2 Replies Latest reply on Mar 22, 2012 10:54 AM by SavedBy0

    Soap Header attributes appearing twice with different namespaces

    BKLEAL

      We are working on a Flex application that is communiating with a web service.  We are seeing a problem where the "mustUnderstand" and "actor" attributes of the SOAP header sometimes being duplicated and sometimes uses the wrong namespace.

       

      ********* Good Soap Message ***********

      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <SOAP-ENV:Header>
          <wsse:Security SOAP-ENV:mustUnderstand="1" SOAP-ENV:actor="UT" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
              <wsse:Username>SuperAdmin</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">loftware</wsse:Password>
            </wsse:UsernameToken>
          </wsse:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body>
          <ns1:getAuthenticatedUserPermissions xmlns:ns1="http://security.webservices.loftware.com/"/>
        </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>

       

      ************************************************

       

      ******************* Bad Soap Message *****************

      *** Notice SOAP-ENV:mustUnderstand and soap:mustUnderstand are in the header ****

      *** Same for actor                                                                                                 ****

       

      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <SOAP-ENV:Header>
          <wsse:Security SOAP-ENV:mustUnderstand="1" SOAP-ENV:actor="UT" soap:mustUnderstand="1" soap:actor="UT" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
              <wsse:Username>SuperAdmin</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">loftware</wsse:Password>
            </wsse:UsernameToken>
          </wsse:Security>
        </SOAP-ENV:Header>
        <SOAP-ENV:Body>
          <ns1:getUserCategories xmlns:ns1="http://security.webservices.loftware.com/">
            <includeUsers>false</includeUsers>
            <includeAces>false</includeAces>
          </ns1:getUserCategories>
        </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>

       

      ************************************************************

      In our Flex application, we create an instance of the web services as follows:

       

      <cairngorm:ServiceLocator
          xmlns:mx="http://www.adobe.com/2006/mxml"
          xmlns:cairngorm="http://www.adobe.com/2006/cairngorm">
             
          <mx:WebService id="SecurityService" wsdl="http://172.16.35.11:8080/cxfRunner/Security?wsdl" useProxy="false" />
      </cairngorm:ServiceLocator>

       

      In our action scripts, on the initial web service call, we get an instance of the web service, add a custom Soap Header,
      define the operation listeners and make the request call.  The following is a snippet of the code:

       

       

      this.service = ServiceLocator.getInstance().getWebService("SecurityService");

      this.service.addHeader(SOAPHeaderUtil.returnWSSEHeader(model.user,model.password,"UT"));
      this.service.getOperation("getAuthenticatedUserPermissions").addEventListener(ResultEvent. RESULT,processUserCategories);
      this.service.getOperation("getAuthenticatedUserPermissions").addEventListener(FaultEvent.F AULT,processUserCategoriesFault);
      this.service.getAuthenticatedUserPermissions();

       

      The returnWSSEHeader method of the SOAPHeaderUtil class referenced above does the following to create the header:

       

      var userName:String    = username;
      var password:String     = password;
      var WSSE_SECURITY:QName = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security" );
      var headerXML:XML       = <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                                              <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
                                            <wsse:Username>{userName}</wsse:Username>
                                            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">{password}</wsse:Password>
                                              </wsse:UsernameToken>
                                            </wsse:Security>
      var header:SOAPHeader   = new SOAPHeader( WSSE_SECURITY, headerXML );
      header.role=role;
      header.mustUnderstand=true;
      return header;

       

      On all subsequent web service calls, we use the following sequence of commands:

       

                  this.service = ServiceLocator.getInstance().getWebService("SecurityService");
                  this.service.getOperation("getUserCategories").addEventListener(ResultEvent.RESULT,proces sUserCategories);
                  this.service.getOperation("getUserCategories").addEventListener(FaultEvent.FAULT,processU serCategoriesFault);
                  this.service.getUserCategories(false,false);

       

      We have even tried adding the following commands after the getInstance() command

       

                  this.service.clearHeaders();
                  this.service.addHeader(SOAPHeaderUtil.returnWSSEHeader(username,password,role));

       

      However, the mustUnderstand and actor attributes will duplicate with what appears to be no reason, pattern or
      frequency of occurence.

       

      Any suggestions on how to resolve this would be appreciated.