Add SOAP-headers in Flex
I have read many posts, blogs and pieces of documentation on the illusive subject “soap headers in flex”. I have seen many frustrated developers asking for more information on how to add, for example, complex-type SOAP-header information. I also found that I needed to be able to put complex-type headers into my SOAP requests. This for the simple reason that I use wsse security in my webservices.
I have found a relative solution that solves my problems. The solution is so relatively simple I could not believe it.
What did I need to put into the headers is the following xml:
<soapenv:Header>
<wsse:Security xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” soapenv:mustUnderstand=”1″>
<wsu:Timestamp xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd” wsu:Id=”Timestamp-1375978″>
<wsu:Created>2007-07-12T11:05:29.483Z</wsu:Created>
<wsu:Expires>2007-07-12T11:10:29.483Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd” wsu:Id=”UsernameToken-11517769″>
<wsse:Username>ticket</wsse:Username>
<wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>TICKET_f1e7cdce-3066-11dc-9782-6160ed7fcc06</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
This is a basic ws-security implementation for Alfresco. using the must discussed methods, I was not able to get this into my SOAP header just like the code above.
What do you need to do is the folowing:
1. define a soap-header element that is the root of your header elements. Like this:
var wsseSecurity:QName=new QName(“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”, “Security”);
header=new SOAPHeader(wsseSecurity, {});
This header element will function as your container for all child header elements.
2. put the rest of your header info in the content property of the header variable. like this:
header.content= “<wsu:Timestamp xmlns:wsu=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\” wsu:Id=\”Timestamp-1375978\”>”+
” <wsu:Created>2007-07-12T10:00:29.483Z</wsu:Created>”+
” <wsu:Expires>2007-07-12T10:59:29.483Z</wsu:Expires>”+
“</wsu:Timestamp>”+
“<wsse:UsernameToken xmlns:wsu=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\” wsu:Id=\”UsernameToken-11517769\”>”+
” <wsse:Username>ticket</wsse:Username>”+
” <wsse:Password Type=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\”>”+ticketString+”</wsse:Password>”+
“</wsse:UsernameToken>”;
3. and finally attach the header info to your webservice. Like this:
alfServ.addHeader(header);
And presto. Full header xml will be generated according to my wishes. No need to mess around with the addSimpleHeader method, or more complex forms of the SOAPHeader class.
Regards.
wowww.nl
ps. Full example of the function I use to add the above security header into my soap calls.
public function headers(ticketString:String):void {
// Create QName and SOAPHeader objects.
var wsseSecurity:QName=new QName(“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”, “Security”);
header=new SOAPHeader(wsseSecurity, {});
header.content= “<wsu:Timestamp xmlns:wsu=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\” wsu:Id=\”Timestamp-1375978\”>”+
” <wsu:Created>2007-07-12T10:00:29.483Z</wsu:Created>”+
” <wsu:Expires>2007-07-12T10:59:29.483Z</wsu:Expires>”+
“</wsu:Timestamp>”+
“<wsse:UsernameToken xmlns:wsu=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\” wsu:Id=\”UsernameToken-11517769\”>”+
” <wsse:Username>ticket</wsse:Username>”+
” <wsse:Password Type=\”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\”>”+ticketString+”</wsse:Password>”+
“</wsse:UsernameToken>”;
alfServ.addHeader(header);
}
Gepost in categorie: TechTalk
Tweet
This will not work. The will be encoded and replaced by entities in the header block
4 augustus 2007 om 15:28It has worked for me sofar. I am seeing in Firefox (with debugging on) the right xml passing from server to client.
regards,
Marc
13 augustus 2007 om 02:06Hi Marc,
I don’t succeed to use this code to call WS-SECURITY Services.
I have the same error you reported in the adobe bug tracker (https://bugs.adobe.com/jira/browse/SDK-11786).
Could you tell me if you finally succeeded to make it work or if adobe guys are really on it?
regards
Nicolas
14 augustus 2007 om 03:14Nicolas,
I do not have had any response to my bug reports as of yet.
Furthermore I have not been able to get that specific application to work, but i am not certain it has anything to do with the above sample. My own thought was that I am making some mistake in the xml I am sending towards Alfresco and not in the security header. The header seems to be alright (according to the servicecapture program I am using to observe my soap/xml calls).
There are some suggestions as to fix the problem, but they have not worked for me. My best quess is that it is a kind of bug in the webservice code of flex and not the code you and i make.
regards,
Marc
14 augustus 2007 om 03:44Hi, I have the same problem that you have described. Can’t create the complex headers through the api-methods. When using this aproach I the xml gets encoded to entities as you said Nicolas.
And I’m also using against Alfresco, which doesn’t like the request since it’s encoded with entities.
Have any of you solved the problems?
Marc, does you code still work if you do it like above?
Bes wishes, Erik
29 augustus 2007 om 12:27Hi all,
I have been to the Adobe Max and have a few new idears to takcle this problem.
I hope I will find the time to put them to the test.
Kind regards,
3 november 2007 om 06:35Hi, I have tried this, but its adding additional Security tag.
<SOAP-ENV:Header>
<ns0:Security xmlns:ns0=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
<Security xmlns=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
12 januari 2008 om 10:13Gireesh,
In order to answer in regards to your problem, I need more information. But it looks to me as if you have am undefined namespace which the tooling tries to fix by adding a namespace for it.
15 maart 2008 om 05:57Marc,
I’m having the same problem trying to add a wsse security token into a soap webservice. I’m just wondering if you or anyone here has succeeded yet?
Regards,
10 juli 2008 om 19:51Lars
the code below works too utilizing dom code.
public function wsseSecurityHeader(uname:String, pwd:String) : Object {
var wsseSecurity:QName = new QName(“http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”, “Security” );
var header:SOAPHeader = new SOAPHeader(wsseSecurity, {});
var xml : XMLDocument = new XMLDocument();
var usernameToken:XMLNode = xml.createElement(“UsernameToken”);
var username:XMLNode = xml.createElement(“Username”);
username.appendChild(xml.createTextNode(uname));
var password:XMLNode = xml.createElement(“Password”);
password.appendChild(xml.createTextNode(pwd));
usernameToken.appendChild(username);
usernameToken.appendChild(password);
header.content = usernameToken;
return header;
}
public function doSearch() : void {
17 september 2008 om 23:59searchService.addHeader(wsseSecurityHeader(“ehmsdev”,”ehmspass”));
prBar.visible = true;
searchService.FindOpenAlerts.cancel();
searchService.FindOpenAlerts.send();
}
Hi,
I also have a small problem, I noticed that for some wsdl services when you set security header you also need to add: SOAP-ENV:mustUnderstand=”1″, but in order to work also you need to alter xml definition and to put also SOAP encoding types: SOAP-ENV:encodingStyle=”http://schemas.xmlsoap.org/soap/encoding/”.
And you can’t alter WebService class from SDK 4 in order to do so.
Any work around?
18 november 2009 om 04:10