Re: WebService and HTTPS
Re: WebService and HTTPS
- Subject: Re: WebService and HTTPS
- From: Hugi Thordarson <email@hidden>
- Date: Mon, 11 Aug 2008 14:31:15 +0000
Did my suggestions not work?
- h
On 10.8.2008, at 22:46, Serge Cohen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So far the workaround I've found was to subclass WORequest and make
sure that the subclass's isSecure() is always returning FALSE when
the requestHandlerKey is "ws" : tricking WOWebService to believe
it's taking care of a UNsecured request..
This is working but I would say really not elegant.
Anyway ... It seems I'd better not have started this thread as it
seems no one interested anyway ... Sorry for the noise.
Cheers;
Serge.
Le 10 août 08 à 21:59, Serge Cohen a écrit :
To try to get a bit better understanding I've just overriden the
Applcation.dispatchRequest method so that I could log the request
before calling super.dispatchRequest with the same request.
Doing this I could check that basically the request looks strictly
similar, at least for the parts I've logged :
aRequest.contentString
aRequest.requestHandlerKey
aRequest.formValueKeys
aRequest.formValueForKey
Are there other parts of the request I should particularly look
at ... I would presume they are all the same except for 'isSecure',
right ?
To me this seems to point out a difference in behaviour in one of
the classes handling the request later (based on isSecure ?):
WOWebServiceRequestHandler
WOActionRequestHandler
WOWebService
but all these classes are private, so I'm not sure how I can find
the documentation for those...
Serge.
Le 10 août 08 à 21:04, Serge Cohen a écrit :
Hi list;
I'm working on an application which serves both html and web-
services (using WO 5.4.2). I had some problems sometime ago to get
the proper behaviour of the service, but found out (on this list)
that I had to register it using :
WOWebServiceRegistrar.registerWebService(String webServiceName,
Class<?> webServiceClass, String[] allowedMethods, boolean isRPC)
rather than one of the short-cut corresponding methods.
This now works OK as long as I'm accessing the service through
HTTP (I'm developping under Eclipse, with
WODirectConnectEnabled=false to be sure to go through apache
+adaptor).
The HTML part of the application is behaving properly when
accessed through HTTPS.
The problem is that when I try to access the service using HTTPS,
I get the following exception :
[2008-8-10 20:1:24 CEST] <WorkerThread11> AxisFault
faultCode: {http://xml.apache.org/axis/}Server.NoService
faultSubcode:
faultString: The AXIS engine could not find a target service to
invoke! targetService is null
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:The AXIS engine could not
find a target service to invoke! targetService is null
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:270)
at
com
.webobjects
.appserver
._private.WOWebService.performActionNamed(WOWebService.java:437)
at
com
.webobjects
.appserver
._private
.WOActionRequestHandler._handleRequest(WOActionRequestHandler.java:
259)
at
com
.webobjects
.appserver
._private
.WOActionRequestHandler.handleRequest(WOActionRequestHandler.java:
158)
at
com
.webobjects
.appserver
._private
.WOWebServiceRequestHandler
.handleRequest(WOWebServiceRequestHandler.java:109)
at
com
.webobjects
.appserver.WOApplication.dispatchRequest(WOApplication.java:1687)
at
com
.webobjects
.appserver._private.WOWorkerThread.runOnce(WOWorkerThread.java:144)
at
com
.webobjects
.appserver._private.WOWorkerThread.run(WOWorkerThread.java:226)
at java.lang.Thread.run(Thread.java:613)
(this is the log on the server, the client receives the same
information as a fault).
I can do the exact same call on HTTP (non-secured), exactly the
same URL, except for the scheme part, which leads to a proper
answer.
What puzzles me most is that to my understanding the application
should not even see that the request is coming encrypted since the
decryption is taken care of by apache, right?
The client side is axis 1.2 generated code from the wsdl.
Indeed if I'm not even calling the service but just asking for the
automatically generated WSDL from the application (in a web-
browser, or using curl), using :
http://hostname/apps/WebObjects/App.woa/-55556/ws/LogInService?wsdl
I get a proper WSDL description of my service, while asking using
the equivalent https URL :
https://hostname/apps/WebObjects/App.woa/-55556/ws/LogInService?wsdl
I get a fault (an exception on the server, send to the client as a
fault):
[2008-8-10 20:57:4 CEST] <WorkerThread12> AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/
envelope/}Server.userException
faultSubcode:
faultString: org.xml.sax.SAXParseException: Premature end of file.
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/
axis/}stackTrace:org.xml.sax.SAXParseException: Premature end of
file.
at
org
.apache
.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at
org
.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at org.apache.xerces.jaxp.SAXParserImpl
$JAXPSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
at
org
.apache
.axis
.encoding.DeserializationContext.parse(DeserializationContext.java:
227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.server.AxisServer.generateWSDL(AxisServer.java:
471)
at
com
.webobjects
.appserver
._private.WOWebService.performActionNamed(WOWebService.java:414)
at
com
.webobjects
.appserver
._private
.WOActionRequestHandler._handleRequest(WOActionRequestHandler.java:
259)
at
com
.webobjects
.appserver
._private
.WOActionRequestHandler.handleRequest(WOActionRequestHandler.java:
158)
at
com
.webobjects
.appserver
._private
.WOWebServiceRequestHandler
.handleRequest(WOWebServiceRequestHandler.java:109)
at
com
.webobjects
.appserver.WOApplication.dispatchRequest(WOApplication.java:1687)
at
com
.webobjects
.appserver._private.WOWorkerThread.runOnce(WOWorkerThread.java:144)
at
com
.webobjects
.appserver._private.WOWorkerThread.run(WOWorkerThread.java:226)
at java.lang.Thread.run(Thread.java:613)
As anyone encountered the same type of error? A clue of a work
around or how I can get a bit more information (in particular, I'm
interested in seeing the request message, which I used to using
tcpmon : this is not possbile when HTTPS is on).
Thanks in advance;
Serge.
PS : This same application (including services though HTTPS) used
to work under WO 5.3.x
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkifb9oACgkQlz6UVQtc2uzhCQCdGT0CWJ06zWUXqskFpBNoxUbj
nW8AnAg7M8oYiPMcLL5rcRXg//V2gWRe
=Hug2
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden