I've got a question regarding how to configure my security handlers
(actions), since they don't behave like I would want them to. Here's the
facts that I've found before going into the specifics of my 'problem':
A) The order of actions
In [1] under "Combining security actions", there is an example the WS
Interoperability specifications:
1) Insert a UsernameToken, use PasswordText to set the password. In
addition add a timestamp and a nonce into the UsernameToken
2) Encrypt the UsernameToken to protect the information.
That should be configured like this
<parameter name="action" value="UsernameToken Encrypt"/>
Should first 'things' first, and very intuitive.
Okay I'll add a Timestamp prior to that, so that'll be:
<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
Enenthough the timestamp is'nt important for my problem is does make it some
what clearer.
B) processing order
In the WS-Security spec [2] section 5. "Security Header", it says:
<quote>
As elements are added to a <wsse:Security> header block, they SHOULD be
prepended to
the existing elements. As such, the <wsse:Security> header block represents
the signing and
encryption steps the message producer took to create the message. This
prepending rule
ensures that the receiving application can process sub-elements in the order
they appear in the
<wsse:Security> header block, because there will be no forward dependency
among the sub-
elements. Note that this specification does not impose any specific order of
processing the sub-
elements. The receiving application can use whatever order is required.
When a sub-element refers to a key carried in another sub-element (for
example, a signature
sub-element that refers to a binary security token sub-element that contains
the X.509 certificate
used for the signature), the key-bearing element SHOULD be ordered to
precede the key-using
Element:
</quote>
C) sequence af serialized ws-security
The following examples are all taken from client-side requests!. My first
example is based on :
<parameter name="action" value="Timestamp UsernameToken Encrypt"/>
With no specific 'encryptionParts', so it'll encrypt the soap body, I've
inserted it as a big footnote to keep this text readable [3]. The child
elements of the 'wsse:Security' element are, taken from the top:
1) 'xenc:EncryptedKey'
2) 'wsse:UsernameToken'
3) 'wsu:Timestamp'
That looks like just the opposite of what I expected, so I'll try and turn
it around:
<parameter name="action" value="Encrypt UsernameToken Timestamp"/>
And then I get [4] where the order is just the way I wanted them. Now'll
insert am 'encryptionParts' so that it's the UsernameToken that get's
encrypted. Ups, that did not go well:
Exception in thread "main" AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllSender: Encryption: error during message
processingorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
.0.xsd}UsernameToken)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Encryption:
error during message processingorg.apache.ws.security.WSSecurityException:
General security error (WSEncryptBody/WSSignEnvelope: Element to
encrypt/sign not found:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
.0.xsd}UsernameToken)
at
org.apache.ws.axis.security.WSDoAllSender.performENCRAction(WSDoAllSender.ja
va:455)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:316)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
...
Uhmmm, that did not work, but had i change the sequence of the 'Encrypt' and
'UsernameToken' in the 'action' parameter I would get through but with the
'wrong' ordering of the serialized elements. One last try, I'll do it in two
steps, that surely must be a way around eventhough not that intuitive:
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="UsernameToken Timestamp"/>
...
</handler>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Encrypt"/>
...
</handler>
But the result [5] is still with 'xenc:EncryptedKey' at the top (both with
and without 'NoSerialization'), and to some degree it makes more sense since
this is prepended the existing elements.
So after going through all this:
1) what should I do different?
2) is this an error?
3) does it not matter at all?
I certainly think it does matter and that it can make it harder to configure
for interoperability, but would like a second opinion.
Regards Brian
[1]http://ws.apache.org/ws-fx/wss4j/package.html
[2]http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-secu
rity-1.0.pdf
[3]
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd">
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1
UEBhMCREsxEzARBgNVBAgT
CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL
EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp
dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw
EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV
MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB
FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx
+HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6qvNW
utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1QwID
AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ
BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F
O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K
eyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Fo7OjT1pNea1e2u3SqJruV64X6h3Zl+R62/cL9GEg7pv8ZPzQZX/VJnPqv
JSGELyl5WED0/yPnOS
xHNHEvrZ6OanhQNxjwhOem93O1MKmz0NlreXdthQP2HAieGb9OW14suOJhaxoViJUXEICNN/A5wM
PdhW9ZfuW2KfsLG7rVg=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-26622782"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:UsernameToken>
<wsse:Username>benny</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">bennysPassword</wsse:Password>
</wsse:UsernameToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<wsu:Created>2005-05-06T20:34:06Z</wsu:Created>
<wsu:Expires>2005-05-06T20:39:06Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="EncDataId-26622782"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>OaOy3N1efI+f3v/F48zxJi/lPT1IQAe9Oa4zLSY4hoRo//aEsIjT/A5H1A
ziwPp18aHs7bE0WWJS
e1JsigoikCjYmFHzE/8ycFx6K6mTn+PTyDobjb7886hQWv0d4ykoz/P8Z/Lomm06tbiiS8ZQYeZZ
26fsUpOatdxWtgPlKsv5BCGdhTURwDoqqm36ukM5o4nhD6Jd59swLlpy3IBsv1lqMfEP/EZHY4Vg
ejJxK2ZJtghd8++I0swRvxdUQ51Fvk1JbaQDL8R4jDSBDTnU8VC5Hnc/+jSx5MRYcx1be2tVFH/3
XhDeUSfku9HQYhJcUKHZs+W4CTsCSHdWU5uK0yg074vfc18E4mAAbRezU5gr2/SdzrPu8iSpyo3K
5DtlfHI0OtCtFs+cLtYP9UsW+UpyLDMeA2FmE0KGTvBHy51gyACfjJiq6dGlZMmUlJeV</xenc:C
ipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
[4]
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<wsu:Created>2005-05-06T20:35:16Z</wsu:Created>
<wsu:Expires>2005-05-06T20:40:16Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<wsse:Username>benny</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">bennysPassword</wsse:Password>
</wsse:UsernameToken>
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1
UEBhMCREsxEzARBgNVBAgT
CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL
EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp
dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw
EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV
MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB
FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx
+HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6qvNW
utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1QwID
AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ
BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F
O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K
eyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>VFKi6bc8ErjMRQaN+Ir7rZ9hfLlPOZysYLF71z+afA+tWC9tFIQO1rsqTG
JdqIxWVjRwUMO2Gznj
w9BTHUZkgVQKgju92XCM6dYtQK+19H/7O39UQKTCklEZnDAPMjjw6dTrKRqLWD/E/gX0YXpSbFmb
/lfJNxoCkNW1FrY2maM=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-3556929"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="EncDataId-3556929"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>ywYGy+KP4teYT0z0CqFvnteu6czZNSyFbUcR1IQlThjqR5mKJVUeF6pHD6
9iy1yh5wMFmJQMzIGr
eFtrp73XTLdXNf+gCtsBN0Wpy2m36Ee+06BH1n+v+GY9qGM57Ol42zIYC13MErrGvNFCo0fssIr7
BZ5g9Iv/qZZYxZj8Atf5NMKUgyMsM216EmtSATu3a79B7InK2v3MsQ29CDpZa67TqvXLwradkhA5
mLNSv3TVHNoPXEtxWVyVMsKydYX39vaUeprPtuJ+W5j0KdyuxvYn92MN7me1qdoxshfyvYKqaadp
4ulQiBdu0+3qr0q+Sj17058f6Yo3Wjar49Pr1KNGDTmpaR/5aeXKfss6qFP1+0fdmDqjj2KPC2ji
n32hzUjsrtzD8DLW3/B0Kkoh8xR3z+J8/swWBe0tnzk/qYcKnmEtKbJGWevr1umERI+K</xenc:C
ipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
[5]
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd">
<xenc:EncryptedKey>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3">MIICojCCAgugAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1
UEBhMCREsxEzARBgNVBAgT
CkNPUEVOSEFHRU4xDTALBgNVBAcTBENJVFkxFDASBgNVBAoTC0Zha2UgU1NMIENBMRQwEgYDVQQL
EwtJVCBESVZJU0lPTjEUMBIGA1UEAxMLRkFLRSBTU0wgQ0ExGjAYBgkqhkiG9w0BCQEWC2JuaUBp
dHN0LmRrMB4XDTA0MDkyOTA4MDkwMloXDTA3MDkyOTA4MDkwMlowgY4xCzAJBgNVBAYTAkRLMRIw
EAYDVQQIFAlCSVJLRVLDmEQxJDAiBgNVBAoTG0RFVCBDRU5UUkFMRSBQRVJTT05SRUdJU1RFUjEV
MBMGA1UECxMMQ1BSIEtPTlRPUkVUMRMwEQYDVQQDEwp3d3cuY3ByLmRrMRkwFwYJKoZIhvcNAQkB
FgpjcHJAY3ByLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC31NZppksvJ1ilKuBD6flx
+HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+P8eSa/6
+HOjDGr8XsOsHDnyaJ+ovGJMCbSlvP2Shdo374im2i7KsF6fZDnNdPTkolU3RxOQ+qvNW
utsdxVuPaB6rZwzy4gpNFP+7KvuIQZVVxOA9NMqXv1VDzBb5hV/DAcAlnyos7IjtsmsoNTX1
utsdxVuPaB6rZwzy4gpNFP+QwID
AQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAKR/kL3zvnWQr0V/zr0qNWQvUfhZ
BFMy03RuAJw3G51L/mhUiXH8mMPjB9uozQ9FiAzZ9mQ/Ebt7tHUNE+fgPMWg/rO2wfmwvnp0Mp/F
O/5DVS4hwun+3me6wNi5GBDmlKiOWFXWnHxKsKVEx5weAsebgeh1JijGtSGK0NZnrU8Z</wsse:K
eyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>NGbRneWj5Xmv/U2YevVoBqV/iIiyCjqPpiqdo4ctK28102Dlfb0tnBuDiY
WgsHCY+CBTpRqmhb5O
zhKyYa7QnXtCSSsWETm537Sb2Rl0SgYgV0US331N/qbiII86B5uElgk8+PbmKhCqY1piCXg6sPY0
GWwm3GnrVZGKTnCOxO4=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-28524838"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<wsu:Created>2005-05-06T20:52:26Z</wsu:Created>
<wsu:Expires>2005-05-06T20:57:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken>
<xenc:EncryptedData Id="EncDataId-28524838"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>Xu2hWw6vcVgP4kw8OR/a3Tz2BjM2M9rr3+CUrNrXmqkRZ+5P/Ejb7QbeH5
KxOI6vmMbCIVAuVXGd
THpHIYH4lenXH3Kd8FCO2uVmUsRbPlP9aiVaWUrbCK4SM5+MZVC0WAAVfgzCaepquqA+hsoj
THpHIYH4lenXH3Kd8FCO2uVmUsRbPlP9aiVaWUrbCK4SM5+MZVC0WAAVfgzCaepquqA+/MoV
Y/eeLHAma0WHRDH7ikycOHyxsj8rEqe7mlSPORCvuyLm2p6s8TAJs0fZuVh0KOZln6RN6rbdgS5Z
CPDvBrE95E3ey/yBd9REBwKjvqcamPvXyK63hQv43E8/tzXXwZmv5B3hmdL8xXmIMtOdG8rhHOCx
T6VH1s3wjJ7+AB/4xn7xw/WGm/cFRT4SPaY/zAifpcGjq/Zw+TKrnk1NVvYbD7BpnG2dUkp0
T6VH1s3wjJ7+fdUS
KBWJy/74pJIC7f4Y0dx/M7QwV0aS2EzPZSsb2Mwu0yvuAJpg1CE4SRUn0QmngAdyTK3K9WFMGFu/
wbv9QdqzTkOAsk0TTCKt8ZAjpGS+K/f1mCvv6KwLofM3dkMMpqIx9J4A6AZBf0Hd2g7J0Saz
wbv9QdqzTkOAsk0TTCKt8ZAjpGS+ERkN
8kXxiQP9RubGYW9Xpa+E6BbGS/D7992oB8YVoid47x+itiLMKCaCTE2WHto96KGI7UwXmK6G
8kXxiQP9RubGYW9Xpa+xou6
gjnORTMvhtH24tn4iMAHIa8mlh8DwIOjSd5tZZuB6xBF6EAh/fd+HQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<CivilRegistrationNumber
xmlns="http://rep.oio.dk/cpr.dk/xml/schemas/core/2002/06/28/";>1212561234</Ci
vilRegistrationNumber>
</soapenv:Body>
</soapenv:Envelope>
