[Xml-compile] WS-Security to Axis2 server
gstewart
gstewart at gmail.com
Thu Aug 30 22:02:24 GMT 2012
Dave / Mark,
Yes! This has been a huge help. Thanks.
The good news is that with the following script I got a response from the
server, that wasn't as cryptic as previous errors:
#! /usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use Log::Report mode =3D> 'DEBUG';
my $browser =3D LWP::UserAgent->new();
my $wsdl_data =3D $browser->get("https://domain/services/fwif?wsdl");
my $schema_data =3D $browser->get("https://domain/services/ninjaprobe.xsd");
use XML::Compile::Transport::SOAPHTTP;
use XML::Compile::SOAP::WSS;
use XML::Compile::WSDL11;
use XML::Compile::SOAP11;
my $username =3D q/username/;
my $password =3D q/password/;
my $wss =3D XML::Compile::SOAP::WSS->new(version =3D> '1.1');
my $wsdl =3D XML::Compile::WSDL11->new($wsdl_data->content);
$wsdl->importDefinitions($schema_data->content);
my $op_call =3D $wsdl->compileClient('VersionQuery');
my $security =3D $wss->wsseBasicAuth($username, $password);
my %payload =3D ();
my ($answer, $trace) =3D $op_call->(wsse_Security =3D> $security, %payload);
Here's the submitted xml:
<?xml version=3D"1.0" encoding=3D"utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=3D"http://schemas.xmlsoap.org/soap/envelo=
pe/
">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1=
.0.xsd
">
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<ens:VersionQuery xmlns:ens=3D"http://endace.com/ninjaprobe/" xmlns:xsi=3D"
http://www.w3.org/2001/XMLSchema-instance"/>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
..and the server response:
<?xml version=3D"1.0" encoding=3D"utf-8"?>
<soapenv:Envelope xmlns:soapenv=3D"http://schemas.xmlsoap.org/soap/envelope=
/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>wsse:FailedCheck</faultcode>
<faultstring>Error in the Internal configuration.</faultstring>
<detail>
<wsse:ProblemSecurityHeader xmlns:wsse=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1=
.0.xsd
">rampc:Policy</wsse:ProblemSecurityHeader>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
...so, knowing that the problem really was with the submitted security
headers, I went and loaded the wsdl into soapui (http://www.soapui.org/).
Something (in hindsight) I should've done a long time ago. I feel bad for
not providing this info right up front. Crafting a valid request to the
server yielded:
<soapenv:Envelope xmlns:nin=3D"http://endace.com/ninjaprobe/" xmlns:soapenv=
=3D"
http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand=3D"1" xmlns:wsse=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1=
.0.xsd"
xmlns:wsu=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-=
1.0.xsd
">
<wsse:UsernameToken wsu:Id=3D"UsernameToken-1">
<wsse:Username>username</wsse:Username>
<wsse:Password Type=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-prof=
ile-1.0#PasswordText
">password</wsse:Password>
<wsse:Nonce EncodingType=3D"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-securi=
ty-1.0#Base64Binary
">ramdom_base64encoded_string</wsse:Nonce>
<wsu:Created>2012-08-30T21:42:04.143Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<nin:VersionQuery/>
</soapenv:Body>
</soapenv:Envelope>
... and woot! What do you know, a valid response:
<soapenv:Envelope xmlns:soapenv=3D"http://schemas.xmlsoap.org/soap/envelope=
/">
<soapenv:Header xmlns:wsa=3D"http://www.w3.org/2005/08/addressing">
<wsa:Action>http://endace.com/ninjaprobe/VersionQuery</wsa:Action>
<wsa:From>
<wsa:Address>https://domain/services/fwif/</wsa:Address>
</wsa:From>
<wsa:MessageID>urn:uuid:91c4c7f2-f2eb-1e11-3ae0-002590000000</wsa:MessageID>
<wsa:RelatesTo wsa:RelationshipType=3D"
http://www.w3.org/2005/08/addressing/reply
">uuid:bef12c00-3781-469b-ac92-cd5970000000</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<n:VersionQueryResponse xmlns:n=3D"http://endace.com/ninjaprobe/">
<n:Version>
<n:Major>1</n:Major>
<n:Minor>2</n:Minor>
</n:Version>
</n:VersionQueryResponse>
</soapenv:Body>
</soapenv:Envelope>
Now on to craft the correct XML (fill in the blanks) using XML-Compile
:-).....
Feels so close, I can almost taste the victory! Many thanks again,
Graeme
On Thu, Aug 30, 2012 at 12:15 AM, Mark Overmeer <mark at overmeer.net> wrote:
> * David McMath (mcdave at stanford.edu) [120830 05:25]:
> > Not that I completely understand your situation, but it seems like
> > the wsp:Policy element is just saying that you're going to need
> > UsernameToken with the requests.
>
> True.
>
> > $wsdl->importDefinitions(
> > '/Library/Perl/5.10.0/XML/Compile/WSS/wss11/200401-wss-secext.xsd' )
> > ;
> > $wsdl->importDefinitions(
> > '/Library/Perl/5.10.0/XML/Compile/WSS/wss11/200401-wss-utility.xsd'
> > ) ;
>
> Instantiate the XML::Compile::WSS object, then this is not needed.
>
> > >my $UsernameToken_writer =3D
> > > $wsdl->schemas->compile(WRITER =3D> $UsernameToken_element);
> > Where it threw the error
> >
> > panic: schemas() removed in v2.00, not needed anymore
> > at /Library/Perl/5.10.0/XML/Compile/WSDL11.pm line 65
> > which says "old example" to me. But change that to
>
> Where did you find this example? 2.00 was released four years ago.
> First XML::Compile::Schema was a helper object for the WSDL. Later,
> WSDL11 simply extended ::Schema.
>
> > >my ($result, $trace) =3D $call->(
> > > header =3D> { $UsernameToken_element =3D> $UsernameToken_value },
> > > # rest of arguments
> > >);
>
>
> Like this:
> my $op_call =3D $wsdl->compileClient($operation);
> my $security =3D $wss->wsseBasicAuth($username, $password);
> my %payload =3D ();
>
> my ($answer, $trace) =3D $op_call->
> ( wsse_Security =3D> $security
> , %payload
> );
>
> > and I can't really disagree. That's just a warning. There's
> > something somewhere about calling "addHeader" on something to make
> > that piece work (XML::Compile::SOAP::WSS does that), but I don't
> > really know how that works.
>
> ::SOAP::WSS uses ::SOAP::Operation::addHeader() to fix the information
> from the WSDL. In WSDL11, you can describe which headers are expected
> in the INPUT and the OUTPUT messages. However, the WSS group decided
> not to bother with that feature. So, after the WSDL is parsed into
> operations, those operations need to get fixed.
>
> The repairs are done via a few hooks. Those hooks are installed via
> a pluggable interface of the WSDL reader (WSS is not the only extension
> which does not follow the WSDL guidelines) They get installed when the
> ::WSS object is created. That is the reason why the doc says:
>
> # you really need next line
> my $wss =3D XML::Compile::SOAP::WSS->new(version =3D> '1.1');
>
> my $wsdl =3D XML::Compile::WSDL11->new(...);
> my $call =3D $wsdl->compileClient('some_operation');
>
> For the next release, I have changed the last line in:
>
> my $token =3D $wss->wsseBasicAuth($user, $password);
> my ($data, $trace) =3D $call->(wsse_Security =3D> $token, %data);
>
> Hope this helps.
> --
> Regards,
>
> MarkOv
>
> ------------------------------------------------------------------------
> Mark Overmeer MSc MARKOV Solutions
> Mark at Overmeer.net solutions at overmeer.net
> http://Mark.Overmeer.net http://solutions.overmeer.net
>
>
> _______________________________________________
> Xml-compile mailing list
> Xml-compile at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/xml-compile
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/xml-compile/attachments/20120830/80=
aad88a/attachment.htm
More information about the Xml-compile
mailing list