the class for me. To this, I added a few parameters like Security_hns etc (as explained earlier in this thread). Also, I had to modify a class called Security to take the username/password as parameters.

 

Some constants I'd used:

 

XML_SCHEMA_NS = 'http://www.w3.org/2001/XMLSchema';

SECURITY_HEADER_SCHEMA_NS = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';

 

It turns out that the WSSE security headers are a standard and not usually mentioned in the WSDL. Here's my modified class http://pastebin.com/X2dtncba

 

This was quite a while back, so I don't remember all the details, so excuse me :)

 

Thanks,

LVS

Mr_KhanMr_Khan

Hi LVS/pjmsfdc,

I am new in sfdc and i need to do integration using webservice callouts to BOSS DB through EAI but the problem is that the wsdl that i have i not consumed by Salesforce . Can you people suggest me any other way to proceed further in integration

SylverGSylverG

Hi, 

Have you been able to sort this out in the end?

Regards,

Guy

Chinni123Chinni123

I need to pass the below XML for my API ...WSDL is not having Login Method ....They want me to pass thru HTTP post ..How do i do that .......Any solutions will be appreciated  .Need it bit Urgent............

LVSLVS

Mr_Khan,

 

What do you mean the WSDL is not consumed by SFDC?

 

Chinni123,

Can you add more detail? You could use the XmlDom class (comes with DE) to parse your object into XML before sending it over HTTP...

 

 

ChethanChethan

Hello Imran,

 

Did you get any solution for this problem?... Even I am facing it...

sarangganisaranggani
Hi,

I having an issue passing a URL value into the header.

I have added this code:

CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort cfsPort = new CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort();
        
        Blob headerValue = Blob.valueOf('LOGIN' + ':' + 'LOGINPWD');
        String authorizationHeader = 'Basic ' +EncodingUtil.base64Encode(headerValue);
            String sURL = 'https:/testURL';
            System.debug('***authorizationHeader***'+authorizationHeader);
            cfsPort.inputHttpHeaders_x = new Map<String,String>();
            cfsPort.inputHttpHeaders_x.put('URL',sURL);        
            cfsPort.inputHttpHeaders_x.put('Authorization',authorizationHeader);


When i tried to invoked the webservice, able to connect to the operation that i need to call but getting the error of the URL not being part of the request that i sent

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header/>
</env:Header><env:Body>....</env:Body>

the web service is expecting a request in this format

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<URL>https:/testURL</URL>
</env:Header><env:Body>

Can you please share idea on how i could attain the said format.


            

 
sarangganisaranggani
Hi,

I having an issue passing a URL value into the header.

I have added this code:

CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort cfsPort = new CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort();
        
        Blob headerValue = Blob.valueOf('LOGIN' + ':' + 'LOGINPWD');
        String authorizationHeader = 'Basic ' +EncodingUtil.base64Encode(headerValue);
            String sURL = 'https:/testURL';
            System.debug('***authorizationHeader***'+authorizationHeader);
            cfsPort.inputHttpHeaders_x = new Map<String,String>();
            cfsPort.inputHttpHeaders_x.put('URL',sURL);        
            cfsPort.inputHttpHeaders_x.put('Authorization',authorizationHeader);


When i tried to invoked the webservice, able to connect to the operation that i need to call but getting the error of the URL not being part of the request that i sent

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header/>
</env:Header><env:Body>....</env:Body>

the web service is expecting a request in this format

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<URL>https:/testURL</URL>
</env:Header><env:Body>

Can you please share idea on how i could attain the said format.
sarangganisaranggani
Hi,

I having an issue passing a URL value into the header.

I have added this code:

CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort cfsPort = new CustomerFieldscheduling.CFSPartnerSlotsServiceImplPort();
        
        Blob headerValue = Blob.valueOf('LOGIN' + ':' + 'LOGINPWD');
        String authorizationHeader = 'Basic ' +EncodingUtil.base64Encode(headerValue);
            String sURL = 'https:/testURL';
            System.debug('***authorizationHeader***'+authorizationHeader);
            cfsPort.inputHttpHeaders_x = new Map<String,String>();
            cfsPort.inputHttpHeaders_x.put('URL',sURL);        
            cfsPort.inputHttpHeaders_x.put('Authorization',authorizationHeader);


When i tried to invoked the webservice, able to connect to the operation that i need to call but getting the error of the URL not being part of the request that i sent

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header/>
</env:Header><env:Body>....</env:Body>

the web service is expecting a request in this format

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<URL>https:/testURL</URL>
</env:Header><env:Body>

Can you please share idea on how i could attain the said format.