CMDBuild Forum

Configure SoapUI request with CMDBuild 2.2.1

Old Versions
#1

Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.


I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?
#2
Dear Alex,
that error usually appears when you try to send a request with a nonce that has already been used in the previous request.
You should generate a new nonce for every request you send. 
 
Best regards
CMDBuild Team
 
 
Previously Alex wrote:
Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.

I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?

 

#3
Ok, now I catch this error:
 
"The message has expired"
 
I set this SoapUI property:
 
Username
Password
AuthenticationType (either Global HTTP Setting or Authenticate Pre-Emptively)
WSS-PasswordType (either PasswordText or PasswordDigest)
 
Thank you.
 
 
Previously Tecnoteca wrote:
Dear Alex,
that error usually appears when you try to send a request with a nonce that has already been used in the previous request.
You should generate a new nonce for every request you send. 
 
Best regards
CMDBuild Team
 
 
Previously Alex wrote:
Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.

I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?

 

 

#4
Unfortunately still cannot use SoapUI to get value by CMDBuild WSDL.
 
I would add the logic as I generated Nonce, Created and PasswordDigest values.
 
I used a client Java with Base64Digester class (I get opensource code from CMDBuild Site).
 
Code is this:
 
String nonce = UUID.randomUUID().toString();
String created = "2014-11-07T15:28:00Z";
String password = "mypassword";
Base64Digester base64Digester = new Base64Digester();
System.out.println("Nonce: " + base64Digester.encrypt(nonce));
System.out.println("Created: " + created);
String base64Digester_sha1 = Utilities.methodSHA(nonce + created + password);
System.out.println("base64Digester (by SHA-1): " + base64Digester.encrypt( base64Digester_sha1 ) );

public static String methodSHA(String value) throws NoSuchAlgorithmException
{
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(value.getBytes());
byte byteData[] = md.digest();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) 
{
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
}
return sb.toString();
}

public String encrypt(String password) {
try {
byte[] passwordBytesAsUTF8Encoding = password.getBytes("UTF8");
byte[] encryptedPasswordBytes = getCiphers().encrypt(passwordBytesAsUTF8Encoding);
return new sun.misc.BASE64Encoder().encode(encryptedPasswordBytes);
} catch (Exception e) {
System.out.println(e.getMessage());
}
return null;
}
 
Any suggestion?
 
Thanks.
 
 
Previously Alex wrote:
Ok, now I catch this error:
 
"The message has expired"
 
I set this SoapUI property:
 
Username
Password
AuthenticationType (either Global HTTP Setting or Authenticate Pre-Emptively)
WSS-PasswordType (either PasswordText or PasswordDigest)
 
Thank you.
 
 
Previously Tecnoteca wrote:
Dear Alex,
that error usually appears when you try to send a request with a nonce that has already been used in the previous request.
You should generate a new nonce for every request you send. 
 
Best regards
CMDBuild Team
 
 
Previously Alex wrote:
Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.

I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?

 

 

 

#5
Dear Alex,
 
try to edit "soapws-r1.xml" and/or "soapws-r2.xml" and uncomment those lines:
 
<!-- <entry key="ws-security.enable.nonce.cache" value="false" /> -->
<!-- <entry key="ws-security.enable.timestamp.cache" value="false" /> -->
 
Best regards.
 
-- CMDBuild Team
 
Previously Alex wrote:
Ok, now I catch this error:
 
"The message has expired"
 
I set this SoapUI property:
 
Username
Password
AuthenticationType (either Global HTTP Setting or Authenticate Pre-Emptively)
WSS-PasswordType (either PasswordText or PasswordDigest)
 
Thank you.
 
 
Previously Tecnoteca wrote:
Dear Alex,
that error usually appears when you try to send a request with a nonce that has already been used in the previous request.
You should generate a new nonce for every request you send. 
 
Best regards
CMDBuild Team
 
 
Previously Alex wrote:
Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.

I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?

 

 

 

#6
I solved with autogenerate function of SoapUI that permits to auto-create a complete UserToken.
 
Tks,
Alex.
 
Previously Tecnoteca wrote:
Dear Alex,
 
try to edit "soapws-r1.xml" and/or "soapws-r2.xml" and uncomment those lines:
 
<!-- <entry key="ws-security.enable.nonce.cache" value="false" /> -->
<!-- <entry key="ws-security.enable.timestamp.cache" value="false" /> -->
 
Best regards.
 
-- CMDBuild Team
 
Previously Alex wrote:
Ok, now I catch this error:
 
"The message has expired"
 
I set this SoapUI property:
 
Username
Password
AuthenticationType (either Global HTTP Setting or Authenticate Pre-Emptively)
WSS-PasswordType (either PasswordText or PasswordDigest)
 
Thank you.
 
 
Previously Tecnoteca wrote:
Dear Alex,
that error usually appears when you try to send a request with a nonce that has already been used in the previous request.
You should generate a new nonce for every request you send. 
 
Best regards
CMDBuild Team
 
 
Previously Alex wrote:
Hi, I would use SoapUI to create a request to get any information by CMDBuild 2.2.1 version.

I tried to create following envelope request:
 
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:Username>myUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">Y2UwZDU4Zjc1NzYzMDI3YWEyNzRkODQ5NTA1MGU0OThkNw==</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">9lxfm1l61xnCRNVi5lA==</wsse:Nonce>
<wsu:Created>2013-10-14T10:08:21.826Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
  <soap1:getLookupById>
<soap1:id>1</soap1:id>
  </soap1:getLookupById>
</soap:Body>
</soap:Envelope>

but I get following error:
 
<soap:Text xml:lang="en">An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")</soap:Text>

My password digest is calculated so:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
 
Nonce and Created are causally values.
 
Is that right?