I am relatively new to SOAP web services, and it seems to be a basic thing, but still, I cannot find the way so solve it. I have a SOAP server written using Spring WS with XWS security. These are the relevant beans:
<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration"
value="classpath:security-policy.xml"/>
<property name="callbackHandlers">
<list>
<ref bean="passwordValidationHandler"/>
</list>
</property>
</bean>
<bean id="passwordValidationHandler" class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="user">*****</prop>
</props>
</property>
</bean>
And the following is security-policy.xml:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/>
<xwss:UsernameToken digestPassword="true" useNonce="true"/>
</xwss:SecurityConfiguration>
The thing is that I want to extablish a digest authentication using nonce (a one-time token that prevents an intercepted request from being sent again). As far as I know (and it is described here http://www.whitemesa.com/soapauth.html#S4), the server should create a challenge (nonce and timestamp, I think) and then the client should encrypt it with its password and timestamp and send it back to the server for verification. And this it should work for every request. Even if the user sends an empty request, the server should provide a challenge. But in my case it does not work. Am I missing something?
As it turned up, it is not necessarily the server who should generate nonce. I generated it on client, concatenated and hashed it according to the rules and then sent to the server. Frankly speaking, I could only find the root of error by debugging Spring WS sources and looking for where exactly an authentication problem is.
Related
I'm doing a stress test on an API deployed in wso2 integrator server with a high number of requests. Every stress test session. I always get the first response as fault response with an
error code 500 (internal server error)
And the remaining responses are fine.
I noticed that if the session is expired and if I want to send a request with this session id, above problem is produced.
I'm using wso2ei 6.5.0 as my server application version.
Can anyone help me please to avoid this message?
Try adding the following properties to the API sequence.
<property name="NO_KEEPALIVE" value="true" scope="axis2"/>
<property name="DISABLE_CHUNKING" value="true" scope="axis2"/>
This will make sure that connections are properly closed in-between the test sessions.
I am very new in WSO2 and I have the following problem.
I am developing an ESB application that achieve the following tasks:
Perform some DSS queries on a local database.
Use the retrieved data to build some XML documents.
Send all these documents to a remote web service (implemented in PHP).
Obtain the web service responses (a specific response for all request that contains one of these generated XML document) and use its content to store a value on the previous local databse.
The web service receiving the previous request containin an XML document stores the document content on another database.
I have implemented this ESB application, and it seems to works (but I am finding some problem that I will explain later) using the following logic:
I have created an API containing an in sequence that perform the queries, build the XML documents, send these documents to the web service, something like this (I can't post the entire code because the XML creation logic is pretty big):
<?xml version="1.0" encoding="UTF-8"?>
<api context="/glisTest2" name="glisTest2" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET" outSequence="glisOutSequence">
<inSequence>
<payloadFactory media-type="xml">
<format>
<body/>
</format>
<args/>
</payloadFactory>
<header name="Action" scope="default" value="urn:FindNotProcessed"/>
<log level="full"/>
<callout endpointKey="prgfasEndpoint">
<source xmlns:ns="http://org.apache.synapse/xsd" xmlns:s11="http://schemas.xmlsoap.org/soap/envelope/" xmlns:s12="http://www.w3.org/2003/05/soap-envelope" xpath="s11:Body/child::*[fn:position()=1] | s12:Body/child::*[fn:position()=1]"/>
<target xmlns:ns="http://org.apache.synapse/xsd" xmlns:s11="http://schemas.xmlsoap.org/soap/envelope/" xmlns:s12="http://www.w3.org/2003/05/soap-envelope" xpath="s11:Body/child::*[fn:position()=1] | s12:Body/child::*[fn:position()=1]"/>
</callout>
<log level="full"/>
<property expression="count(//ds:Sample)" name="total_samples" scope="default" type="STRING" xmlns:ds="http://ws.wso2.org/dataservice"/>
<log level="custom">
<property expression="$ctx:total_samples" name="total samples: "/>
</log>
<!-- Iterate throug samples -->
<iterate expression="$body//ds:Sample" id="ITR_AGG" sequential="true" xmlns:ds="http://ws.wso2.org/dataservice">
<target sequence="sampleDataSequence"/>
<!-- This is my main sequence. It will call some other sequece in cascade: -->
</iterate>
</inSequence>
<faultSequence/>
</resource>
</api>
The callout mediator is used to obtain to call the DSS service that performs query to obtain data.
Now in this section of code:
<!-- Iterate throug samples -->
<iterate expression="$body//ds:Sample" id="ITR_AGG" xmlns:ds="http://ws.wso2.org/dataservice">
<target sequence="sampleDataSequence"/>
</iterate>
I am iterating on each retrieved element and for each element I will basically build an XML that will be send to the remote web service. All this logic (pretty big because the XML documents contains many fields) are contained into the sampleDataSequence sequence (this sequence will be performed at each iteration to build and send an XML document).
I am not attaching the entire code, at the end of the sampleDataSequence sequence I perform the web service call (a POST request) passing to it the current XML document (generated in the current iteration), in this way (previously I put the current XML document in the body request):
<property name="messageType" scope="axis2" type="STRING" value="application/xml"/>
<property name="HTTP_METHOD" scope="axis2" type="STRING" value="post"/>
<send>
<endpoint key="glisEndpoint"/>
</send>
So, for each iteration, I build a brand new XML document and I send to it to my web service (this works, the web service receive it).
So the in sequence end, then there is the out sequence that that receives and collects all the web service responses so then it can parse these response one by one and write a record into a result table on my local database.
I have done it in this way:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="glisOutSequence" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<aggregate id="ITR_AGG">
<completeCondition>
<messageCount max="-1" min="-1"/>
</completeCondition>
<onComplete expression="s11:Body/child::*[position()=1] | s12:Body/child::*[position()=1]" xmlns:s11="http://schemas.xmlsoap.org/soap/envelope/" xmlns:s12="http://www.w3.org/2003/05/soap-envelope">
<property name="it_count" scope="operation" type="STRING" value="0"/>
<!-- Iterate over responses. For correct count calculations they should
be sequential -->
<iterate expression="$body//response" id="ITR_RES" sequential="true">
</aggregate>
<log level="custom">
<property expression="$body" name="AT THE END"/>
</log>
<send/>
</sequence>
So basically I am using the 2 Enterprise Integration Pattern provided by WSO2 ESB: Splitter and Aggregator to achieve this task. It seems to me that this should be the standard solution for this type of task (when you have to send n message to an external web service and then collect and operate on the n response from this web service). Is it my architecture the standard one for this type of task?
I am asking it because now I am finding the following problem:
I have deployed this application on a test environment and we are obtaining the following problem.
The test environment have both this WSO2 ESB application and the contacted web service installed on the same laptop computer (but in the production environment these system will be on different computer because there will be many WSO2 ESB application and a single central web service that will receive message from these ESB applications).
The problem is that the WSO2 application generate a lot of XML documents (something like 1000). So it will be perform 1000 consecutive POST requests to the web service.
The web service receives all these requests (containing the 1000 XML documents that have to be inserted into another database) but after a certain number of DB inserton, the DB (Postgree) give a too many clients exception.
So this exception could be related to: connection not closes, result set not closed or something like this.
My personal opinion (it could be wrong) is that it should be a problem related to the back end of the web service and not to my WSO2 ESB application. But the person that are testing it says to me that maybe the WSO2 application doesn't close the connections.
It seems strange to me baceusa it is an error on the DB and not on the web service but I really have no idea.
Another thing is that I fix this problem putting a delay of some milliseconds before send the POST request to the web service, in this way:
<!-- Inserted a short delay to prevent flooding the GLIS server -->
<script language="js">java.lang.Thread.sleep(200);</script>
<property name="messageType" scope="axis2" type="STRING" value="application/xml"/>
<property name="HTTP_METHOD" scope="axis2" type="STRING" value="post"/>
<property name="ClientApiNonBlocking" value="true" scope="axis2" action="remove"/>
<send>
<endpoint key="glisEndpoint"/>
</send
Putting a short delay before send the request it seems to works fine. My idea is that maybe the problem is that in this test environment both the ESB application and the web service application are installed on the same laptop so the comuncation is very very quick (there is not a net in the middle) so the ESB application shot 1000 request very quick, the web service can receive it but it can't write on the database.
Could be the problem?
Another doubt is: who are testing the application says to me that maybe I am using the wrong enterprise integration pattern to achieve this taks and that I should perform the web service call and elaborate the response one by one (for each XML document). In my personal opinion this should be impossible using ESB logic because if I send a single XML to the web service, when it give me a response ESB enter in the out sequence and so the ESB application will end after processing a single document (because I think that I can't come back to the in sequence after that the out sequence is completed). Is it my reasoning correct?
So, at the end: could be a problem of the test environment (both application on the same PC), or a problem of the PHP web service back end application (result set not closed or something like this, it seems strange because using the delay it works) or could be something related to my ESB application?
My personal opinion - I do not see how "not closing connections" from WSO2 side (acts as a client for PHP-service)
may product problems between PHP and database.
I do not see any problems with integration patterns, you used in your solution - everything looks ok.
So, I think problem in PHP web-service or it's specific configuration on local test laptop.
For example java-applications are always used connection-pool to get DB connections -
and settings of this connection-pool can control number of connections to DB.
Not sure - but probably PHP also has some kind of connection-pools.
Also, database usually has many options about possible number of connections at same time.
So - it may be everything is configured by properly in production system, but configured "by default" in test laptop,
so - as result we have this kind of problem.
Anyway - we have situation then called service has some specific SLA - for example number of connections it may accept at same time.
Also, it looks like, it may happens this service may be unavailable or return error (for example because of database connection problem).
your JS delay is really dirty solution - WSO2 ESB (as any other ESB) has much better solution -
called "Guaranteed Delivery".
In WSO2 it may be implemented by followed way: instead of sending message to glisEndpoint, you should put it into
Message Store.
Then you need configure
Message Processor :
it will get messages from message store and send to endpoint.
If calling endpoint will be failed (by some reason) - it will put message back to Message Store.
There are many configuration options in Message Processor - so, you can configure for example to send only 1 message per second, or any other pattern.
Please - keep in mind - there are many types of message stores: starting from simplest In Memory Message store and finishing using ActiveMQ or RabbitMQ.
You should choose proper message store type depending from your requirements.
We have a webservice client implemented with Spring WS.
This is a snippet of the code:
<bean id="aClient" class="class.aClient">
<property name="messageFactory">
<bean class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory" />
</property>
<property name="messageSenders">
<list>
<ref bean="httpSender" />
</list>
The client call works fine for a random period of time: minutes, hours, even days, and suddenly the next error appears:
org.springframework.ws.client.WebServiceIOException: I/O error: Forbidden [403]
There is a basic user/password authentication and the client runs inside Weblogic.
I've tried changing the minimum thread pool number, setting preemptive authentication,
and the result is the same. Randomly the error appears.
When this happens, the server implementing the WS is working fine (tested with soapUI)
The call always works again when the application server restarts.
Any help on this will be greatly appreciated.
I can provide more code if needed.
Thank you
David
I am using WSO2 ESB 4.0.3 with Java 6 on MAC OSX 10.7.4. I have also installed Data Services Features.
In the typical scenario I have one proxy service which the client calls and I pass one the request to Data Service. Now if I have FAULT message from the Data service back to proxy how do I check in proxy service whether the response from Data Service is Fault or normal valid response?
Currently I am using following filter mediator logic in outsequence of proxy service
<filter xpath="get-property('FAULT')">
<then>
<log category="ERROR" level="custom" separator=",">
<property name="OWCHECK-faultMessage" value="TQS_OWCHECK - Received Fault From OWCHECK Data Service !!!!"/>
<property expression="$body" name="Fault-I-Got-Is"/>
<property name="OWCHECK-Forwading-Error" value="TQS_OWCHECK - Forwarding the Fault to Error Handler !!!!"/>
</log>
<else>
<xslt key="conf:/tqs/owcheck/proxy-output-transform.xslt"/>
<log category="INFO" level="custom" separator=",">
<property name="ValidResponse" value="TQS_OWCHECK - Sending Valid Response Back."/>
</log>
<send/>
</else>
</filter>
But this logic of checking the "FAULT" property works when axis2 has NIO senders & receivers in axis2.xml.
How ever if I switch the receivers & senders in axis2.xml from NIO to standard servlet one's (org.wso2.carbon.core.transports.http.HttpTransportListener / org.wso2.carbon.core.transports.http.HttpTransportListener) I do not get the "FAULT" property set and my error handling does not work.
Is there a standard way of checking if the response from one proxy service to another or response from data service to proxy is FAULT or not? I am looking for something which is independent of transport senders and receivers, at least HTTP ones.
Please help.
thanks
Abhijit
It is not good documentation I believe where none of the samples talk about how to handle the faults from Data service to Proxy service or am I missing something?
I would be thankful if I know the best practices to handle the errors from Data service as well as from one proxy to another proxy service.
Please help. This is big project at very prestigious company.
I think you need to check whether the soap body element has a soap:fault message or not. you can use the filter mediator with some xpath expression to check that.
i'm working on a webapp offering SOAP WebServices using Spring-WS 2.0. The WebService Requests need to be signed with a certificate which is of course validated on the server. In order to do this WSS4J and a truststore is used - here the spring-config:
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="Signature" />
<property name="validationSignatureCrypto">
<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="pass"/>
<property name="keyStoreLocation" value="location"/>
</bean>
</property>
</bean>
The application should be deployed to WebSphere 7 and the major requirement is, that the truststore should not be shipped with the application but be provided by the Application Server.
Does anybody know how i can achieve, that WebSphere either provides the truststore or how WebSphere can be configured to perform the security authorization ? The major challenge seems to be, that Spring-WS is used instead of using the WebSphere's facility for WebServices...
I don't work with Spring-WS so don't know the details of it.
WAS has a truststore which is where the list of trusted signer certificates are stored.
THe keystores and truststores can kept # multiple levels if you desire (e.g node,cell etc).
For detailed info you can look at a publicly available PPT
http://www.websphereusergroup.org.uk/wug/files/presentations/25/25_3_WAS61SecUpdate.pdf.
I don't know the version of WAS that you are using WAS 6.1 and WAS 7.x are the most widely used ones these days!
HTH
Manglu