I have Axis2 created web service client. This service uses both SSL and WS-Security so I use rampart. I think that my client sends correct query, but I got exception:
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at pl.firstdata.www.wdx.business.card.CardServiceStub.getBalance(CardServiceStub.java:1570)
at pl.firstdata.www.wdx.business.card.wdx_client.main(wdx_client.java:164)
Is there any way to see "bare" query and response with HTTP headers?
While this service use SSL I think I cannot use HTTP monitor, and this should be done by axis2 after "applying" WS-Security but before SSL. I can enable such logging on my emulator (without SSL) and it seems like that:
POST /webservices/emu/get_info.hdb HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: ""
User-Agent: Axis2
Host: 127.0.0.1:8765
Content-Length: 4585
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><xenc:EncryptedKey Id="EncKeyId-0D71FF61F3796881F812803190645315"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference><wsse:KeyIdentifier ...
...
Use the tcpmon tool for this.
Please note that in most Linux based installations, this will most probably be built for you. Once you've done with the building process, you can find the executable at ${AXIS2C_HOME}/bin/tools on Linux, or at %AXIS2C_HOME%\bin\tools on MS Windows.
I use stunel with tcpmon. Steps:
my axis2 app do normal HTTP query; this query is send to tcpmon
tcpmon logs it and sends query to stunel
stunel adds SSL and sends endcrypted query to destination server
stunel receives encrypted response, decrypts it and sends back to tcpmon
tcpmon logs decrypted response and sends it to my axis2 app
Related
I am running tomcat server and trying to consume .NET SOAP WS.
Doing that with apache.cxf.
The .NET WS has cluster on it's side, and when restart has performed on one of the machines, I get
javax.xml.ws.WebServiceException: Could not send Message.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:148)
...
Caused by: java.net.SocketException: Connection reset
To avoid this, I want to work with connection=close header only for this WS consuming.
So, on creating SOAP messages, I send
HTTPConduit conduit = (HTTPConduit) iMyFlowWSClient.getConduit();
conduit.getClient().setConnection(ConnectionType.CLOSE);
And I see on wireshark that the header get the right value:
Connection: close\r\n
But, when first call to WS is performed(looks like import of xsd's) on initializating of wsdl url by constractor of java.xml.ws.Service:
protected Service(java.net.URL wsdlDocumentLocation, QName serviceName) {
delegate = Provider.provider().createServiceDelegate(wsdlDocumentLocation,
serviceName,
this.getClass());
}
I see on Wireshark the next headers:
Hypertext Transfer Protocol
GET /MyFlow.svc?wsdl HTTP/1.1\r\n
Content-Type: text/xml\r\n
Accept: */*\r\n
User-Agent: Apache CXF 3.0.0\r\n
Cache-Control: no-cache\r\n
Pragma: no-cache\r\n
Host: 123.123.12.34\r\n
Connection: keep-alive\r\n
\r\n
[Full request URI: http://123.123.12.34/MyFlow.svc?wsdl]
And that I believe what keeps alive this connection to WS.
Is there any solution to configure apache.cxf headers to send connection=close on all requests that performed on HTTP level?
No, and it looks to me that you will only be able to reduce the problem, not eliminate it. The problem seems to be on the .NET side; closing down the connections is somehow not done right.
I am making a proxy application for a browser. It has to use only the standard libraries. So far, I've managed to create the server. When trying to access a web page from a client, i get the following information:
CONNECT gmail.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 Firefox/49.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: gmail.com:443
My question is: what to use in order to handle the requests? How to handle a file download?
Once you get that CONNECT command, do what is asked: create the upstream connection, and return the appropriate success/failure response. If the upstream connection was successful, all you have to do now is copy bytes in both directions, simultaneously. The endpoints will take care of all SSL issues, uploads, downloads, etc. You have no further role to play.
The general behaviour of a proxy is as follows:
Receive request from browser
Make a request to the actual server, resolving all redirects if necessary
Get the response from server and passit on to client
I am not getting into complications of changing request/response headers, caching etc.
Now from the above, you are making a SSL connection to gmail.com refer.
The browser is actually sending correct request, in this case you need to implement the handshake and connect to gmail with HTTPS offloading SSL on your side and sending the response received to the browser through the negotiated SSL with the browser.
Suggestion is to use HTTP instead of HTTPS, if this is not a production grader system and try out the concept first
I have a following scenario:
Oracle Web Service consumer procedure
Web Service gateway implemented using JAX-WS (runs in TomEE 1.7.2)
External Web Service
External web service is secured using HTTPS, but for testing purposes also has an unsecured version.
(1) and (2) interact over http
(2) and (3) interact over https
and for testing purposes (2) and (3) can be set to use http.
(1) consumes http version without any problem, but when we switch to secured channel, oracle (utl_http.get_response method) complains about http protocol error. SoapUI doesnt have any problems, reads soap response.
Here is the HTTP Response headers in SoapUI:
HTTP/1.1 200 OK
Connection: keep-alive
Date: Fri
Date: 27 Nov 2015 05:31:38 GMT
Server: nginx/1.2.6
Transfer-Encoding: chunked
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Oracle Corporation/1.7)
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
I am guessing the problem is in duplicate "Transfer-Encoding" header, as it might get appended to the first like "chucked, chunked" and oracle might not be smart enough :D to parse it.
Anyone has experienced this kind of a problem? Any suggestions?
Run in comments if you want more details to be able to help.
Thanks in advance!
I'm using jax-rs on glassfish 3.1.2 and plan to migrate to glassfish 4.1. But after doing some tests I discovered that one of our client apps sends http request with two 'Content-type' strings:
PUT /api/v4/topTen HTTP/1.1\r\n
Content-Type: application/json\r\n
Content-Length: 5105\r\n
Host: 10.19.76.2:8080\r\n
User-Agent: Apache-HttpClient 1.0\r\n
Accept: application/json\r\n
Content-Type: application/json; charset=utf-8\r\n
The problem is that glasshfish 4.1 does not accept this request and answers with '400 Bad request', but glassfish 3.1.2 processes it perfectly.
Unfortunately I can't change the the client because it was published and many people use it.
Is there any way to tune 4.1 to accept such request and process it?
Try with adding content-length in your request header.
I am getting this Error is java.io.IOException: Server returned HTTP response code: 500 for URL: exception while invoking the web service url that i have.
I am calling a .NET based web service through a framework built in java and getting:
Headers returned from the server:
Content-Length:736
Content-Type:text/xml; charset=utf-8
Server:Microsoft-IIS/7.0
X-Powered-By:ASP.NET
Date:Thu, 12 May 2011 08:51:45 GMT
java.io.IOException: Server returned HTTP response code: 500 for URL: "http://hcd
cd-bt01.hcch.com/HCCExceptionLogService/service.svc?wsdl"
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:1170)
at com.splwg.mpl.senders.http.HTTPSender.sendResponse(HTTPSender.java:34
5)
at com.splwg.mpl.sending.NewSenderManager.sendResponse(NewSenderManager.
java:191)
at com.splwg.mpl.sending.SameThreadSendingManager.callSender(SameThreadS
endingManager.java:63)
at com.splwg.mpl.stagingtable.download.OutboundMessageSender.handleRouti
ngs(OutboundMessageSender.java:361)
at com.splwg.mpl.stagingtable.download.OutboundMessageSender.sendRespons
e(OutboundMessageSender.java:95)
at com.splwg.mpl.sending.NewSenderManager.sendResponse(NewSenderManager.
java:191)
at com.splwg.mpl.sending.SameThreadSendingManager.processDestination(Sam
eThreadSendingManager.java:293)
at com.splwg.mpl.sending.SameThreadSendingManager.sendResponse(SameThrea
dSendingManager.java:252)
at com.splwg.mpl.sending.SameThreadSendingManager.doSend(SameThreadSendi
ngManager.java:208)
at com.splwg.mpl.server.async.ExecSendRequestProcessor.ProcessRequest(Ex
ecSendRequestProcessor.java:61)
at com.splwg.mpl.server.async.RequestProcessingThreadAdapter.run(Request
ProcessingThreadAdapter.java:46)
at com.splwg.mpl.server.PooledThread.run(PooledThread.java:91)
at java.lang.Thread.run(Thread.java:595)
The wsdl url which i am invoking is http://hcdcdbt01.hcch.com/HCCExceptionLogService/service.svc?wsdl
I have used SOAP UI 3.6.1 tool for testing this wsdl which is giving me the right result.
Headers that i have used are:
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://tempuri.org/IExceptionLogService/LogException"
POST
Host:hcdcd-bt01.hcch.com
http://hcdcd-bt01.hcch.com/HCCExceptionLogService/service.svc
SOAP UI HEADERS:
POST http://hcdcd-bt01.hcch.com/HCCExceptionLogService/service.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://tempuri.org/IExceptionLogService/LogException"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: hcdcd-bt01.hcch.com
Content-Length: 763
Can any body tell me what went wrong ?
It is a server error response, presumably on an internal service as the given address doesn't reside on the internet AFAIK.
You must get the server logs to establish what it does not like about your request.
Since the server sent the response code 500 - internal server error - I think you'll have to debug it on the server side, not the client side.
You should check the output of the server log.