I am working on an application that I want to use to catch a SOAP request when it goes into the CXFServlet. There is some processing I need to do to the SOAP envelope on the server side, before the CXFServlet processes it.
I have been presuming that the SOAP envelope, once it reaches the server side, is one of the parameters in the HTTPServletRequest object. But looking at what comes in (using a debugger, of course), I cannot find it.
Can someone tell me where the SOAP request goes when a client sends it to the server? I know that the client is sending the request using an HTTP POST, and I know that the server is using information in the request in order to access the appropriate web service method, then placing any return values from the method into a SOAP response and returning it to the client. What I need to know is where where does the CXFServlet (or one of its filters) look in order to get the SOAP information? Is it somewhere in the parameters? In the servlet context? Does a filter process the SOAP information before it gets to the CXFServlet? How can I get that envelope and do things to it before the web service method is called?
Someone please advise...
Do you want to access the original request ? If yes the actual request or response object itself can be accessed using the WebServiceContext object.
First, declare a private field for the WebServiceContext in your service implementation, and annotate it as a resource
#Resource
private WebServiceContext context;
Then, within your implementing methods, you can access the MessageContext, HttpServletRequest, and HttpServletResponse as follows:
MessageContext ctx = context.getMessageContext();
HttpServletRequest request = (HttpServletRequest)ctx.get(AbstractHTTPDestination.HTTP_REQUEST);
For more info about WebServiceContext see the following url :
http://docs.oracle.com/javase/6/docs/api/javax/xml/ws/WebServiceContext.html
If you need to intercept the request before it is ever processed by the CXFServlet, you should look at developing a Servlet Filter.
If you just want to process the SOAP message before CXF does, you can likely use a CXF Interceptor. The phases noted in the documentation indicate the points you can intercept the message. Depending on what you want to do/change, you may need to play around with the phases.
The source for CXF's SoapHeaderInterceptor or SoapActionInInterceptor would be good places to start looking at how to work with the SOAP message.
Related
The concept of Asynchronous Web Service is a web service where the client does not have to wait to receive a response from the server. in AJAX this is implemented by having a callback function to process the response. So the server indeed still sends the response to the client.
Is it possible to have an Asynchronous Web Service without response? Is there any platform that provide this?
Thank you.
I have done asynch web services in the past. They are very useful. YOu do not need a detailed response but you at least need an HTTP response, like 200 OK. If the client that makes the request provides some sort of ID or key for that request, then the client can use the same ID/key to later on query for the result/response of the request.
As far as frameworks that provide this, I do not know of any. In the past I would just have a shared memory store, like Memcache, to store the state and result of the request. As long as the state is shared across all nodes, any node can then process the call back request.
EDIT: Providing a key in the request can be done in either REST or SOAP environment. HTTP provides multiple places where a key can be communicated.
GET query param (REST)
HTTP header (SOAP/REST)
Added to the message body of a POST request. This can be done through two ways.
param in the message body (REST)
variable or attribute in serialized object (SOAP/REST))
I have seen some of the SOAP- Example- Mediators. I have not found a transformation based on the endpoint-WSDL.
I want to send some nested named array in json or POX and that data should go into a complete namespaced headered (username, password) SOAP-Request based on the names.
All the examples I have found had either a very simple wsdl or the namespaces were static in the XSL-Transformation.
It should be possible to do that, as I see in for example php-NuSOAP. You feed it with a wsdl-endpoint, the operation you want to execute and the parameter-array, and it calls the Webservice.
I am looking for a solution which is not too much hardcoded for every single service, so the proxy still works when the wsdl changes and Server Clients get changed.
As far as I understand the payload factory mediator in (https://stackoverflow.com/a/12969814/2277620) you would have to hardcode the soap-format in the mediator.
If WSO2 is the wrong tool for that I'd like to have a hint which tool could help.
Thanks in advance!
Marco.
For my understanding, you want to have a proxy, but it's backend service/wsdl may vary..
What , you can do is, you can save the wsdl (dynamic wsdl)in registry and point that in your proxy. whenever you edit the wsdl, proxy will automatically adopt to that..But the request, which you send to your backend should follow the wsdl definitions..It is totally client side responsibility..
I have to maintain a Java EE 5 web app.
A part of this app is the exchange of messages through web services (with WSDL contract).
The wsdl is used to generate the Java classes through the Eclipse wsdl2Java (I think it uses Axis)
Now I have to implement a modification where the server that we call via Web Service must be able to respond in an async way.
In fact the server will not respond immediately with the SOAP message response but, after a while, call a web service exposed by the client (our web app)
passing the SOAP Message response of the first call as a field (parameter) of this second Web service invocation.
The client then will save the SOAP response (or XML) in a file.
Is there a way to populate the already generated Java classes using this XML or SOAP message file? I mean a way to simulate the direct response of the server (feeding the Axis binding Stub)
I have also tried to use JAXB (to bind XML to JAVA) but since the SOAP message response is complex, when I call JAXBContext I receive an error:
CodPrestazione does not have a no-arg default constructor
since this class is an enum class generated by the wsdl2Java.
Is there a way to bypass this error without annotating or modifying the java class (this class is generated so I will be forced to modify this class at every re-generation)?
What is the best way to consume a saved SOAP message file(or XML)? Alternatively, how can I deserialize SOAP using Axis 1.3?
I made a web service endpoint and exposed a method now i wanna add more parameter to my method
so each time i change in my method i have to regenerate my client. Is there any way so that i
dont have to generate my client again and again.
No, there is no way. If you change the method then the WSDL file is changed also. Web services communicates through SOAP between client and server. When you deploy your web service application and it has been changed, so how then client supposed to know if there is a new method or a new parameters added if the classes was generated from the old WSDL file. Client will send a SOAP request according to the old WSDL and the server won't be able to understand the SOAP message received from the client if there was any changes made to WSDL part related to the received message.
You could design a better webservice/endpoint that accepts a standalone xml document as argument so that the operation signature stays the same, even when you add more parameters.
More generally, it's bad form for a web service to expose it operations as literal method signatures.
I have a standalone web-service client. When invoking any of the web-methods an additional "cookie" string must be implicitly(not as a web-method parameter) passed to the WS. The WS on the other end must be able to obtain the string and use it. How can this be achieved?
I invoke the service in the following way:
Service srv = Service.create(new URL(WSDL), QNAME);
myClassPort = srv.getPort(MyClass.class);
What I need is to put some code before the first line, which would make the client send this "cookie" string every time I invoke some remote method via myClassPort. Thx.
By default JAX-WS web services and clients are stateless. When a client makes a request, the server responds and sets a cookie on the connection, if it participates in a session. But, the JAX-WS client ignores that cookie and the server treats subsequent requests as new interaction. When the session is enabled, JAX-WS client sends the same cookie with each subsequent request so that server can keep track of the client session.
So you should not be using either cookies or HTTP sessions with web services. Return a token ID as part of the response; then the client can send that along with the next request.
Anyway:
JAX-WS web service clients must be configured to maintain session information (such as cookies), using the javax.xml.ws.session.maintain property.
Other web service stacks may have similar mechanisms.
On the Server Side
JAX-WS uses some handy annotations defined by Common Annotations for the Java Platform (JSR 250), to inject the web service context and declaring lifecycle methods.
WebServiceContext holds the context information pertaining to a request being served.
You don't need to implement javax.xml.rpc.server.ServiceLifecycle. With JAX-WS Web Service all you need to do is mark a field or method with #Resource. The type element MUST be either java.lang.Object or javax.xml.ws.WebServiceContext.
#WebService
public class HelloWorld {
#Resource
private WebServiceContext wsContext;
public void sayHello(){
MessageContext mc = wsContext.getMessageContext();
HttpSession session = ((javax.servlet.http.HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST)).getSession();
}
}
There are some misleading answers to this question, so I will attempt to highlight current best practices. Most of these suggestions are part of the OWASP security guidelines, which I strongly recommend anyone working on web development to review.
1) ALWAYS use temporary (session scoped) cookies.
2) All cookies should be protected and encrypted.
3) Do not pass tokens in request payloads
4) For any requests which return data that may be sent back to the server, include a nonce (single use token) in your responses.
5) later requests should (must) include the nonce and the cookie
Again, my recommendation is to review the OWASP guidelines and proceed accordingly.
You may want to look into using a service provider for authentication - this is much smarter than brewing your own solution as there are literally a million details that all must be correct. Auth0.com is one of these.