I have a web service with a client written in Java. The service works behind a firewall and if the java client wants to consume the service, then its request is blocked because the request contains links. So the request contains validator references like this:
...<S:Envelope xmlns:S="http://schemas.xmlsoap.org/wsdl/"...
Shall I fix it in the wsdl file? That is the only place which contains this link:
<definitions targetNamespace="http://mycompany.com/" name="RentalServiceService"
xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:tns="http://mycompany.com/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
If I generate a client in .net from the wsdl file, then it does not put any link references into the request...
Thanks
Zoltan
Don't remove namespaces from the XML message. Configure your firewall instead!
Normally, SOAP is friendly with firewalls because it piggybacks on top of HTTP. If you remove the namespaces from the XML you might get it through the firewall but the web service that must make use of the message might fail to parse it because you removed the namespaces from it. XML namespaces are important because they correctly identify the domain to which each element inside the message belongs to.
Just as an observation, the <S:Envelope xmlns:S="http://schemas.xmlsoap.org/wsdl/"... is a copy paste error of some sort?... or maybe part of the problem?! The namespace for the SOAP envelope should be http://schemas.xmlsoap.org/soap/envelope/ for SOAP 1.1 or http://www.w3.org/2003/05/soap-envelope for SOAP 1.2.
That aside, if the SOAP message is correctly formatted, it should pass through the firewall. If it doesn't, then the solution is to configure the firewall properly and not mess with the SOAP message. Your network administrators should spend time understanding web services security and properly configure the firewall.
My suggestion would be to keep port 80 just for your users requests/responses from browsers and expose the service on a different port number with proper configurations. Maybe you could even set up a reverse proxy inside a DMZ to improve the web service security. With that, you won't expose your internal web service server directly to the Internet.
Related
I am using a very particular language named “Magik”, I used to use MSXML2 to run web services but in one of my projects I failed to use MSXML, I tried a lot of thing to make it work from changing MSXML.DLL and testing different version of MSXML, using MSXMLHttpServer and all the things you may think of, I somehow ate MSDN website but didn’t find anything helpfull.
Now I am looking for other ways of calling a SOAP webservice, someone said you may post your XML to web method address by parsing and using a query string, But I didn’t succeed to do so.
I can also negotiate via TCP/IP, Can I send my XML to a web service using a TCP/IP connection?
If there is any other way that do the job I really appreciate it.
Currently I am connecting Magik to a Java application and when I need to call a web service I send my request to that Java application (there is a Jar file which creates a data-bus between a Magik session and a Java Application) I have also wrote the Java part using Axis technology. But this is a very hard job and I should change a lot of things to only keep my project up and match with a small change in web service that I consume.
Using MSXML were so easy formerly, sadly it does not work now!
First note that you can not use GET to call SOAP web services only POST will work with SOAP, GET can be used for REST but you mentioned SOAP only.
I can introduce you two method that you may use to call a web service instead of your MSXML which does not work anymore.
Using Test Form (Web Service Test Page)
You may ask your .Net web services provider to create a test form for his own web service and you create a query string which suppose to emulate the data on the form, actually you are using the web services tester page to send your data via query string to it and it will complete the rest for you.
Using TCPIP
use a TCP/IP Connection, in this method you need to create a header above your xml to set the parameters that a web service consumer should fill (remember MSXML and Content-Type, Content-Length, SOAPAction, Host, …….)
then translate your string to a byte vector since all programming language which can create a TCPIP Socket just accept a byte vector while inputing or outputing data to that connection. after translating the string you are ready to send the data to your web services address.
take a look at the following example of how you may create a string to send to a TCPIP socket.
POST /globalweather.asmx HTTP/1.1
Host: www.webservicex.net
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://www.webserviceX.NET/GetCitiesByCountry"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xmlns:xsd=http://www.w3.org/2001/XMLSchema
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetCitiesByCountry xmlns="http://www.webserviceX.NET">
<CountryName>Egypt</CountryName>
</GetCitiesByCountry>
</soap:Body>
</soap:Envelope>
You may send above string to http://www.webservicex.net/globalweather.asmx
You may check to following link if you need detailed information about how to consume a web service using TCPIP
http://www.codeproject.com/Articles/312530/Calling-Webservice-Using-TCP-IP-from-any-Programmi
Does SOAP always need WSDL or can it work without WSDL? I've been doing some reading on the internet and it's making me confused.
From what I can see, SOAP request can contain the message in the XML: http://www.w3schools.com/soap/soap_example.asp. Then why do I need WSDL? Or does it depend on how the SOAP service is set up in the server end?
WSDL is a description of the service (Web Service Description Language). It is mainly used to a) describe the service in a non-ambiguous way, and b) allow tools to generate client and/or server code, which make building, and interacting with, the service easier.
You can certainly implement, or interact with, a SOAP service "by hand" but you wouldn't want to.
I have done a few use cases on WSO2-ESB including protocol mediation with transformation and service-chaining.
In all of them I had to manually write the wsdl for the proxy service. Having experienced other vendor products including Oracle and Tibco where wsdl generation is done by the tool.
Would it be right to assume in WSO2 ESB one needs to manually write the wsdl file to expose a proxy service on any protocol, do not see any documents calling that out.
Considering the usage of wsdl in practical use cases.
I have seen posts stating "you can give the WSDL available at your Axis2 service" but most of real time use cases would not be pass through and have custom request and response.
Thanks,
Wajid
I'm also confused with manual wsdl creation. As far as I can see there are gaps in wsdl proxy description. When I do wsdl proxy with WSO2 I have to indicate wsdl to expose
its either as:
"none" and I have only mediate function exposed
"same contract" and this breaks the whole idea of proxy because after that clients read original wsdl and go straight to original server access point.
or and I have several options to make my own wsdl.
With rich SOAP API (hundreds of methods) none of above work well, considering that manual support of exposed WSDL is rather cumbersome.
I wonder if there is more adequate way for proxying WSDL?
You can use java2wsdl generator tool to achieve the WSDL generation.
For the proxies, if you try to restrict access for some operations in your backend service, you can attach customized wsdl to the proxy.
The customization has to be done by yourself and it is simple..
If you want to generate a wsdl fro your service, jsut deploy the service in wso2as, and check the service dashboard, wsdl option to view the wsdls.
In your wsdl, is it possible to connect directly to the wsdl(i.e - http://(url)?wsdl.
When I copy the wsdl locally to src/main/resources - I am able to connect generate objects including Web Service client, but when I try to connect to the WSDL that I copied from, I cannot generate. Perhaps I am not understanding QName and wsdllocation and even port for that matter.
I have searched fairly extensively on the web and there aren't that many clear cut examples. I know WebServiceTemplate makes things a LOT easier but without connecting to the WSDL, I cannot connect.
All I am trying to do is connect to the client. So it is a question more about Endpoints.
Also is it best practice to copy the WSDL locally. I am asking this because the client that we are working for has a 100 million environments.
Thanks.
Thanks
WSDL url will be like http://localhost:8080/<< Context-Name >>/<< ServiceName >>?wsdl
If you are generating the wsdl by running a server, then localhost:, should be given. If its a direct wsdl file, then try right clicking and opening it using a web browser. It will simply give you the link. You can use the same link to produce client stubs too.
What design patterns must be evaluated while implementing a web service?
More importantly, what security aspects must be taken into account for a web service? Since a WSDL contains the complete information of the service including the input, output formats and access url, doesn't security get compromised with web service?
Thanks in advance,
Edit
Would just like to add a couple of things.
I am developing the service in Java that would be deployed on a JBoss server hosted on a Linux (Fedora) machine.
As far as authentication mechanism is considered for invoking the services, yes I do have that in place. Unless the user gets a token, he would not be able to use the other services which actually perform the business operation.
Also, have hidden the actual request in 2 layers of XML using CDATA for the actual request body inside the SOAP Envelope body. Something like the below code.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:myns="http://testserver/testservice">
<soapenv:Header/>
<soapenv:Body>
<myns:Operation>
<myns:OperationRequestBody><![CDATA[-- actual request XML goes here --]]></myns:OperationRequestBody>
</myns:Operation>
</soapenv:Body>
</soapenv:Envelope>
Is there any security aspect for URL - say using HTTPS protocol, which I understand would be a configuration at the server level.
well it depends on number of things:
whether you are exposing your webservice inside the organization (where you dont have to worry much about security) as opposed to exposing the webservice externally.
one thing we do (when we expose internally), we use Windows/NTLM authentication so that specific people in our domain can run it.
I would make sure i dont expose anything that can crush the web service :) (like GetAllData or smth similar) so that you expose only methods that is stateless and easy to throttle if needed.
also, used confluence's API (based on webservice), and they used Authentication mechanism, where you logon first, and you are given token, and you have to attach that token on every web service call that you do.