consuming Webservice CF11

checked the username/pw again.

It is the same as in the successful call with soapUI (see lines below). When i see it,  i ask me wether Coldfusion can produce these tokens..

----------------------------snippet of successful call ------------------------

Wed Mar 16 22:33:24 CET 2016:DEBUG:>> "<soapenv:Envelope xmlns:glugg="http://schemas.datacontract.org/2004/07/Glugg.CMS.Definitions.Bestandsabfrage" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">[\n]"

Wed Mar 16 22:33:24 CET 2016:DEBUG:>> "   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-62F33C3C441C4F5CF814581640048155"><wsse:Username>firstname.lastname@glugg-domain.de</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor dText">passphrase</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Bi nary">s/oi9bCZrBYWb8QU7YtPvA==</wsse:Nonce><wsu:Created>2016-03-16T21:33:24.815Z</wsu:Created> </wsse:UsernameToken></wsse:Security></soapenv:Header>[\n]"

----------------------------/snippet

Just to get one further issue out of the way, your code implies that the domain is gloggsche.de, whereas the SOAPUI example uses gluggsche.de.

Sorry, a mistake during anonymization of the cf-code and  soapUI log.

glogg and glugg are synonym. In case they follow the original (Glugg/glugg).
Thank you for careful reading.:).

This i the webservice-call i can send with soapUI.

it delivers the wanted reply.

How ca i do this with coldfusion11.
How do i provide the Tokens.

In the Moment i cant read the webservice calls from coldfusion.

With fiddler i dd not succeed. In cf9 there was tcpmon. Do i have to  install wireshark?

---------------------soapUI-call--------------------

POST https://cmstest.gluggsche.de/Services/BestandsabfrageService.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://tempuri.org/IBestandsabfrageService/Suche"
Content-Length: 1788
Host: cmstest.gluggsche.de
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

<soapenv:Envelope xmlns:glugg="http://schemas.datacontract.org/2004/07/Glugg.CMS.Definitions.Bestandsabfrage" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-98DAFC15334EBD6F1814585039979784"><wsse:Username>firstname.lastname@domain.de</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">..passphrase_</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">bb2bdI6Sl2QqaWALGz0kCA==</wsse:Nonce><wsu:Created>2016-03-20T19:59:57.978Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <tem:Suche>
         <!--Optional:-->
         <tem:anfrage>
            <!--Optional:-->
            <glugg:GluggId/>
            <!--Optional:-->
            <glugg:DatumBis>2016-03-01</glugg:DatumBis>
            <!--Optional:-->
            <glugg:DatumVon>2016-02-24</glugg:DatumVon>
            <!--Optional:-->
            <glugg:Entscheidungstyp/>
            <!--Optional:-->
            <glugg:GerichtSchluesselOderNummer>BGH</glugg:GerichtSchluesselOderNummer>
            <!--Optional:-->
            <glugg:NormalisiertesOriginalAktenzeichen/>
            <!--Optional:-->
            <glugg:Sprache>de</glugg:Sprache>
            <!--Optional:-->
            <glugg:VolltextVorhanden>true</glugg:VolltextVorhanden>
         </tem:anfrage>
      </tem:Suche>
   </soapenv:Body>
</soapenv:Envelope>

Malvina, it seems the issue is that you are consuming a web service that uses WSS (a particular form of security), which had not supported over the years. (See the references in your xml below to “wss’”.) And as you conclude, you’re needing to pass in that usernametoken..

Knowing that, if you do some searching for ColdFusion and wss you’ll find various resources discussing how to get things to work. Just be aware that each ay be referring to a different CF version.

I present here 3 possibilities you may want to consider. I’ve not tried them myself. Just wondering if any may help you.

1) For instance, one resource from the CF9 era shows some CFML code for making such a call by passing that token manually:

http://www.mikeobrien.net/blog/consuming-web-service-that-requires-wss/

It may not be EXACLY what you need, but since you’re comfortable with SoapUI (and even were considering dropping to wireshark), you may be able to connect the dots to get things working.

2) There’s another blog post, which seems from the CF10 or 11 era (2011), which proposes using some alternative java libraries. Just beware that that may not be needed in the CF11 you’re using (which has updated libraries over CF10 or 9):

http://onlineanthony.blogspot.com/2010/05/using-ws-security-for-soap-in.html

But note at least that it’s got a lot of comments, any of which may also prove helpful for you.

3) Finally, I’ll note that I see some resources that suggest the new axis-2 support (added in CF10) may inherently add support for this ws authentication, but I see that you have added the wsversion=”2” to your code, and it hasn’t helped.

Let us know if any of the rest above may help.

(FWIW, if you or anyone may come across mentions in the past that a future release of CF would add support for WSS, it DID happen, in CF11, but it was only for the websockets feature, not web services. More at https://helpx.adobe.com/coldfusion/developing-applications/coldfusion-and-html-5/using-coldfusion-websocket/websocket-enhancements.html).

/charlie

Hi Charlie,

Tested the approaches, but none was successfull.

To add a static header is possible, but addition of the calculated tokens fails.

I can produce the xml as below, but could not manage to add the tokens (see the *)  properly.

As cf2016 has a similar set of axis2.jars as cf11, it failed as well.

From the idea "give the wsdl-file to coldfusion/axis it will do the job" i feel far away.

do you see a way to add the tokens ?

How to calculate the tokens? Are there other java-libs i have to integrate? rampart?

ws-security seems to be popular with microsoft products

<soapenv:Envelope xmlns:glugg="http://schemas.datacontract.org/2004/07/Glugg.CMS.Definitions.Bestandsabfrage" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">

    <soapenv:Header>

        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

*            <wsse:UsernameToken wsu:Id="UsernameToken-88EDF154942BEC248614600377485574">

                <wsse:Username>lastname.firstname@glugg-domain.de</wsse:Username>

                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">..passwphrase..</wsse:Password>

*                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">3zCrgLib0kMUgaozGHPbGA==</wsse:Nonce>

                <wsu:Created>2016-04-07T14:02:28.557Z</wsu:Created>

            </wsse:UsernameToken>

        </wsse:Security>

    </soapenv:Header>

    <soapenv:Body>

....  calls the method and provides arguments

    </soapenv:Body>

</soapenv:Envelope>

This might help: a tip from Mike O'Brien for consuming WSS web services

In your case, start with something like this:

<cfscript>

    wsdl="http://cmstest.gloggsche.de/Services/BestandsabfrageService.svc?wsdl";

    username="firstname.lastname@domain.de";

    password="passPhrase..";

    refresh=false;

</cfscript>

<cfobject name = "ws" wsversion="2"

webservice= "#wsdl#"

username = "#username#"

password = "#password#"

refreshWSDL = "#refresh#"

type = "webservice">

// this is das skeleton das den remote webservice representiert

// writedump(ws);

<cfscript>

// nun stellen wir das argument für den Aufruf bereit

// ich habe extra dies genau gleich gemacht wie ihr aufruf mit soapUI, sprich auch leere werte für optionale parameter

anfrage={};

anfrage.BeckId="";

anfrage.Entscheidungstyp="";

anfrage.NormalisiertesOriginalAktenzeichen="";

anfrage.DatumVon=createDate(2010,8,30);

anfrage.DatumBis=createDate(2010,8,30);

anfrage.GerichtSchluesselOderNummer="cr143837";

anfrage.Sprache="DE";

anfrage.VolltextVorhanden=true;

// implement WSS security

addCredentials(ws, username, password);

// nun suchen wir

writedump(ws.suche(anfrage));

//writeDump(ws.Suche(anfrage));

</cfscript>

<cfscript>

function addCredentials(service, username, password)

{

      wssNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";

      header = createObject("java", "org.apache.axis.message.SOAPHeaderElement");

      header.init(wssNamespace, "wsse:Security");

      header.addChildElement("wsse:UsernameToken");

      header.getFirstChild().addChildElement("wsse:Username").setValue(username);

      header.getFirstChild().addChildElement("wsse:Password").setValue(password);

      header.setMustUnderstand(1);

      service.setHeader(header);

}

<cfscript>

"Great minds." 🙂

I'm guessing you didn't see that I shared that link last night, along with other info. But good on ya' for going ahead and coding it up.

Looking forward to hearing if that approach or the other I offered may get Malvina going.

Apologies, Charlie. I didn't see the link.

Your remark on WSS immediately rang a bell. So I googled wss web service coldfusion ​and, hey presto!

Thank you to both of you for this pretty bunch of hints and tips, i give feedback the other day.

Alec