ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Issue with HTTP Request Node using Security Profile in IIB

Post new topic  Reply to topic
 Issue with HTTP Request Node using Security Profile in IIB « View previous topic :: View next topic » 
Author Message
sandeu
PostPosted: Tue Apr 17, 2018 8:55 pm    Post subject: Issue with HTTP Request Node using Security Profile in IIB Reply with quote

Newbie

Joined: 17 Apr 2018
Posts: 5

Hi,

I have a requirement to build a MIME message for a web service call and I am using compute node to build the SOAP Request message (with MIME parts) and calling the SOAP service using HTTP Request Node (by providing the SOAP Action in headers).

The service is expecting security headers to pass and I have created a security profile with username and password (via security identity) and referred the same in HTTPRequestNode (in BAR file) and deployed to IIB V10 node. However it appears the security is not propagated even though I set the "propagation" to True in security profile configuration.

mqsicreateconfigurableservice IIBNODE -c SecurityProfiles -o AppExtenderSecProfile -n mapping,rejectBlankpassword,propagation,passwordValue,keyStore,authorizationConfig,authenticationConfig,idToPropagateToTransport,trustStore,authentication,authorization,mappingConfig,transportPropagationConfig -v "NONE","FALSE","TRUE","PLAIN","Reserved for future use","","","STATIC ID","Reserved for future use","NONE","NONE","","AppExtSecId"

Please help me understand the issue..
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed Apr 18, 2018 12:10 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

You should be using a SOAP Request node instead of an HTTP Request node.
Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
sandeu
PostPosted: Wed Apr 18, 2018 6:38 am    Post subject: Reply with quote

Newbie

Joined: 17 Apr 2018
Posts: 5

I tried using SOAP request node initially but it did not work for me for multi part messages. Then I shifted to use HTTPRequestNode. This worked fine when I build the (hardcode) the security headers in compute node but it did not work with security profile configuration in HTTPRequestNode. The security headers not populated in the the web service request message.

Please let me know if you need any more details...
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Apr 18, 2018 6:46 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

sandeu wrote:
I tried using SOAP request node initially but it did not work for me for multi part messages.

......

Please let me know if you need any more details...


Details of the problem would be nice; "it did not work" conveys nothing. What happened? Smoke from your laptop? Flying monkeys stole your little dog Toto? What did you do to resolve the problem? What did the user trace say was happening?

sandeu wrote:
Please help me understand the issue..


The HTTPRequest node doesn't understand that it's calling web services so doesn't build any WS-Security headers; if you look in the trace you should see the id from the security profile being propagated (as per your configuration) into the BasicAuth section of the HTTP header (which the node does understand).

The SOAPRequest node does understand that it's calling web services so propagates credentials from the security profile into WS-Security headers.

That's why you should use a SOAPRequest node to call a web service.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
sandeu
PostPosted: Wed Apr 18, 2018 8:43 am    Post subject: Reply with quote

Newbie

Joined: 17 Apr 2018
Posts: 5

This is my first time using security profile and have gone through documentation provided on Security Profiles. Below are the links I have gone through below link and tried implementing the same.
I did not realize (know) that HTTPRequestNode doesn't build the WS Security Headers and I should use only the SOAPRequestNode to build ws security headers. Thanks for letting me know.

https://www.ibm.com/support/knowledgecenter/en/SSKM8N_8.0.0/com.ibm.etools.mft.doc/ap04160_.htm

I searched in the user trace but did not see anything related to Basic Auth headers in user trace when using HTTPReuestNode, I will check again.

Now, I have changed the HTTPRequestNode to SOAPRequestNode (assigned policy bindings and security profile on the message flow properties in BAR file) I am getting "An invalid XML character (Unicode: 0x2d) was found in the prolog of the document." error. Could you help figure out the issue in this code shared below?

Message Flow: (This is just a sample message flow that I built to isolate the problem)

=========
FileInputNode --> ComputeNode1 --> ComputeNode2 --> SOAPRequestNode --> TraceNode (this will be replaced with Compute Node and MQOutput Node upon making it work)

First Compute Node:
===================
For now I have hard coded the SOAP messages as below. Later I will build this in ESQL code.

declare input1 char '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xyz="xyz.Wcf" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
<soapenv:Header>
<xyz:FieldValues>
<!--Zero or more repetitions:-->
<arr:string>732347225</arr:string>
</xyz:FieldValues>
<xyz:ApplicationName>TestApp</xyz:ApplicationName>
</soapenv:Header>
<soapenv:Body>
<xyz:AxDocumentAddDocument_Request>
<xyz:FileStream><xop:Include href="cid:http://tempuri.org/1/636591393658635567" xmlns:xop="http://www.w3.org/2004/08/xop/include"/></xyz:FileStream>
</xyz:AxDocumentAddDocument_Request>
</soapenv:Body></soapenv:Envelope>';

CREATE LASTCHILD OF OutputRoot DOMAIN 'XMLNSC' PARSE (input1 , 546, 1208);
SET Environment.Variables.blobMsg = InputRoot.BLOB.BLOB; -- This contains the BLOB message of a PNG file.
RETURN TRUE;

Second Compute Node:
====================

DECLARE part1Data1 BLOB ASBITSTREAM(InputRoot.XMLNSC, 546, 1208);
SET OutputRoot.Properties.ContentType = 'multipart/related; type="application/xop+xml";start="<http://tempuri.org/0>";boundary="uuid:80e80c90-b343-455f-be69-10893b3b4e2b+id=2";start-info="text/xml"';
SET OutputRoot.HTTPRequestHeader."SOAPAction" = 'xyz.Wcf/Appwcf/Document_AddDocumentAsStream';
SET OutputRoot.HTTPRequestHeader."Content-ID" ='<http://tempuri.org/0>';
SET OutputRoot.HTTPRequestHeader."Accept-Encoding" = 'gzip, deflate';

CREATE FIELD OutputRoot.MIME TYPE Name;
DECLARE M REFERENCE TO OutputRoot.MIME;
CREATE LASTCHILD OF M TYPE Name NAME 'Parts';
CREATE LASTCHILD OF M.Parts TYPE Name NAME 'Part';
DECLARE P1 REFERENCE TO M.Parts.Part[1];
CREATE FIELD P1."Content-Type" TYPE NameValue VALUE 'application/xop+xml;charset=utf-8;type="text/xml"';
CREATE FIELD P1."Content-Id" TYPE NameValue VALUE '<http://tempuri.org/0>';
CREATE FIELD P1."Content-Transfer-Encoding" TYPE NameValue VALUE '8bit';
CREATE LASTCHILD OF P1 TYPE Name NAME 'Data';
CREATE LASTCHILD OF P1.Data DOMAIN('BLOB') PARSE(part1Data1);

CREATE LASTCHILD OF M.Parts TYPE Name NAME 'Part';
DECLARE P2 REFERENCE TO M.Parts.Part[2];
CREATE FIELD P2."Content-Id" TYPE NameValue VALUE '<http://tempuri.org/1/636591393658635567>';
CREATE FIELD P2."Content-Transfer-Encoding" TYPE NameValue VALUE 'binary';
CREATE FIELD P2."Content-Type" TYPE NameValue VALUE 'image/png"';
CREATE FIELD P2."Content-Disposition" TYPE NameValue VALUE 'image/png';
CREATE LASTCHILD OF P2 TYPE Name NAME 'Data';
CREATE LASTCHILD OF P2.Data DOMAIN('BLOB') PARSE(Environment.Variables.blobMsg); -- This contains the BLOB message of a PNG file.
RETURN TRUE;

Error Message:
=============
Text:CHARACTER:Error Making JNI Call: Axis2Requester_processRequestMessageNonSoap
Insert
Type:INTEGER:5
Text:CHARACTER:Axis2Requester_processRequestMessageNonSoap
Insert
Type:INTEGER:5
Text:CHARACTER:org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException: An invalid XML character (Unicode: 0x2d) was found in the prolog of the document.
@: org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:293)
@: org.apache.axiom.om.impl.llom.OMDocumentImpl.getOMDocumentElement(OMDocumentImpl.java:104)
@: org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:568)
@: com.ibm.broker.axis2.SoapUtilities.wrapDataInSoapEnvelopeIfRequiredUsingAxis2(SoapUtilities.java:1663)
@: com.ibm.broker.axis2.Axis2Requester.processRequestMessageNonSoap(Axis2Requester.java:1146)
Frame : 1 javax.xml.stream.XMLStreamException: An invalid XML character (Unicode: 0x2d) was found in the prolog of the document.
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Apr 18, 2018 9:06 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

sandeu wrote:
Could you help figure out the issue in this code shared below?


You're putting the blob of a png file in a section described as "text/xml". It's a racing certainty a blob will contain at least one character not allowed by the XML specification.

Describe it with the correct type (image/png?)
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
sandeu
PostPosted: Wed Apr 18, 2018 9:29 pm    Post subject: Reply with quote

Newbie

Joined: 17 Apr 2018
Posts: 5

I tried assigning the content-type value in outputroot.properties with "image/png", "application/octect-stream" and few others as per the below link. Nothing worked. It has thrown the same " An invalid XML character (Unicode: 0x2d) was found in the prolog of the document." error.

https://www.ibm.com/support/knowledgecenter/SSMKHH_9.0.0/com.ibm.etools.mft.doc/ad30590_.htm

I also tried to manipulate the SOAPRequestNode properties such as Accept-Encoding and Accept compressed responses by default based on the details provided in the below link but that also didn't work and failed with the same error.

http://www.mqseries.net/phpBB2/viewtopic.php?p=396908&sid=591ab8b0b504fc635c7f89806734828d

Anything else I can try to resolve the issue?
Back to top
View user's profile Send private message
mgk
PostPosted: Thu Apr 19, 2018 3:03 am    Post subject: Reply with quote

Padawan

Joined: 31 Jul 2003
Posts: 1638

So the problem here is that you are using the MIME domain to send a message to the SOAPRequest node. In this case you should just use the SOAP domain and use the Attachments folder to send your attachments which will be converted to SOAP with Attachments on the Wire which is a MIME format. See this pdf here for some more details: https://www.ibm.com/developerworks/webservices/library/ws-soapnode2/ws-soapnode2-pdf.pdf

Kind regards,
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.
Back to top
View user's profile Send private message
sandeu
PostPosted: Sat Apr 28, 2018 9:06 pm    Post subject: Reply with quote

Newbie

Joined: 17 Apr 2018
Posts: 5

Sorry for the late response. Thank you all for the suggestions. It helped a lot. Yes the webservice call worked fine by using SOAPRequestNode adding the attachment inline using the below code.

SET OutputRoot.SOAP.Body.u:AxDocumentAddDocument_Request.(XMLNSC.NamespaceDecl)xmlns:u = 'namespace';
SET OutputRoot.SOAP.Body.u:AxDocumentAddDocument_Request.(BITOR(XMLNSC.Field, XMLNSC.base64Binary))u:FileStream = BASE64DECODE(Base64Image);

*********
Having said, when I tried to use the XOP include with content-id as shown below didn't work, it was throwing web service request exception though I see the PNG file is attached correctly in SOAP Attachment folder. (I verified this by rerouting the request to a dummy web service hosted in IIB itself).

SET OutputRoot.SOAP.Body.u:AxDocumentAddDocument_Request.u:FileStream = '<xop:Include href="cid:TestFile.PNG" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>';

SET OutputRoot.SOAP.Attachment.Id0.MIME_Headers."Name" = 'TestFile.PNG';
SET OutputRoot.SOAP.Attachment.Id0.MIME_Headers."Content-Type"='application/octet-stream; name=TestFile.PNG';
SET OutputRoot.SOAP.Attachment.Id0.MIME_Headers."Content-Transfer-Encoding"='binary';
SET OutputRoot.SOAP.Attachment.Id0.MIME_Headers."Content-Id" = 'TestFile.PNG';
SET OutputRoot.SOAP.Attachment.Id0.MIME_Headers."Content-Disposition" ='attachment; name="TestFile.PNG"; filename="TestFile.PNG"';
SET OutputRoot.SOAP.Attachment.Id0.BLOB = CAST(BASE64DECODE(Base64Image) AS BLOB CCSID iCCSIDVal ENCODING iEncodingVal);


Exception message:
============

Severity:INTEGER:3
Number:INTEGER:3162
Text:CHARACTER:WebService Request Exception
Insert
Type:INTEGER:12
Text:CHARACTER:Content-Length: 26750
Content-Type: multipart/related; boundary="WMBMIME2Boundaryurn_uuid_EE6B6CB6D2B9EEA7431524977580515"; type="text/xml"; start="<0.urn:uuid:EE6B6CB6D2B9EEA7431524977580517@ibm.com>"
Host: axws.xyz.com
SOAPAction: "xyz.Wcf/ApplicationXtenderWCF/Document_AddDocumentAsStream"
Connection: Keep-Alive
Accept-Encoding: gzip,deflate


Insert
Type:INTEGER:12
Text:CHARACTER:--WMBMIME2Boundaryurn_uuid_EE6B6CB6D2B9EEA7431524977580515
Content-Type: text/xml; charset=utf-8
Content-Transfer-Encoding: binary
Content-ID: <0.urn:uuid:EE6B6CB6D2B9EEA7431524977580517@ibm.com>

<?xml version="1.0" encoding="utf-8"?><NS1:Envelope xmlns:NS1="http://schemas.xmlsoap.org/soap/envelope/"><NS1:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" NS1:mustUnderstand="1"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="unt_20"><wsse:Username>*********</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">**********</wsse:Password></wsse:UsernameToken></wsse:Security><NS2:FieldValues xmlns:NS2="xyz.Wcf"><NS3:string xmlns:NS3="http://schemas.microsoft.com/2003/10/Serialization/Arrays">00001</NS3:string><NS4:string xmlns:NS4="http://schemas.microsoft.com/2003/10/Serialization/Arrays">12345</NS4:string><NS5:string xmlns:NS5="http://schemas.microsoft.com/2003/10/Serialization/Arrays">678910</NS5:string></NS2:FieldValues><NS6:ApplicationName xmlns:NS6="xyz.Wcf">TEMP</NS6:ApplicationName></NS1:Header><NS1:Body><u:AxDocumentAddDocument_Request xmlns:u="xyz.Wcf"><u:FileStream>&lt;xop:Include href="cid:TestFile.PNG" xmlns:xop="http://www.w3.org/2004/08/xop/include"/&gt;</u:FileStream></u:AxDocumentAddDocument_Request></NS1:Body></NS1:Envelope>
--WMBMIME2Boundaryurn_uuid_EE6B6CB6D2B9EEA7431524977580515
Content-Type: application/octet-stream; name=TestFile.PNG
Content-Transfer-Encoding: binary
Content-ID: <TestFile.PNG>

ʐNG


IHDR L V "9m sRGB ώ頠 gAMA я 𡅠 PLTE 󿿥ٟݠ pHYs =Ġ =āլд aIDATxۭދr剶 llЋӂiW˴D؍ նڈK𘬴ݦɚ墧e?՘+>B?ʠĶⲟAƂK–̱6ap򳱇Ƞ

*************

But, when tested with SOAPUI by adding the attachment in attachment section the below code is working fine.

SET OutputRoot.SOAP.Body.u:AxDocumentAddDocument_Request.u:FileStream = '<xop:Include href="cid:TestFile.PNG" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>';

**********

Please let me know what am I doing wrong. I would like to correct my understanding on working with SOAP Attachments. Thank you in advance.


Last edited by sandeu on Mon Apr 30, 2018 5:43 pm; edited 1 time in total
Back to top
View user's profile Send private message
mgk
PostPosted: Sun Apr 29, 2018 4:45 am    Post subject: Reply with quote

Padawan

Joined: 31 Jul 2003
Posts: 1638

There are two different ways of sending attachments with SOAP messages. These are Soap With Attachments (SwA) and Message Transmission Optimization Mechanism (MTOM). The SOAPRequest node can send both types but the message you create is different for each type. xop:include means you were trying to send MTOM but using an SwA shaped tree, which is why you saw an error. With MTOM you don't create the attachments you send - you just create the message and IIB does the hard work for you - but you have follow the instructions for enabling MTOM first. In reality SwA can be simpler if you have a choice, but I guess that will depend on the remote end. If you read the article I posted a link to above for more information about how to use each type of message that should help. Also the docs have information about configuring MTOM and SwA as well.
_________________
MGK
The postings I make on this site are my own and don't necessarily represent IBM's positions, strategies or opinions.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Issue with HTTP Request Node using Security Profile in IIB
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.