aspose file tools*
The moose likes Websphere and the fly likes Webservice method exposure in Websphere Application Server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Webservice method exposure in Websphere Application Server" Watch "Webservice method exposure in Websphere Application Server" New topic
Author

Webservice method exposure in Websphere Application Server

Bk Elizabeth
Greenhorn

Joined: May 06, 2013
Posts: 1
I have a SOAP web service deployed in Web Sphere Application Server version 7.0.

I am testing the web service using soapUI tool so that I can check the exact SOAP request and response.

The operation name is : fetchLocations

I changed the operation name in SOAP request to fetchLocations1.

Now when I am hitting the web service, it shows error message in fault string that such operation does not exist.

But it also mentions a detail level logging which exposes the Service class, package name, correct operation name, etc. The SOAP response is as below. I tried changing the log level in WAS to severe. But it's still printing a detail level log in SOAP response which is definitely a vulnerability of the web service.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring>WSWS3277E: Error: Could not resolve to an operation. The message contains an element named ""{http://stock.service.abc.com}fetchLocations1"", but this does not match any operation of the target port. Debug: name: services/stockService
implClass: class com.abc.service.stock.stockService
implClassLoader:
com.ibm.ws.classloader.CompoundClassLoader@6da76da7[war:stockService_war/stockService.war]
Local ClassPath: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war\WEB-INF\classes;C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war\WEB-INF\lib\ojdbc14-9i.jar;C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war
Parent: com.ibm.ws.classloader.CompoundClassLoader@6bbe6bbe[app:stockService_war]
Delegation Mode: PARENT_FIRST
defaultNS: null
endpointURL: null
OperationDesc[0]:
name: fetchLocations
returnQName: fetchLocationsReturn
returnType: {http://stock.service.abc.com}ArrayOfLocationDTO
returnClass: class [Lcom.abc.service.stock.LocationDTO;
elementQName:{http://stock.service.abc.com}fetchLocations
soapAction: fetchLocations
style: wrapped
use: literal
numInParams: 1
properties:
KEY(ResponseNamespace)
VALUE(http://stock.service.abc.com)
KEY(ResponseLocalPart)
VALUE(fetchLocationsResponse)
KEY(buildNum)
VALUE(r0834.28)
KEY(ServiceQName)
VALUE({http://stock.service.abc.com}stockServiceService)
KEY(portTypeQName)
VALUE({http://stock.service.abc.com}stockService)
KEY(inputMessageQName)
VALUE({http://stock.service.abc.com}fetchLocationsRequest)
KEY(outputName)
VALUE(fetchLocationsResponse)
KEY(usingAddressing)
VALUE(false)
KEY(outputMessageQName)
VALUE({http://stock.service.abc.com}fetchLocationsResponse)
KEY(inoutOrderingReq)
VALUE(false)
KEY(inputName)
VALUE(fetchLocationsRequest)
KEY(targetNamespace)
VALUE(http://stock.service.abc.com)
method:public com.abc.service.stock.LocationDTO[] com.abc.service.stock.stockService.fetchLocations(java.lang.String)
ParameterDesc[0]:
identity: com.ibm.ws.webservices.engine.description.ParameterDesc@4d064d06
name: userId
mode: IN
isReturn: false
typeQName: {http://www.w3.org/2001/XMLSchema}string
javaType: class java.lang.String
javaSigType:class java.lang.String
inHeader: false
outHeader: false
minOccursIs0:false
maxOccursIs1:true
properties:
KEY(partName)
VALUE(string)
KEY(inputPosition)
VALUE(0)
KEY(partQNameString)
VALUE({http://www.w3.org/2001/XMLSchema}string)
</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>




I created a similar web service in NetBeans and deployed in Tomcat which does not log in detail. The SOAP response from Tomcat is as below:\

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
<faultcode>S:Client</faultcode>
<faultstring>Cannot find dispatch method for {http://stock.service.abc.com/}fetchLocations1</faultstring>
</S:Fault>
</S:Body>
</S:Envelope>




Kindly let me know how I can stop the detail level logging happening in WAS.
 
 
subject: Webservice method exposure in Websphere Application Server
 
Similar Threads
Problem in Throwing Exception
SOAP Request and Response problem
Error : Axis Engine Cudn't find the target
Why Getting Fault Code in SOAP Response Message
JAX-WS: when input soap validation fails