|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) SOAP WS-Security UsernameTokenDemonstrates how to add a UsernameToken with the WSS SOAP Message Security header. Note: This example requires Chilkat v9.5.0.66 or later.
Use ChilkatAx-9.5.0-win32.pkg Procedure Test Handle hoXml Boolean iSuccess Variant vWsse Handle hoWsse Variant vXHeader Handle hoXHeader String sWsu_id String sPassword String sUsername Handle hoPrng Variant vBd Handle hoBd String sNonce Handle hoDt Boolean iBLocal String sCreated Handle hoCrypt String sPasswordDigest String sTemp1 // This example requires the Chilkat Crypt API to have been previously unlocked. // See Unlock Chilkat Crypt for sample code. // An HTTP SOAP request is an HTTP request where the SOAP XML composes the body. // This example demonstrates how to add a WS-Security header such as the following: // // <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-6138db82-5a4c-4bf7-915f-af7a10d9ae96"> // <wsse:Username>user</wsse:Username> // <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">CBb7a2itQDgxVkqYnFtggUxtuqk=</wsse:Password> // <wsse:Nonce>5ABcqPZWb6ImI2E6tob8MQ==</wsse:Nonce> // <wsu:Created>2010-06-08T07:26:50Z</wsu:Created> // </wsse:UsernameToken> // // First build some simple SOAP XML that has some header and body. Get Create (RefClass(cComChilkatXml)) To hoXml If (Not(IsComObjectCreated(hoXml))) Begin Send CreateComObject of hoXml End Set ComTag Of hoXml To "env:Envelope" Get ComAddAttribute Of hoXml "xmlns:env" "http://www.w3.org/2003/05/soap-envelope" To iSuccess Get ComUpdateAttrAt Of hoXml "env:Header|n:alertcontrol" True "xmlns:n" "http://example.org/alertcontrol" To iSuccess Send ComUpdateChildContent To hoXml "env:Header|n:alertcontrol|n:priority" "1" Send ComUpdateChildContent To hoXml "env:Header|n:alertcontrol|n:expires" "2001-06-22T14:00:00-05:00" Get ComUpdateAttrAt Of hoXml "env:Body|m:alert" True "xmlns:m" "http://example.org/alert" To iSuccess Send ComUpdateChildContent To hoXml "env:Body|m:alert|m:msg" "Pick up Mary at school at 2pm" Get ComGetXml Of hoXml To sTemp1 Showln sTemp1 Showln "----" // The following SOAP XML is built: // <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"> // <env:Header> // <n:alertcontrol xmlns:n="http://example.org/alertcontrol"> // <n:priority>1</n:priority> // <n:expires>2001-06-22T14:00:00-05:00</n:expires> // </n:alertcontrol> // </env:Header> // <env:Body> // <m:alert xmlns:m="http://example.org/alert"> // <m:msg>Pick up Mary at school at 2pm</m:msg> // </m:alert> // </env:Body> // </env:Envelope> // // Now build the WSSE XML housing that we'll insert into the above SOAP XML at the end. // <wsse:Security> // <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="WSU_ID"> // <wsse:Username>USERNAME</wsse:Username> // <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">PASSWORD_DIGEST</wsse:Password> // <wsse:Nonce>NONCE</wsse:Nonce> // <wsu:Created>CREATED</wsu:Created> // </wsse:UsernameToken> // </wsse:Security> Get Create (RefClass(cComChilkatXml)) To hoWsse If (Not(IsComObjectCreated(hoWsse))) Begin Send CreateComObject of hoWsse End Set ComTag Of hoWsse To "wsse:Security" Get ComUpdateAttrAt Of hoWsse "wsse:UsernameToken" True "xmlns:wsu" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" To iSuccess Get ComUpdateAttrAt Of hoWsse "wsse:UsernameToken" True "wsu:Id" "WSU_ID" To iSuccess Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Username" "USERNAME" Get ComUpdateAttrAt Of hoWsse "wsse:UsernameToken|wsse:Password" True "Type" "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest" To iSuccess Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Password" "PASSWORD_DIGEST" Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Nonce" "NONCE" Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsu:Created" "CREATED" Get ComGetXml Of hoWsse To sTemp1 Showln sTemp1 Showln "----" // Insert the wsse:Security XML into the existing SOAP header: Get ComGetChildWithTag Of hoXml "env:Header" To vXHeader If (IsComObject(vXHeader)) Begin Get Create (RefClass(cComChilkatXml)) To hoXHeader Set pvComObject Of hoXHeader To vXHeader End Get pvComObject of hoWsse to vWsse Get ComAddChildTree Of hoXHeader vWsse To iSuccess Send Destroy of hoXHeader // Now show the SOAP XML with the wsse:Security header added: Get ComGetXml Of hoXml To sTemp1 Showln sTemp1 Showln "----" // Now our XML looks like this: // <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"> // <env:Header> // <n:alertcontrol xmlns:n="http://example.org/alertcontrol"> // <n:priority>1</n:priority> // <n:expires>2001-06-22T14:00:00-05:00</n:expires> // </n:alertcontrol> // <wsse:Security> // <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="WSU_ID"> // <wsse:Username>USERNAME</wsse:Username> // <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">PASSWORD_DIGEST</wsse:Password> // <wsse:Nonce>NONCE</wsse:Nonce> // <wsu:Created>CREATED</wsu:Created> // </wsse:UsernameToken> // </wsse:Security> // </env:Header> // <env:Body> // <m:alert xmlns:m="http://example.org/alert"> // <m:msg>Pick up Mary at school at 2pm</m:msg> // </m:alert> // </env:Body> // </env:Envelope> // // ----------------------------------------------------- // Now let's fill-in-the-blanks with actual information... // ----------------------------------------------------- Move "Example-1" To sWsu_id Get ComUpdateAttrAt Of hoWsse "wsse:UsernameToken" True "wsu:Id" sWsu_id To iSuccess Move "password" To sPassword Move "user" To sUsername Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Username" sUsername // The nonce should be 16 random bytes. Get Create (RefClass(cComChilkatPrng)) To hoPrng If (Not(IsComObjectCreated(hoPrng))) Begin Send CreateComObject of hoPrng End Get Create (RefClass(cComChilkatBinData)) To hoBd If (Not(IsComObjectCreated(hoBd))) Begin Send CreateComObject of hoBd End // Generate 16 random bytes into bd. // Note: The GenRandomBd method is added in Chilkat v9.5.0.66 Get pvComObject of hoBd to vBd Get ComGenRandomBd Of hoPrng 16 vBd To iSuccess Get ComGetEncoded Of hoBd "base64" To sNonce Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Nonce" sNonce // Get the current date/time in a string with this format: 2010-06-08T07:26:50Z Get Create (RefClass(cComCkDateTime)) To hoDt If (Not(IsComObjectCreated(hoDt))) Begin Send CreateComObject of hoDt End Get ComSetFromCurrentSystemTime Of hoDt To iSuccess Move False To iBLocal Get ComGetAsTimestamp Of hoDt iBLocal To sCreated Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsu:Created" sCreated // The password digest is calculated like this: // Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) Get ComAppendString Of hoBd sCreated "utf-8" To iSuccess Get ComAppendString Of hoBd sPassword "utf-8" To iSuccess Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt If (Not(IsComObjectCreated(hoCrypt))) Begin Send CreateComObject of hoCrypt End Set ComHashAlgorithm Of hoCrypt To "SHA-1" Set ComEncodingMode Of hoCrypt To "base64" // Note: The HashBdENC method is added in Chilkat v9.5.0.66 Get pvComObject of hoBd to vBd Get ComHashBdENC Of hoCrypt vBd To sPasswordDigest Send ComUpdateChildContent To hoWsse "wsse:UsernameToken|wsse:Password" sPasswordDigest // Examine the final SOAP XML with WS-Security header added. Get ComGetXml Of hoXml To sTemp1 Showln sTemp1 End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.