File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Webservice method exposure in Websphere Application Server

 
Bk Elizabeth
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a SOAP web service deployed in Web Sphere Application Server version 7.0.

I am testing the web service using soapUI tool so that I can check the exact SOAP request and response.

The operation name is : fetchLocations

I changed the operation name in SOAP request to fetchLocations1.

Now when I am hitting the web service, it shows error message in fault string that such operation does not exist.

But it also mentions a detail level logging which exposes the Service class, package name, correct operation name, etc. The SOAP response is as below. I tried changing the log level in WAS to severe. But it's still printing a detail level log in SOAP response which is definitely a vulnerability of the web service.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring>WSWS3277E: Error: Could not resolve to an operation. The message contains an element named ""{http://stock.service.abc.com}fetchLocations1"", but this does not match any operation of the target port. Debug: name: services/stockService
implClass: class com.abc.service.stock.stockService
implClassLoader:
com.ibm.ws.classloader.CompoundClassLoader@6da76da7[war:stockService_war/stockService.war]
Local ClassPath: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war\WEB-INF\classes;C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war\WEB-INF\lib\ojdbc14-9i.jar;C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\WASPDNode01Cell\stockService_war.ear\stockService.war
Parent: com.ibm.ws.classloader.CompoundClassLoader@6bbe6bbe[app:stockService_war]
Delegation Mode: PARENT_FIRST
defaultNS: null
endpointURL: null
OperationDesc[0]:
name: fetchLocations
returnQName: fetchLocationsReturn
returnType: {http://stock.service.abc.com}ArrayOfLocationDTO
returnClass: class [Lcom.abc.service.stock.LocationDTO;
elementQName:{http://stock.service.abc.com}fetchLocations
soapAction: fetchLocations
style: wrapped
use: literal
numInParams: 1
properties:
KEY(ResponseNamespace)
VALUE(http://stock.service.abc.com)
KEY(ResponseLocalPart)
VALUE(fetchLocationsResponse)
KEY(buildNum)
VALUE(r0834.28)
KEY(ServiceQName)
VALUE({http://stock.service.abc.com}stockServiceService)
KEY(portTypeQName)
VALUE({http://stock.service.abc.com}stockService)
KEY(inputMessageQName)
VALUE({http://stock.service.abc.com}fetchLocationsRequest)
KEY(outputName)
VALUE(fetchLocationsResponse)
KEY(usingAddressing)
VALUE(false)
KEY(outputMessageQName)
VALUE({http://stock.service.abc.com}fetchLocationsResponse)
KEY(inoutOrderingReq)
VALUE(false)
KEY(inputName)
VALUE(fetchLocationsRequest)
KEY(targetNamespace)
VALUE(http://stock.service.abc.com)
method:public com.abc.service.stock.LocationDTO[] com.abc.service.stock.stockService.fetchLocations(java.lang.String)
ParameterDesc[0]:
identity: com.ibm.ws.webservices.engine.description.ParameterDesc@4d064d06
name: userId
mode: IN
isReturn: false
typeQName: {http://www.w3.org/2001/XMLSchema}string
javaType: class java.lang.String
javaSigType:class java.lang.String
inHeader: false
outHeader: false
minOccursIs0:false
maxOccursIs1:true
properties:
KEY(partName)
VALUE(string)
KEY(inputPosition)
VALUE(0)
KEY(partQNameString)
VALUE({http://www.w3.org/2001/XMLSchema}string)
</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>




I created a similar web service in NetBeans and deployed in Tomcat which does not log in detail. The SOAP response from Tomcat is as below:\

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
<faultcode>S:Client</faultcode>
<faultstring>Cannot find dispatch method for {http://stock.service.abc.com/}fetchLocations1</faultstring>
</S:Fault>
</S:Body>
</S:Envelope>




Kindly let me know how I can stop the detail level logging happening in WAS.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic