WSO2 ESB: Proxy Service - how to use faultsequence - wso2-esb

I wish all my Proxy Services to log a standard ERROR when the endpoint publishes a soapfault. Setting faultSequence to a valid logging sequence doesn't seem to be doing anything. I know the endpoint is publishing fault responses & the faultlogger sequence is a simply FULL log.
<SOAP-ENV:Fault...> </SOAP-ENV:Fault>
<proxy ... >
<target faultSequence="faultlogger" endpoint="conf:/myService>
...
</target>
</proxy>
How does faultSequence work?
I also tried to use a out, filter + log but wasn't sure what the xpath expression I should use to filter for faults.

faultSequence is executed when there is a technical error (in your xpath for exemple, or can't connect to an address configured in an endpoint)
A SOAPFault is not a technical problem and the out sequence is executed : you can verify response message to find potentials soap faults.
An other solution is to set the property named FORCE_ERROR_ON_SOAP_FAULT :
<property name="FORCE_ERROR_ON_SOAP_FAULT" value="true"/>

Related

Custom error page in tomcat for HTTP 501 error

Before anything else, I've already read all those solutions that says I put an error-page block in my application's or tomcat's conf/web.xml and add an error-code block inside with the corresponding location and those didn't work (did those for 404 errors and those worked).
What I already did inside my application's and tomcat's web.xml:
<error-page> <!-- this worked -->
<error-code>404</error-code>
<location>/pageNotFound.html</location>
</error-page>
<error-page> <!-- this did not work -->
<error-code>501</error-code>
<location>/pageNotFound.html</location>
</error-page>
I'm using Tomcat 8.5.63, and the goal is to remove the "Apache Tomcat/8.5.63" part on the response whenever a 501 error appears.
I want to remove this part:
tomcat error response page
The way I'm testing this is that I intercept a request using a pentest tool (I'm using burp suite community) and modify a request to include a Transfer-Encoding: cow header (yes I know that header is invalid).
Any ideas on how to implement a custom page so that the 501 can be handled properly?
The error pages you declare are used in two situations:
To allow developers to customize the appearance of content returned to a Web client
when a servlet generates an error, the deployment descriptor defines a list of error
page descriptions. The syntax allows the configuration of resources to be returned by
the container either when a servlet or filter calls sendError on the response for
specific status codes, or if the servlet generates an exception or error that propagates
to the container.
(Servlet 4.0 Specification, section 10.9.2)
In your case the error happens much earlier during the processing of the HTTP request itself. Therefore you need to modify the server's configuration (server.xml) and add a custom ErrorReportValve (cf. documentation). If all you want is to omit the server's version string, just add:
<Host>
<Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false" />
...
</Host>

Error handling in spring integration

I have three different systems. I am using Spring integration to sync data in all these system.
System 1 calls --- > System 2 via http:inbound gateway
<int-http:inbound-gateway id="gateway"
path="/save" supported-methods="POST, PUT"
request-channel="requestChannel" reply-channel="replyChannel"
request-payload-type="com.model.Request"
mapped-request-headers="source" error-channel="errorChannel" />
System 2 will call service method to persist data which returns response if request is valid else throws exception
<int:service-activator ref="serviceMethod"
method="saveIfValid" input-channel="requestChannel"
output-channel="serviceOutput" />
<int:recipient-list-router id="id1"
input-channel="serviceOutput">
<int:recipient channel="system1" />
<int:recipient channel="system3" />
</int:recipient-list-router>
I need to send service method response to system 1 and system 3 only if operation is successful.
After calling service method, based on service method response, request for system 3 will be generated using transformer. After transformer I am putting request in mq queue.
<int:transformer id="transformer1"
method="convert" input-channel="system3"
output-channel="jmsInput">
<bean
class="com.transformer.System3Transformer" />
</int:transformer>
<int-jms:outbound-channel-adapter id="adapter"
channel="jmsInput" destination-name="queueName">
</int-jms:outbound-channel-adapter>
Updated JMS outbound code
<int-jms:outbound-channel-adapter id="jms1"
channel="jmsIn" destination-name="queueName">
<int-jms:request-handler-advice-chain>
<bean
class="org.springframework.integration.handler.advice.ExpressionEvaluatingRequestHandlerAdvice">
<property name="onSuccessExpression" value="T(Boolean).TRUE" />
<property name="successChannelName" value="afterSuccessDeleteChannel" />
<property name="onFailureExpression" value="T(Boolean).FALSE" />
<property name="failureChannelName" value="afterFailRenameChannel" />
</bean>
</int-jms:request-handler-advice-chain>
</int-jms:outbound-channel-adapter>
My question is
if service class fails I need to send error response and stop the flow
if service method successful persisted data, but transformation fails, system 1 should get success response and error should be logged.
Here as I am using error channel in outbound adapter, even if error occurs in transformer it is returned to system 1.
please suggest how can i handle error without using global error channel and how to handle error in jms outbound adapter.
thank you for answering my quesion
For the first case you should really just rely on the exception propagation - the flow stops and error is sent to the system1 as an HTTP response.
For the second (transformer) case you should take a look into the ExpressionEvaluatingRequestHandlerAdvice and use it with the <request-handler-advice-chain> for the <transformer>.
The same can be applied for the <int-jms:outbound-channel-adapter>, if you should acknowledge to the system1.
http://docs.spring.io/spring-integration/reference/html/messaging-endpoints-chapter.html#expression-advice
https://github.com/spring-projects/spring-integration-samples/tree/master/intermediate/retry-and-more

Error accesing published WS proxy in WSO2 ESB 4.6: EPR not found

I deployed exactly the same WS-proxy in 4.5.1 and 4.6. With 4.5.1 it works correctly, but with 4.6 I get:
ERROR - AxisEngine The endpoint reference (EPR) for the Operation not found is /services/registro.registroHttpSoap11Endpoint and the WSA Action = . If this EPR was previously reachable, please contact the server administrator.
The source is the following:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="registro" transports="http" statistics="disable" trace="disable" startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="http://localhost:15080/SIGEM_RegistroPresencialWS/services/ServicioRegistroWebService"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost:15080/SIGEM_RegistroPresencialWS/services/ServicioRegistroWebService?wsdl"/>
<description></description>
</proxy>
What do I have to do for 4.6. to make it work?
Thanx.
To enhance ESB performance pass-through transport has been enabled by default starting from ESB 4.6.0 version that is not the case for ESB 4.5.1. It seems your proxy service depends on SOAP body based dispatching but pass-through transport does not support for SOAP body based dispatching. SOAP body based dispatching build the message body and use first element's local name for dispatching which effect to proxy performance badly that is the reason it was not supported in pass-through transport. We are in a process to fix this limitation for future ESB releasees without loosing any advantage of pass-through transport.
BTW for the moment you can use one of the following workarounds.
When sending a messages to the proxy service append operation name to the endpoint URL
e.g - http://serverName/app/serviceName/operationName
Modify client level code to send expected SOAPAction value ( like Try-It case)
I'm not sure your backend service's WSDL defined "" as the value of SOAPAction if that is the case you may modified the backend service to have value other than "" per each operation. AS an example for JAX-WS services you can use #WebMethod annotation for this.
e.g - #WebMethod(action="XXXX")
Note : In case if your backend WSDL defining a value other than "" for SOAPAction while your client send message with SOAPAction="" then it's a violation of service contract by the client and need to be fixed on client level.
I have faced the same problem with wso2 ESB 4.7 and the web service is also developed by me for the company.
What worked for me is adding soapAction attribute to wsdl soap:operation element like below.
<soap:operation soapAction="http://localhost:8080/MyWebApp/services/hello" style="document"/>

WSO2 Proxy Service URL not working with SOAPUI

We have CXF based SOAP web services and we are hitting these services from SOAP UI with no problem. With one of these services, I setup a ProxyService on barebone WSO2 ESB 4.6.0. The proxy service seems to be working with the "Try It" option from the admin console. When I try to access it from SOAPUI, the WSO2 ESB starts complaining that
"The endpoint reference (EPR) for the Operation not found is /services/HelloWorldProxyService and the WSA Action = . If this EPR was previously reachable, please contact the server administrator."
Now, when I change the endpoint URL in SOAPUI as http:// hostname:8280/services/service-name.port-name/operation-name things start to work.
Does anyone know how to fix this issue? Are there configuration options on the WSO2 ESB which will let us use traditional SOAPUI with WSO2 ESB?
You can point the proxy service url(you can view this, via service dashboard of the particular proxy) in soapui and for the "action", in the insequence of the proxy define a property call;
. header name="Action" value="soap action"
Here is the guide on vailable properties
http://wso2.org/project/esb/java/3.0.0/docs/properties_guide.html
I have the same problem if I put operation1 at the end of WS URI (http://somedomain.com/WebServiceProxyName/operation1), but post a SOAP message body with constructs for another operation(operation2,3,4,5...) it works!!!
Sample
POST http://somedomain.com/..../operation1 HTTP/1.1
....
....
<soap:Envelope ...>
<soap:Header/>
<soap:Body>
<ws:operation2>
</ws:operation2>
</soap:Body>
</soap:Envelope>
Try to change the (original) WSDL and put the soapAction there:
You can define it as an attribute of the http://schemas.xmlsoap.org/wsdl/soap/:operation element in the binding section, e.g.
<wsdl:binding name="healthcheck-1.0.0SOAP" type="tns:HealthCheck100PortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="doHealthCheck">
<soap:operation soapAction="http://www.xyz.ch/healthcheck-1.0.0/doHealthCheck"/>

WCF Client - 407 Proxy Authentication Required while running webservice

I've created simple WinForms app that uses free webservice http://www.webservicemart.com/uszip.asmx. But this app fails to use service operation with error:
The remote server returned an unexpected response: (407) Proxy Authentication Required (The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied)
Code that creates proxy and triggers service operation:
ChannelFactory<ServiceReference1.USZipSoap> proxy = new ChannelFactory<ServiceReference1.USZipSoap>("USZipSoap");
ServiceReference1.USZipSoap client = proxy.CreateChannel();
string str = client.ValidateZip("12345");
MessageBox.Show(str);
Is this problem with a network of my company or this is a proxy on the side of webservicemart.com?
I've googled a lot of information on changing configuration files, creating a custom binding, etc. But I feel the lack of more basic understanding... If this error is about ISA server of our corporate network then what configuration should I make to ISA Server to not restrict me from using external webservices?
In your binding configuration make sure that useDefaultWebProxy is set to true - it will use configuration you have found in IE. In your configuration file add following snippet to ensure default your credentials are used for authentication on the proxy server:
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
This worked for me... replacing 10.1.0.50 and the port number with your proxy server's IP
<system.net>
<defaultProxy useDefaultCredentials="true">
<proxy usesystemdefault="False" proxyaddress="http://10.1.0.50:8080" bypassonlocal="True" />
</defaultProxy>
</system.net>
Seems like all the traffic in your company is being redirected through a proxy. Can you browse to the web service from your IE and see its wsdl and invoke the test page to see some results. If that is the case then try adding the below section into your web.config:
<system.net>
<defaultProxy>
<proxy proxyaddress="<your proxy address>" bypassonlocal="true" />
</defaultProxy>
</system.net>
You can find the proxy address from the settings of your IE.
NOTE: When you move to different environments then you need to make sure that its the same case else you need to remove the above configuration.
You can set the web.config of the service to allow to use the proxy settings as defined in Internet Explorer.
Sometime in the future.
WebRequest.DefaultWebProxy.Credentials = CredentialCache.DefaultNetworkCredentials;