How do I add custom SOAP Headers with specific namespaces and prefixes with Spyne?

Question

I'm trying to emulate an existing Axis 1.4 Service using Django + Spyne 2.11/2.12.x and need WS-security Timestamp token with specific namespace prefixes (wsse / wsu). I use this with a suds digital signature plugin (sudssigner) which already works correctly.

What is the recommended way to add dynamic SOAP headers to spyne?

How can I force the usage of concrete namespace prefixes?

Update: The WS Response should as close as possible to the following example:

<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-15452452">
                <wsu:Created>2016-02-01T10:14:54.517Z</wsu:Created>
                <wsu:Expires>2016-02-01T10:19:54.517Z</wsu:Expires>
            </wsu:Timestamp>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2088192064">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <ds:Reference URI="#Id-1052429873">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>...</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#Timestamp-15452452">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <ds:DigestValue>...</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>
...
                </ds:SignatureValue>
                <ds:KeyInfo Id="KeyId-8475839474">
                    <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-680050181">
                        <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">...</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1052429873">
...
    </soapenv:Body>
</soapenv:Envelope>

Thanx in advance.

Burak Arslan · Answer 1 · 2016-02-01T18:53:40.593

0

What is the recommended way to add dynamic SOAP headers to spyne?

Spyne already implements dynamic SOAP headers. If you're asking about adding a SOAP header to a response using Spyne, see here for an example:

https://github.com/arskom/spyne/blob/dec5286212602fb793db10ea67c5a1bdcad36315/spyne/test/interop/server/_service.py#L144

How can I force the usage of concrete namespace prefixes?

What's a "concrete namespace prefix"? If you want your objects to be in a namespace (concrete or not), put them in one:

class SomeClass(ComplexModel):
    __namespace__ = "https://a.very.concrete/namespace"

    i = Integer
    s = Unicode
    # etc

edited Feb 01 '16 at 18:53

answered Feb 01 '16 at 18:45

Burak Arslan

7,671
2
15
24

Use `wsse` as prefix for namespace `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd`, and `wsu` for `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd` – erny Feb 01 '16 at 22:24
1

Spyne is just an xml library, it does not implement wsse. You need to set `__out_header__ = Security` in the service definition, where "Security" is a class that YOU implemented according to the WSSE spec. – Burak Arslan Feb 02 '16 at 15:37
@BurakArslan I defined `Security` as a subclass of `ComplexModel` and added `__in_header__ = Security` to my Service class. This approach works for sending a raw xml payload eg via postman, but when i try to consume the service with a client library i get an error because the client library is looking for a message called Security within the namespace (`http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd`) is there a way to avoid this? I don't want security to be defined as a message in my WSDL. – teebagz Sep 10 '19 at 14:34
I solved the namespace issue by subclassing `ComplexModel` and overriding `resolve_namespace` function to give the message a different namespace in the WSDL. The service can still accept and process the wsse:Security tag in the header. – teebagz Sep 11 '19 at 11:44

How do I add custom SOAP Headers with specific namespaces and prefixes with Spyne?

1 Answers1