REQUEST DOCUMENT, question about USER and PASSWORD

Gil_Wildin · September 12, 2012, 6:23pm

Hello, I have finally gotten a REQUEST DOCUMENT statement that retrieves some Employee Info from a PeopleSoft webservice to work. However, it is just a test URL that I am hitting, and it doesn’t require a password or userid. I’m anticipating that in the future, we will need to password protect the access to the webservice. I read on the web that one can put the login and password into the SOAP header, but I also see that the REQUEST DOCUMENT statement has USER and PASSWORD options. Does anyone have any experience using either method? We are using HTTPS for the webservice. Thank you!

Here is the SOAP request:

COMPRESS                                                            
  '<?xml version="1.0" encoding="utf-8" ?>' -                       
  '<soapenv:Envelope ' -                                            
  'xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" ' -    
  'xmlns:get="http://xmlns.oracle.com/Enterprise/Tools/schemas/' -  
  'GetEmpBioInfoResp.V1">'                                          
  '<soapenv:Header/>' -                                             
  '<soapenv:Body>' -                                                
  '<GetEmpBioInfoReq ' -                                            
  'xmlns="http://xmlns.oracle.com/Enterprise/Tools/schemas/' -      
  'GetEmpBioInfoReq.V1">' -                                         
  '<GetEmpBioInfo>' -                                               
  '<UTZ_EMP_SRCH_VW class="R"' -                                    
  ' xmlns="http://xmlns.oracle.com/Enterprise/Tools/schemas/' -     
  'GetEmpBioInfo.V1">' -                                            
  '<SSN>123456789</SSN>' -                                          
  '      <EMPLID>TESTEMPLID</EMPLID>' -                             
  '    </UTZ_EMP_SRCH_VW>' -                                        
  '  </GetEmpBioInfo>' -                                            
  '</GetEmpBioInfoReq>' -                                           
  '</soapenv:Body>' -       
  '</soapenv:Envelope>'     
  INTO #DOCUMENT LEAVING NO 
**

Here is the REQUEST DOCUMENT statement:

REQUEST DOCUMENT FROM #FROM                                  
  WITH                                                       
*  USER 'wildingl' PASSWORD 'hello'                          
    HEADER 'Content-Type'  'text/xml;charset=iso-8859-1'     
*          'Content-Length' #L                               
    'SOAPAction' 'UTZ_EMP_BIO_INFO.v1'                       
    'Request-method' 'POST'                                  
    DATA ALL    #DOCUMENT                                    
      ENCODED CODEPAGE 'iso-8859-1'                          
*     ENCODED CODEPAGE 'UTF-8'                               
  RETURN                                                     
    HEADER ALL             #HEADER                           
      NAME 'Content-Type'    #DOC-CHARSET                    
    PAGE #PAGE ENCODED                                       
RESPONSE #RC                                                 
  GIVING #RTERR

Douglas_Kelly · September 12, 2012, 6:37pm

which method you use will depend on what the web service you are calling expects. If it uses Basic Authentication, then the REQUEST DOCUMENT USER and PASSWORD elements will be needed. If it uses SOAP document elements, then you need to update the document to include the required elements (check if the WSDL tells you what you need to supply, otherwise contact the web service administrator).

Gil_Wildin · September 12, 2012, 7:44pm

Thank you, Douglas. I don’t think the web service admins have decided yet, but your info is very helpful. I didn’t see it in the WSDL, so I’ll check with the admins.

Gil_Wildin · September 12, 2012, 7:57pm

Actually, on second glance, I see this in the WSDL, apparently something related to passwords and security, but with my limited knowledge, I don’t quite know what it means. I think I’ll have to ask the webservice people.

<wsp:Policy wsu:Id=“UsernameTokenSecurityPolicyPasswordOptional” xmlns:wsu=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
wsp:ExactlyOne
wsp:All
<wsse:SecurityToken wsp:Usage=“wsp:Required” xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
wsse:TokenTypewsse:UserNameToken</wsse:TokenType>

</wsse:SecurityToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

Brian_Johnson1 · September 13, 2012, 5:37pm

Sounds like you will be just adding the UsernameToken info in your SOAP header then, like we do with the services we call using EntireX:

<?xml version="1.0" encoding="UTF-8" ?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV=“http://schemas.xmlsoap.org/soap/envelope/” xmlns:ns1=“http://xmlns.oracle.com/CreateSalesOrdersRequest” xmlns:xsd=“XML Schema”>
SOAP-ENV:Header

<wsse:Security xmlns:wsse=“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
wsse:UsernameToken
wsse:UsernameUsername123</wsse:Username>
wsse:PasswordPassword123</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>

Gil_Wildin · September 13, 2012, 5:45pm

Thanks so much for the example, Brian. It really helps. I’ve been doing some reading on the web recently, so this stuff is starting to make sense to me!