Four Stars

tESBConsumer User-Name Token: WS-Security Nonce is missing

Hi,

I am calling a web service with tESBConsumer component. Web service requires WS-Security. This is implemented in the tESBConsumer component with the "Use Authentication -> Username Token" setting. This adds WS-Security header to the Soap envelop but does not add the Nonce element. Web service also requires Nonce. 

 

This is generated from Talend DI v6.4.1

 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-6780c83f-ffc8-4588-a427-8f4a5eb41f77">
<wsse:Username>***</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
</wsse:UsernameToken> </wsse:Security> </soap:Header>

 

This generated from SoapUI;

<soapenv:Envelope xmlns:intf="http://intf.service.electronicaccountsummary.eho.hmn.ykb.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-6C5C1C99C561657DAB15142383167429"><wsse:Username>***</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">***</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">N/+/XZhFKO9btrOs+chsBw==</wsse:Nonce>
<wsu:Created>2017-12-25T21:45:16.742Z</wsu:Created></wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>

This is the Talend generated code of the job;

 

Screen Shot 2017-12-27 at 22.31.08.png

 

This code should be added also to add Nonce header

// Automatically adds a Base64 encoded message nonce and a created timestamp
wssProps.put(WSHandlerConstants.ADD_UT_ELEMENTS, WSConstants.NONCE_LN + " " + WSConstants.CREATED_LN); 

Is there a easy way to change wss4j configuration to add nonce?

 

Thanks.

3 REPLIES
Moderator

Re: tESBConsumer User-Name Token: WS-Security Nonce is missing

Hello,

Could you please take a look at this work item jira issue :https://jira.talendforge.org/browse/TESB-14763

to see if it is what you are looking for?

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Four Stars

Re: tESBConsumer User-Name Token: WS-Security Nonce is missing

Thanks for the reply. It seems the same root cause (CXF configuration) but i don't have a problem in ESB. I am using Talend DI studio and the problem is with tESBConsumer component. By the way i found a solution by generating wssHeaders manually.

 

Here is my job design:

wssUserPwd component is calling a routine that creates wss header document. payload+header are merged with XmlMap and passed to tESBConsumer (callWS). 

 

job designjob design

 

routine code:

 

public static routines.system.Document create(String username, String pwd) throws Exception {
    	DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    	DocumentBuilder builder = dbf.newDocumentBuilder();
    	Document doc = builder.newDocument();
    	
    	Element element = doc.createElement("root");
    	doc.appendChild(element);
    	
    	WSSecHeader hdr = new WSSecHeader(doc);
    	hdr.insertSecurityHeader();
    	
    	WSSecUsernameToken user = new WSSecUsernameToken();
    	user.setPasswordType(WSS4JConstants.PASSWORD_TEXT);
    	user.setUserInfo(username, pwd);
    	user.addCreated();
    	user.addNonce();
    	user.prepare(doc);
    	user.appendToHeader(hdr);
    	
    	routines.system.Document ret = new routines.system.Document();
    	ret.setDocument(new DOMReader().read(doc));
    	//printDocument(doc,System.out);
    	
    	return ret;
    }
Moderator

Re: tESBConsumer User-Name Token: WS-Security Nonce is missing

Hello,

Thanks for your feedback and sharing your solution with us.

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.