I have a app running on WebLogic, which exposes some web services for an external client to call. I do not control the WebLogic app, but would like to see what requests it is getting. Is there any good way to do this with Fiddler?
I would recommend using wireshark (previously known as Ethereal).
Related
1) Is it possible using burp suite/ ZAP or any other web testing tools to find out
if an application is making calls to web services?
2) As SOAP web services reply in XML is it also possible to view the responses of
the HTML request to distinguish between use of REST web services?
Thanks
Yes, this is normally possible.
You need to configure the application to use the interactive proxy (Burp, Zap, etc.) as its proxy. Most applications will use your system proxy settings.
Once the proxy is configured, you can see a full history of HTTP interactions (in Burp: Proxy > HTTP History). This includes requests and responses, which will clearly indicate a SOAP or REST service.
I have created an android application that calls (using kSOAP library) a SOAP based web service (developed in java, netbeans) over the intranet.
Now i want to make the application live, so this will require my web service to be exposed on the internet.
I have following questions...
How do i make sure that no one knows about the web service link except my android application
No one is able to call the web service except my android application
The data transferred between android application and web service is secure and encrypted
What kind of authentication mechanism should be used
I'm new to web services security so forgive me if my questions are dumb :)
This is impossible. Anyone having your app might use a traffic analyzer like wireshark and see all the requests it makes.
Sign each request you app makes(add some soap header) and check the signature on the server side
Use HTTPS
How to do authentication using SOAP?
I'm trying to figure out how to forward web service requests from the web server to a remote application server through jms.
In my architecture there are web services client which communicate with some web server (Tomcat) which needs to forward the request to be executed on a remote application server and at the end get the result and push it back to the web service client.
Something like:
Web Service Client <-> HTTP <-> Tomcat <-> JMS <-> Application Server.
I want to use jax-ws so my methods will be called automatically in the application server.
Although I've expected this will be common approach, I didn't find any examples.
I would appreciate if someone can provide some links or tips on how such a configuration can be built.
Currently I'm using Metro but any other solution is valid as well.
Another aspect which I'm interested in, is whether I can use the fast-infoset over JMS to increase performance.
Thanks in advance,
Avner
you can try wso2MB as a JMS provider ...Check following links, would be useful
[1]http://wso2.org/library/message-broker
[2]http://pzf.fremantle.org/2011/04/introduction-to-wso2-message-broker_05.html
One option to solve it is using Apache Camel.
Then you can configure such a thing with an XML configuration file.
I have created an Axis2 web service from Netbeans and deployed it successfully in Tomcat 6 on my web server.
When I use for instance SoapUI or Taverna to consume the web service, the server offers both HTTP and HTTPS methods to invoke it. However, using the HTTPS method renders a 404 error. (Probably because there is a server admin panel running on port 8443, but that doesn't matter right now.)
The problem is that my web service clients default to using the HTTPS service. I figured the simplest thing I could do to get the basic service to work, would be to disable the HTTPS endpoint, as the HTTP version runs flawlessly and I don't need the added security. But now I've spent hours on finding out how to do that, without success. The WSDL returned by Axis2 contains entries for HttpsSoap11Endpoint but the WSDL that's bundled in my .AAR file after the build does not.
Does anybody know how to make Axis2 offer just HTTP endpoints?
In axis2.xml, comment out the https transport receiver to disable the HTTPS endpoint.
I am trying to call a web service from a BizTalk (2006) orchestration.
Having got the hang of the basics, I have been following this tutorial (page 74 onwards) in which i have a web reference to an external web service (I am using this web service instead of the one in the tutorial), I have my web message in a Send component, and have set up the request / response ports for the web service call.
I'm fairly sure that eveything is set up correctly, but my orchestration fails to call the web service with the following error:
The adapter failed to transmit the message going to send port
"My_Order_Processor.Orchestration-CurrencyConvertPort-36c122f41c5596ae"
with URL "http://www.webservicex/net/CurrencyConvertor.asmx.
WebException: Unable to connect to the remote server.
SocketException: An existing connection was forcibly
closed by the remote host 209.162.186.60:80
The IP 209.162.186.60 is the address for the web service I am trying to connect to. I am trying to narrow down the reasons for the error, e.g.:
Firewall issues
Proxy server issues (I don't know how to configure BizTalk to use a proxy server)
Something else
The BizTalk server can ping the web service, I can access the internet (through IE), I can add the WebReference to the project successfully (meaning at least the orchestration designer can access the web service okay). I have also tried a different web service, with the same result.
Any ideas on finding out why this is happening or how to find out more info? (I'm new to BizTalk)
I've seen this veru vague error before for many different reasons. Two suggestions.
Download something like NetMon and watch what is going on on the wire.
Turn off chunked encoding. For some reason, many web services don't handle this well.
Let us know what you find out.
Could this not be an authentication issue? Check that you can connect to the webservice using the Bts credentials.
This turned out to be a proxy issue.
By navigating to Biz Talk Group -> Platform Settings -> Adapters -> SOAP, I was able to configure the BizTalk server host's SOAP adapter (which is what the web service call uses to make the call) to use our company proxy server correctly. Double click the 'send' SOAP adapter, go to Properties under adapter name.