I wrote a JAX-WS client using classes generated from wsimport to invoke a webservice. To test my client locally, I wrote an implementation of the webservice and published it locally and called it. Everything worked as expected.
One thing I noticed is that my client connects to the endpoint and issues a GET followed by another connection with a GET against the endpoint looking for the wsdl, and finally issues the POST with my payload in the same connection.
Here is the tcpmon output (edited to protect the guilty):
GET /someWS HTTP/1.1
User-Agent: Java/1.7.0_03
Host: 127.0.0.1:9877
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
----------------------------------
GET /someWS?wsdl HTTP/1.1
User-Agent: Java/1.7.0_03
Host: 127.0.0.1:9877
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
POST /someWS HTTP/1.1
Accept: text/xml, multipart/related
Content-Type: text/xml; charset=utf-8
SOAPAction: "document/http://someUrl"
User-Agent: JAX-WS RI 2.2.4-b01
Host: 127.0.0.1:9877
Connection: keep-alive
Content-Length: 610
<Valid Soap message here/>
Is this standard behaviour or I have messed something up? I am using JAX-WS RI 2.2. This works fine locally, but a certain production WS is quite unhappy with the initial GET request and throws a 500 and I was hoping that I could suppress the GET requests and just skip to the POST.
The client is not caching the wsdl file locally and hence you will see a GET request before every POST. The GET is for getting the wsdl file and the POST is for the actual web service request. Ask the client to cache the wsdl locally and refer to it.
Related
We have Web application for which, UI is hosted on one Apache server on one host and back-end REST API service is hosted on tomcat server on different host.
For UI : Node.js is used and it is hosted on Apache
For API : Java 8 , Spring REST is used and war file is hosted on tomcat 8.5.32
The Problem:
While using Chrome browser (Version: 71.0.3578.80) for all POST API calls the server responds with error code 403 (forbidden), but for IE browser(version 11.0.105), the same POST APIs returns response with status 200 (Success).
Above behavior is observed for all POST request.
Following are request and response headers for chrome browser:
Request Headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 6559
Content-Type: application/json
Cookie: <cookies>
Host: <myhost>.com
Origin: https://<myhost>.com
Referer: https://<myhost>.com/beta/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36
Response Headers:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://<myhost>.com
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/plain
Date: Mon, 11 Feb 2019 11:49:25 GMT
Keep-Alive: timeout=5, max=95
Server: Apache
Strict-Transport-Security: max-age=31536000
API call general details:
Request URL: https://<myhost>.com/services/v1/settings
Request Method: POST
Status Code: 403
Remote Address: <ip address>:443
Referrer Policy: no-referrer-when-downgrade
Request Payload:
{"userId":"test", "someFlag": "someValue"}
Could you help to understand what i'm missing in above headers?
Findings:
If we revert back to the tomcat version 8.5.29 from version 8.5.32 then POST API request calls works fine on all browsers.
I also found that there is fix done for Tomcat 8.5.32 to
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32 : Low: CORS filter has insecure defaults CVE-2018-8014 which might causing this issue but i'm not able to figure out the exact problem and what headers changes should i do to get this POST request work on Chrome browsers.
We have created a JAX-WS webservice, this service is being invoked by multiple clients. Some clients have configured timeout for API response. Even after sending success response, some client are stating that request is being timed out.
So is there any way to track, at what time a particular request hits the server and what time server responded back ?
I've enable http traces in weblogic server by using below properties
-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true
-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true
And request and response are appearing like below, where timestamp is missing
---[HTTP request - ]---
Accept: text/xml, multipart/related
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
---[HTTP response 200]---
null: HTTP/1.1 200 OK
Content-Length: 521
Content-Type: text/xml;charset=UTF-8
Weblogic Version is - 12.2.1
I am trying to read and parse an rss feed from a 2 jetty servers (Eclipse - Google Plugin): one with App engine SDK enabled and one without it.
1. When i test on the jetty run with app engine enabled it works fine
2. When i use the same code on a jetty server without app engine enabled i get the following message (because the received text is empty):
javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,1]
Message: Premature end of file.
I searched the code for a premature reading of the input stream (I use new URL(host) and url.openStream() to read the input), but the code is OK (if it wasn't it wouldn't probably work in the first case).
I used tcpdump (-s 1024 -l -A dst host.com -i wlan0) to examine the headers:
first case:
GET /rss/... HTTP/1.1
Host: www.host.com
Connection: Keep-Alive
Cookie: environment=a%3A2%3A%7Bs%3A4%3A%22skin%22%3Bs%3A7%3A%22default%22%3Bs%3A4%3A%22lang%22%3Bs%3A5%3A%22ro_RO%22%3B%7D; isPC=1
Cookie2: $Version=1
second case:
GET /rss/... HTTP/1.1
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.6.0_39
Host: www.host.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2
Connection: keep-alive
Could those headers be the issue ? Is there a way to set the exact same headers ? And would it solve the problem ?
I seams that the problem was the User-Agent header, which determined some servers to send empty content for some values (like Jav/1.6.0_39 in my case). I set the User-Agent to empty string and now the response is ok.
I am trying to upload a file with certain METADATA to an azure blob container.
When I do it with the .net SDK it simple sends one put and all metadata as it should be.
However, if I try with Java it sends 3 puts and the metadata won't be reflected until I issue a cBlockBlob.uploadProperties() command, and until the 3rd put.
Why is it going through 3 puts? is it an issue in the JAVA sdk?
This is the 1st put
*PUT /mycontainer/0721ef8f-8d70-4b91-9d1f-04757363f903.xml?blockid=AAAAAEm%2FC%2FE%3D& comp=block&sr=c&timeout=4&si=WriteOnly& sig=eUe%2Fe7kcFcmiIzOVNgqbXd%2BjlIN3ZQd8fkQq3IsHQVQ%3D HTTP/1.1
x-ms-version: 2011-08-18
User-Agent: WA-Storage/Client v0.1.1
Content-Type:
Host: certainhost.blob.core.windows.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 4613*
This is the 2nd put
*PUT /mycontainer/0721ef8f-8d70-4b91-9d1f-04757363f903.xml?comp=blocklist&sr=c&timeout=4&si=WriteOnly&sig=eUe%2Fe7kcFcmiIzOVNgqbXd%2BjlIN3ZQd8fkQq3IsHQVQ%3D HTTP/1.1
x-ms-version: 2011-08-18
User-Agent: WA-Storage/Client v0.1.1
Content-Type:
Content-MD5: hYRJFeM5RFH29bPj3oxhwA==
Host: certainhost.blob.core.windows.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 100*
<?xml version='1.0' encoding='UTF-8'?><BlockList><Uncommitted>AAAAAEm/C/E=</Uncommitted></BlockList>
This is the 3rd put (the one that shows required metadata)
*PUT /mycontainer/0721ef8f-8d70-4b91-9d1f-04757363f903.xml?comp=properties&sr=c&timeout=4&si=WriteOnly&sig=eUe%2Fe7kcFcmiIzOVNgqbXd%2BjlIN3ZQd8fkQq3IsHQVQ%3D HTTP/1.1
x-ms-version: 2011-08-18
User-Agent: WA-Storage/Client v0.1.1
Content-Type:
x-ms-blob-content-encoding: utf-8
x-ms-meta-x-ms-meta-versionCFDI: 3.2
Host: certainhost.blob.core.windows.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 0*
and this is the only put in .net SDK
*PUT /mycontainer/0721ef8f-8d70-4b91-9d1f-04757363f903.xml?comp=properties&sr=c&timeout=4&si=WriteOnly&sig=eUe%2Fe7kcFcmiIzOVNgqbXd%2BjlIN3ZQd8fkQq3IsHQVQ%3D HTTP/1.1
x-ms-version: 2009-09-19
User-Agent: WA-Storage/6.0.6002.18312
x-ms-blob-type: BlockBlob
x-ms-meta-versionCFDI: 3.2
Host: certainhost.blob.core.windows.net
Content-Length: 6841
Connection: Keep-Alive*
Something else, what does this mean?
<?xml version='1.0' encoding='UTF-8'?><BlockList><Uncommitted>AAAAAEm//E=</Uncommitted></BlockList>
It is sent in the second put, .net won't show it.
I believe what's happening is that JAVA SDK is splitting your file into blocks and uploading those blocks. The first PUT request a "PUT Block" request and the second one is the "Commit Block List" request and the 3rd one is the "Set Metadata" request. Based on the REST API documentation, you can set a blob's metadata during "Commit Block List" operation as well (http://msdn.microsoft.com/en-us/library/windowsazure/dd179467.aspx). It does seem odd that .Net SDK uploads this file in just one request while Java SDK splits the file in blocks and upload it. I wouldn't be surprised if this is how it is implemented in Java SDK. What's the size of the file which you're trying to upload?
Regarding your 2nd question, that's the payload for "Commit Block List" operation.
I'm watching CXF service traffic using DonsProxy, and the CXF client sends an HTTP header "SoapCompressed":
HttpHeadSubscriber starting...
Sender is CLIENT at 127.0.0.1:2680
Packet ID:0-1
POST /yada/yada HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SoapCompressed: true
Accept-Encoding: gzip,gzip;q=1.0, identity; q=0.5, *;q=0
SOAPAction: ""
Accept: */*
User-Agent: Apache CXF 2.2
Cache-Control: no-cache
Pragma: no-cache
Host: localhost:9090
Connection: keep-alive
Transfer-Encoding: chunked
I'd like to turn SoapCompressed off in my dev environment so that I can see the SOAP on the wire. I've searched Google and grepped the CXF source code, but don't see anything in the docs or code that reference this. Any idea how to make the client send "SoapCompressed: off" instead, without routing it through Apache HTTPD or the like? Is there a way to configure it at the CXF client, in other words?
A grep of the CXF codebase doesn't yield "SoapCompressed" at all. I really don't think it's CXF that is sending that. The Accept-Encoding thing is also suspect as that is only sent if you enable the GZIP interceptors. Is it possible that the proxy thing you are using is adding it?
The client for org.apache.cxf.jaxrs.client.AbstractClient has points where you set the headers in a key-value map (Map). "SoapCompressed", "false".