Multipart SOAP request (MTOM+XOP) with attachment as a Zip

kumaramkr
Participant I

Problem Statement:

Consumer invokes the Apigee proxy with SOAP payload with attachment (zip). The SOAP payload has <wsse:security> section to hold credentials. We need to scrub the <wsse:security> section before invoking the backend API.

Solution Tried:

below link has a pointer on parsing the text (password) using Java callout, however not sure how to just scrub the security header without tampering the attachment.

https://community.apigee.com/articles/60050/multipart-multipartform-data-creation-and-parsing.html

Approach#2.

This is what is available in the input stream for request.content in Java Maven project

0 2 2,226
2 REPLIES 2

Hi,

maybe try this

https://github.com/DinoChiesa/ApigeeEdge-Java-XOP-Editor

This callout transforms this:

--MIME_boundary
Content-Type: application/soap+xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <rootpart@soapui.org>


<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
   <S:Header>
     <wsse:Security
         xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
       <wsse:UsernameToken
           xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
         <wsse:Username
             xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>XXXXXX</wsse:Username>
         <wsse:Password
             xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>XXXXXX</wsse:Password>
       </wsse:UsernameToken>
     </wsse:Security>
   </S:Header>
   <S:Body>
     <GenericRequest
         xmlns='http://www.oracle.com/UCM' webKey='cs'>
       <Service IdcService='CHECKIN_UNIVERSAL'>
         <Document>
           <Field name='UserDateFormat'>iso8601</Field>
           <Field name='UserTimeZone'>UTC</Field>
           <Field name='dDocName'>201807111403445918-1-464</Field>
           <Field name='dSecurityGroup'>FAFusionImportExport</Field>
           <Field name='dDocAccount'>hcm$/dataloader$/import$</Field>
           <Field name='dDocType'>Application</Field>
           <Field name='dDocTitle'>201807111403445918_76_I228_1_ValueSet_Budget_Center_ID_Independent.zip</Field>
           <File name='primaryFile' href='201807111403445918_76_I228_1_ValueSet_Budget_Center_ID_Independent.zip'>
             <Contents>
               <Include
                   xmlns='http://www.w3.org/2004/08/xop/include' href='cid:0b83cd6b-af15-45d2-bbda-23895de2a73d'/>
             </Contents>
           </File>
         </Document>
       </Service>
     </GenericRequest>
   </S:Body>
</S:Envelope>


--MIME_boundary
Content-Type: application/zip
Content-Transfer-Encoding: binary
Content-ID: <0b83cd6b-af15-45d2-bbda-23895de2a73d>


...binary zip data...


--MIME_boundary--


Into this:

--MIME_boundary
Content-Type: application/soap+xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <rootpart@soapui.org>


<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
   <S:Header>
     <wsse:Security
         xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
     </wsse:Security>
   </S:Header>
   <S:Body>
     <GenericRequest
         xmlns='http://www.oracle.com/UCM' webKey='cs'>
       <Service IdcService='CHECKIN_UNIVERSAL'>
         <Document>
           <Field name='UserDateFormat'>iso8601</Field>
           <Field name='UserTimeZone'>UTC</Field>
           <Field name='dDocName'>201807111403445918-1-464</Field>
           <Field name='dSecurityGroup'>FAFusionImportExport</Field>
           <Field name='dDocAccount'>hcm$/dataloader$/import$</Field>
           <Field name='dDocType'>Application</Field>
           <Field name='dDocTitle'>201807111403445918_76_I228_1_ValueSet_Budget_Center_ID_Independent.zip</Field>
           <File name='primaryFile' href='201807111403445918_76_I228_1_ValueSet_Budget_Center_ID_Independent.zip'>
             <Contents>
               <Include
                   xmlns='http://www.w3.org/2004/08/xop/include' href='cid:0b83cd6b-af15-45d2-bbda-23895de2a73d'/>
             </Contents>
           </File>
         </Document>
       </Service>
     </GenericRequest>
   </S:Body>
</S:Envelope>


--MIME_boundary
Content-Type: application/zip
Content-Transfer-Encoding: binary
Content-ID: <0b83cd6b-af15-45d2-bbda-23895de2a73d>


...binary zip data...


--MIME_boundary--

The hard work is done by relying on the multipart handler library, from danieln. Basically it

  • reads the inbound message
  • parses the first part as an XML document and removes nodes there
  • creates a new multipart output stream
  • writes the modified XML doc and its headers as the first part
  • writes the 2nd part (the binary attachment)
  • and done.

Thanks this works as expected, however the logic that's written to parse the XML doesn't go well with SOAP 1.2 message.

Example:

Content-Type:

-------------
multipart/related; boundary="uuid:7c569c20-7d75-4791-ad80-5f8dd65584aa"; start-info="application/soap+xml; action=\"urn:xyz.SendMessage\""; type="application/xop+xml"; start="<root.message@cxf.apache.org>"

Error:

Error: ContentType parameter value has garbage after quoted string at 98: boundary="uuid:7c569c20-7d75-4791-ad80-5f8dd65584aa"; start-info="application/soap+xml; action=\"urn:xyz.SendMessage\""; type="application/xop+xml"; start="<root.message@cxf.apache.org>"