HTTP 500 Internal error - throw explicitly in webservices - web-services

I am working on a web services application. I have a requirement to throw HTTP 500 error through my application for some test purposes. I use HTTPConnector class of apache to connect to various web services and I need to throw HTTP 500 to test something.

Sorry, your questions is not precise enough (e.g. programming language missing). In case you use Java I'd implement this as a Servlet filter.
In the filter you can then call response.sendError(int).

Related

Accessing a SOAP service URL from a Clients point of view

I was asked this question in a technical interview for a integration intern role.
He was digging much into understanding of SOAP web services.
Question). Consider that you are exposing a web service through SOAP to a Client.
The url through which you are providing the service is up and running when you check it.
But the Client has a problem, he is not able to access your webservice.
How will you go on troubleshooting this issue?
My response:
I would first check whether the url the client is trying to access the service is correct.
Will check the .wsdl file: port, bindings & will check once whether upon sending a SOAP request to the URL, am I receiving the SOAP response in local through SOAP UI.
If I get error, will troubleshoot based on the kind of error I get: Like page not found, null exception etc.
I felt he was still expecting some other point. He hinted saying where in what registry you will check all the web services which have been hosted(I guess this was much of a production support issue :P)
I told I may look into UDDI registry, but was not sure with this.
Please let me know your inputs on what could be possibly a right approach?
Apache jUDDI PMC here. Yes UDDI could be used to verify that the client is pointed at the right location, assuming the client knows where the UDDI server and that it is registered and the client knows what to query for on the UDDI server and a UDDI query is part of that client's normal workflow. That's a lot of assumptions but certainly feasible.
Most of time, the endpoint is in a config file somewhere or some idiot hard coded it.
That said, this my go to list for checking SOAP service connectivity (from the client's perspective)
DNS resolution of the hostname in the URL
Ping the remote host
HTTP GET to the URL of the SOAP service + ?wsdl (this usually works). This is also a good time to verify SSL connectivity.
You can also parse the WSDL doc, assuming one is returned for identify the endpoint url.
Finally if that all works, execute the service. HTTP 200 is general a positive sign
Edit:
Another alternative approach is to implement a very simple API (wsdl method) on every SOAP service that simple returns a true/false that answers the question "Am I open for business?". This method would provide a standardized approach for identifying if a service was available or not by testing an external dependencies (databases and whatnot).

Mocking Http-503 for a web service

I would like to mock a web service response for an HTTP 503 (Error 503--Service Unavailable) when The server is unable to handle the request due to a temporary overloading or maintenance of the server. What is the best strategy?
Thanks,
D
Here's what I use:
https://httpstat.us/503
No external software or dependencies required.
You can use the following Groovy script:
mockRequest.getHttpResponse().sendError(503)
Use xml mimic, you can mock almost everything with http response without the need for real server.
http://sourceforge.net/projects/xmlmimic/
http://sourceforge.net/projects/xmlmimic/
the use : https://designer.mocky.io/ for test 503 http request

Consume Java CXF WS exposed over SOAP from ServiceStack client

Context:
I'd like to use ServiceStack to build a SOAP client in order to consume an existing Java CXF WebService, exposed over SOAP with defined WSDL (I have no control over the WS itself). I may need to add a couple of extra headers the SOAP envelope for authorization purposes.
Question:
Would all of the above be possible, and if so, what are the gotchas? If there are any specific examples, links would be welcome.
Actually the other way round of having other clients consuming ServiceStack web services would make more sense.
Using ServiceStack to consume other clients is not an ideal strategy. ServiceStack server and client supports a coarse-grained, DTO-first approach, it wouldn't handle variations in this theme that other frameworks spit out.

Web Service Error

I have a xml web service and I published it on IIS(localhost). Web service is veriy simple. There is only one method. And there is no exception potential in the web service. I have to use HttpWebRequest instead of adding web reference. I got the following error:
"The remote server returned an error: (500) Internal Server Error". I have checked request xml many times. When I add web referance there is no problem. What's reason of error?
Thanks in advance
Its not possible to tell what the problem is from the information you have provided.
If the web service is one that you have written then you need to get IIS to report a detailed error message on the nature of the problem (by default a restricted error message is shown to prevent would-be attackers obtaining potentially sensitive information), or find another way to obtain detailed error information. Exact instructions on how to do this will depend on the service itself (is this an ASP.Net web service? What version of IIS is this?) however this article - How to Use HTTP Detailed Errors in IIS 7.0 may be of assistance.
If the web service is one that a 3rd party has produced then I'm afraid you need to work with that 3rd party to fix this.
Update: Also try reading Detailed 500 error message, ASP + IIS 7.5 on how to get more detailed error messages.

Do you know of a NGiNX module that performs something similar to verification of Amazon Web Service request signatures?

I'd like to restrict access to my web service to registered clients. The first thing I thought of was to mimic that of AWS which, in a nutshell, issues clients a non-secret and secret key pair, and requires clients to prove knowledge of the secret key by using a cryptographic function of some of the HTTP request data and the secret key, then specifying the output of the crypto function in a request header. AWS does the same and checks that the expected signature matches what the client has specified. The secret is not transmitted, blah blah. This is pretty typical and not that interesting albeit useful.
http://mws.amazon.com/docs/devGuide/Signatures.html
http://chrisroos.co.uk/blog/2009-01-31-implementing-version-2-of-the-amazon-aws-http-request-signature-in-ruby
My preferred web server for web services is nginx. I'd like to start requiring similar request signatures in certain services. It makes sense to me to create an nginx module that handles request signature validation before ever sending the request to an upstream process (my web service instance(s)).
Do you know of such a nginx module? Do you know of a different one that I can base my work off of?
There's a decent nginx module writing guide here:
http://www.evanmiller.org/nginx-modules-guide.html
Please note that I'm not asking "how do I write a nginx module?" I'm simply trying to avoid reinventing the wheel.
Thanks!
If I'm understanding correctly, you could simply check for custom headers with an if($http_{yourheader}){} and validate that against a backend such as memcached, or proxy to a fastcgi script, or even use an embedded perl script (although this will be slow and could block).
AFAIK there aren't any specific standard or third-party modules that do this, but a combination of them could provide a suitable solution (eg; $http_{header} + redis backend, for instance).
Is there a particular reason you're not looking to use custom SSL certs? They would seem an adequate solution for restricting access with added security.