Software AG Tech Community & Forums

WS Security

nrao (nrao *) November 15, 2010, 9:21pm 1

HI All,

In Web methods when i add WS Security Handler webMethods generationg Heade as follows

<SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]">
<[/color][/COLOR][/COLOR][/SIZE][/FONT]wsse:Security xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] SOAP-ENV:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] wsu:Id="UsernameToken-288166189">
<wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]">[/color][/COLOR][/COLOR][/SIZE][/FONT]XXESB</wsse:Username>
<wsse:Password xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]">[/color][/COLOR][/COLOR][/SIZE][/FONT]oracle123</wsse:Password>
</wsse:UsernameToken>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]"[/color][/COLOR][/COLOR][/SIZE][/FONT] wsu:Id="Timestamp-194841501">
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]">[/color][/COLOR][/COLOR][/SIZE][/FONT]2010-11-12T19:02:15.386Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd[/size][/font][/SIZE][/FONT][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff][FONT=Arial][SIZE=2][COLOR=#0000ff]">[/color][/COLOR][/COLOR][/SIZE][/FONT]2010-11-12T19:07:15.386Z</wsu:Expires></wsu:Timestamp></wsse:Security></SOAP-ENV:Header>

but the provider expecting wsu:Timestamp first than the wsse:UsernameToken . the SOAP UI first generationg wsu:Timestamp first and i am getting the result.does any one have same problem or is there any posibility to change the orde of Timestamp and UsernameToken in wsse:Security.

Thanks
Rao

Akshith_Arremreddy (Akshith Arremreddy) November 16, 2010, 7:57pm 2

What version of the IS is this on? In 8.0, I believe the IS core 10 fix is resolving this issue. Please check the readme of the fix.

Cheers,
Akshith

nrao (nrao *) November 16, 2010, 8:01pm 3

HI Akshith,

i am using WM 7.1.3.please let me know any fix required.

Thanks
Rao

Akshith_Arremreddy (Akshith Arremreddy) November 17, 2010, 7:48pm 4

I am not sure if there is a fix for this in 7.1.3. Please check the latest core fix for 7.1.3 or with SAG Support.

EduardoSaltelli (EduardoSaltelli *) November 17, 2010, 8:04pm 5

As long as you aren’t signing the request you can re-order the security tokens however you like.

It’s been too long for me to remember the easiest way to reorder elements via Flow though.