CODEWITHSUNDEEP
rubysoapsavon
Noah Clark
Noah Clark

Reputation: 8131

mustUnderstand="1" in Savon Security Header

Here is what the service is supposed to look like (from Soap UI):

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-044848C648B0DCCFBC14248931953381">
        <wsse:Username>26613</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">h3hzoxJgSNIrNsJTc8gGwdNGhe0=</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">JvR9+Aefno3PVz++ik/47w==</wsse:Nonce>
        <wsu:Created>2015-02-25T19:39:55.336Z</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>

and here is what savon produces:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
    <wsse:Username>26613</wsse:Username>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NmU4NWNiYWIxM2M0ZmYyN2IxZjJiNGQ0MGZmZDJkNjJiODJmNmM5OQ==</wsse:Nonce>
    <wsu:Created>2015-02-25T16:55:40Z</wsu:Created>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">lr8M7oMCjEsh7Maj07AyW4CoTlE=</wsse:Password>
  </wsse:UsernameToken>
</wsse:Security>

One thing I noticed that is different is the mustUnderstand line. I've tried to add like so:

 client = Savon.client(
     wsdl: 'gofish?wsdl',
     pretty_print_xml: true,
     log: true,
     log_level: :debug,
     env_namespace: :soapenv,
     soap_header: {'wsse:Security' => 'mustUnderstand="1"'}
)

But this generates the following:

<wsse:Security>mustUnderstand="1"</wsse:Security>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

Which is not exactly what I want. Any thoughts on how to get inside the wsse:Security element like the SoapUI has it?

EDIT:

Based upon Steffen's suggestion, I get the following results:

<soapenv:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cmn="http://www.sircon.com/WebServices/services/OnboardingServices.wsdl" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" soapenv:mustUnderstand="1">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
        <wsse:Username>26613</wsse:Username>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NTcyN2QyNjliYmMxZjg2Yjc2YjA0MTY0NjE5MjdjZjQ4ZGY0YzlhYQ==
</wsse:Nonce>
        <wsu:Created>2015-02-25T21:28:53Z</wsu:Created>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">h8Qfcn6gA4swa/l+LmJR+RdCSto=</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <cmn:RecruiterOnboardingRequest>
      <some>key</some>
      <and>another one</and>
    </cmn:RecruiterOnboardingRequest>
  </soapenv:Body>
</soapenv:Envelope>

EDIT 2:

Opened a ticket around this issue here: https://github.com/savonrb/savon/issues/667. Feel free to check it out to learn more.

Upvotes: 1

Views: 3175

Answers (1)

Steffen Roller
Steffen Roller

Reputation: 3494

I think you would need to define namespaces in your client, eg.

client = Savon.client(
    wsdl: 'gofish?wsdl',
    pretty_print_xml: true,
    log: true,
    log_level: :debug,
    env_namespace: :soapenv,
    namespaces: {'soapenv:mustUnderstand' => "1"}
)

You probably have to list all the other namespaces you need as well.

You con try something crazy. Go to your gem directory and find the file ...akami-1.2.2/lib/akami/wsse.rb

change line #158 from

:attributes! => { "wsse:Security" => { "xmlns:wsse" => WSE_NAMESPACE } }

to

:attributes! => { "wsse:Security" =>
                                       { "mustUnderstand" => "1",
                                         "xmlns:wsse" => WSE_NAMESPACE} }

That's not pretty but it might work

Upvotes: 1

Related Questions