I am realizing a soap client in which I consume the services of my server.
The problem is that when I send the request, I always get a 401 error.
Anyone know how to send the credentials in the header since JAX-WS?
I was following this tutorial: http://cxf.547215.n5.nabble.com/Retrive-WSDL-using-basic-authentication-td5724416.html
But I did not work
Related
I have exposed few response headers through mule unfortnately the clinet (browser ) unable to see or missing the resposne headers at client side. I really dont know what exactly i have to configure in mule for expose the custom header responses to browser.
I see in internet like this header can help me to fix the issue but im not sure and also i dont know how to define this header in mule side.
access-control-expose-headers
Colleagues,
I have SOAP web-service based on CXF implementation with enabled SSL & WSS configuration (cofigured using WSP).
I have test tool for testing this service also written using CXF.
Positive cases are working. Trying to test negative cases with security errors (wrong certificate / signature).
I have requirement from customer that in case of security errors return fault:401 and HTTP response code 401.
Problem:
When I return HTTP code 401 from web-service on receiver side (in test tool) I receive Marshaling errors because of incoming internal InputStream is empty (without content). When I return any other HTTP code (200/403/419/500/503) - there isn't any problem on receiver side! And I'm able to see SOAP fault with message generated in web-service side.
Questions:
Maybe there are some specific handling 401 HTTP code in CXF ?
Maybe there are some specific requirements in SOAP in general ?
If returning 401 HTTP code in SOAP it's bad practice could you please provide documents/source code to prove this behavior and help me change customer requirements. I tried to look throw the code and haven't find place where this case handles
P.S: Tried to capture traffic using WireShark and RawCap and tried to decode it without success.
I think answer in this question will help you
question
The question also includes a reference to the soap specification for your customers about fault response codes.
Be careful because there are some major differences between SOAP 1.1 and SOAP 1.2 in the allowed HTTP status codes when a SOAP fault is returned.
in SOAP 1.1, the status code must always be 500 “Internal Server Error”.
in SOAP 1.2, it varies based on the type of the SOAP fault
I am using Jaxws to consume a webservice. while iam sending request i need to send an object in the request headers. When i am invoking the service from Soap-UI iam successfully getting the data. but the same in java i am unable to get it. I researched a lot on this any one know please help me how to do it.
Here is my java code
//getting the service
MyService servc = new MyService();
MyServiceSoap soap = servc.getMyServiceSoap();
//call the service
System.out.println(soap.SERVICE_A("123456789")); //getting null as response because i am not setting userid, password
I want to set the userid,password to the Authentication pojo object and set it to the soap headers and send the request. how i can do this.?
Here is my Soap-ui request screenshot
Please see the SoapUI request format
My Questions is : How to send a java object in the soap request headers.?
Thanks in Advance,
Praneeth.
From my understanding, what you're lacking is the Basic Authentication headers, where you pass the following in the HTTP header:
Authorization: Basic <Base64(username:password)>
Check in your SOAP-UI if the request sends this.
Here are some SO topics that may help you implement it:
Java Web Service client basic authentication
How do I consume a web service protected with HTTP basic authentication using the CXF framework?
I have followed the techinical guidance in the below link. But I am not able to get a clear idea how i can configure that in my spring rest framework.
Offloading https to load balancers with Spring Security
My requirement is before the actual request comes to my rest api, it's hitting the Amazon elb. Elb is converting https to http. But I need to check the original request is HTTPS and it's properly converted to HTTP using the ELB.
I have gone through the SecureChannelProcessor and InsecureChannelProcessor.
I am expecting my request should be HTTPS before hitting the ELB and after the ELB it should be HTTP. That validation check should be handled in my REST API Code. END USER REQ ---(https)----> ELB -------(http)--> REST API in my rest api, I should be able able to check the X-Forwarded-Proto (Or request type) should be https and it's been converted as http in my ELB.
But Not getting a clear idea. Any help will be appreciated.
I wrote a context.io 2.0 java client for : accounts,discovery, threads and messages operations to be used in my project (based on the available ContextIO Java client).
My code is at : https://github.com/dileepajayakody/isis-reputationbox/blob/master/reputationbox/dom/src/main/java/at/tomtasche/contextio/ContextIO_V20.java
While testing it, when I invoke the accounts request: https://api.context.io/2.0/accounts and discovery requests (eg: https://api.context.io/2.0/discovery?email=testemail#gmail.com&source_type=IMAP, I successfully get the desired response with a HTTP 200
However when I invoke the messages, threads, contacts requests by adding the account_id parameter in the request URL (eg : https://api.context.io/2.0/accounts/1234ff425ad/messages) I get an empty JSON array with a HTTP 403 Forbidden response.
When I try out the same request in the contextio developer console, I get the response without a problem.
I don't think it's something wrong with the way I sign the oauth request since it's the same way I sign for accounts and discovery requests for which I get the contextIO response properly.
Any help in resolving this error is much appreciated.
Thanks,
Dileepa
I don't think the issue is related to oauth request signing, since we normally return 401 or 404 messages for errors there.
The fact there's no body content with the 403 response leads me to believe your api_key does not own the account specified. If it did own it then we would include a json array with type, code, value parameters to help debug the issue. If you have two developer accounts then you may just be using the wrong one for this test.
I hope this helps. If not, please feel free to contact us at support#context.io.
Thanks!
Dan