Error in WSO2 ESB when calling service without Header element

Question

I believe I found bug in WSO2 ESB.

I defined proxy service for our customer. With security turned off I always get expected result, but when I enable security (scenario 1 - UsernameToken), then I get error "SOAP Envelope can not have children other than SOAP Header and Body".

I'm able to reproduce this bug with 'echo' service.

Here is request:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:echo="http://echo.services.core.carbon.wso2.org">
  <soap:Body>
    <echo:echoString>    
       <in>ABC</in>
    </echo:echoString>
  </soap:Body>
</soap:Envelope>

Turning security off or adding <soap:Header /> element before <soap:Body> element provides expected response again.

I'm using WSO2 ESB version 4.8.1, SoapUI 5.0.0 as client.

Answer 1

The SOAP headers contain application specific information related to the SOAP message. They typically contain routing information, authentication information, transaction semantics etc.

If you removed <soapenv:Header/> SoapUI will not send your user name and password to rampart.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">
   <soapenv:Header/>
   <soapenv:Body>
      <echo:echoString>
         <!--Optional:-->
         <in>ABC</in>
      </echo:echoString>
   </soapenv:Body>
</soapenv:Envelope>

So your error was return by org.apache.axiom.soap.SOAPProcessingException due to AxisEngine System error.

When your sending request to secured one header is must..