SOAP Header Errors in JAVA Web Service

Question

I'm new for Web Service Development, I'm trying to implement the JAVA web service using XACML approach.

I've implemented 2 very simple web services which contain one method that return a String and also the PEP who will filter all requests to my web services. All Clients (RPCServiceClient) must to pass some necessary information via SOAP header (addHeader method) when it calls my web service, by default SOAP header is empty for RPCServiceClient service call. After PEP intercepted a request, it will extract these information and passing as parameters of the authorization method. The problem is when my PEP tries to read the SOAP header, I get always this exception:

org.apache.axis2.AxisFault: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
    at [row,col {unknown-source}]: [1,0] 
    at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
    at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:123)
    at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:67)
    at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:354)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
....

I've already verify if my SOAP message is well-formed, but It still have the same problem.

Somebody can help please??

EDITED:

Here is SOAP request sending from Client.

<?xml version='1.0' encoding='UTF-8'?>
 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
    <ns1:RequestSOAPHeader xmlns:ns1="http://ws.transaccess.com">
     <ns1:username>bob</ns1:username>
     <ns1:action>read</ns1:action>
     <ns1:resourceId>file1</ns1:resourceId>
    </ns1:RequestSOAPHeader>
   </soapenv:Header>
   <soapenv:Body>
    <getRead xmlns="http://ws.transaccess.com">
     <arg0 xmlns="">bob</arg0>
    </getRead>
   </soapenv:Body>
 </soapenv:Envelope>

UPDATE: This is my PEP :

public class WebPEP implements Filter{

public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain chain) throws IOException, ServletException {

    if (req instanceof HttpServletRequest && res instanceof HttpServletResponse) {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        // PEP filter 
            RequestWrapper copiedRequest = new RequestWrapper(request);
            try{
                BufferedReader bReader = copiedRequest.getReader(); 
                String soapText=bReader.readLine(); 

                // Create SoapMessage  
                MessageFactory msgFactory     = MessageFactory.newInstance();  
                SOAPMessage message           = msgFactory.createMessage();  
                SOAPPart soapPart             = message.getSOAPPart();  

                // Load the SOAP text into a stream source  
                byte[] buffer                 = soapText.getBytes();  
                ByteArrayInputStream stream   = new ByteArrayInputStream(buffer);  
                StreamSource source           = new StreamSource(stream);  

                // Set contents of message   
                soapPart.setContent(source);

                //Try accessing the SOAPBody  

                SOAPHeader soapHeader = message.getSOAPHeader();
                NodeList param =  soapHeader.getElementsByTagNameNS("http://ws.transaccess.com", "RequestSOAPHeader");

                if(param.getLength()>0){
                    Element accessInfo = (Element) param.item(0);
                    NodeList user = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "username");
                    targetUser = user.item(0).getTextContent();
                    NodeList action = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "action");
                    targetAction = action.item(0).getTextContent();
                    NodeList resource = accessInfo.getElementsByTagNameNS("http://ws.transaccess.com", "resourceId");
                    targetResource = resource.item(0).getTextContent();
                }  

            } catch (SOAPException e1) {

                e1.printStackTrace();
            } 
            try {

                if(isUserAuthorize(targetResource, targetUser, targetAction)){
                    System.out.println("\nUser is authorized to perform this action\n\n");
                } else {
                    System.out.println("\nUser is NOT authorized to perform this action\n\n");
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            chain.doFilter(req, res);
        }
        else{
            chain.doFilter(req, res);
        }
}
@Override
public void destroy() {
    // TODO Auto-generated method stub
}

@Override
public void init(FilterConfig arg0) throws ServletException {
    // TODO Auto-generated method stub
}

}

Did you try your web service and client alone independently of the XACML PEP? Did you try the PEP independently of the web service you want to protect? What implementation are you using? — David Brossard, Dec 16 '13 at 14:30
@DavidBrossard Yes, I did. Web service and client alone independently of the XACML PEP is work. PEP itself is work as well (if I pass all parameters via POST or GET) but it doesn't work for the extraction of SOAP message. I'm using Axis Java. — N87UW, Dec 18 '13 at 09:26
Did you write the PEP yourself? Can you show us the code the PEP uses to extract the SOAP payload? — David Brossard, Dec 18 '13 at 09:40
@DavidBrossard Sorry for my late reply, I've carefully verified the extraction of SOAP Message, it didn't cause this problem but it seems that **My PEP** did (`chain.doFilter(req, res);`). Because When I removed the extraction and assign manually the parameters,it could check the authorization correctly but it still have the same exception. Something I don't get it is I didn't modify neither `HttpServletRequest` nor `HttpServletResponse`. At the present, I just want to print if it is authorized or not. — N87UW, Jan 20 '14 at 10:57

score 0 · Answer 1 · answered Dec 16 '13 at 12:44

0

Please make sure you are using: http://ws.transaccess.com and not http://ws.transaccess.com/. (trailing /) Good luck

answered Dec 16 '13 at 12:44

FazoM

4,777
6
43
61

Yes, I'm sure. `http://ws.transaccess.com` is the XML namespace, I can get the information what I want from SOAP header but the invocation of web service produce this exception. – N87UW Dec 16 '13 at 13:27
Sorry, it might be my mistake - check trailing `/`'s on WebService invocation. – FazoM Dec 16 '13 at 13:32
If I let the request pass directly to the target, the WebService invocation is fine. The exception appear only when I try to extract the SOAP Message. Both case have the same SOAP Message. – N87UW Dec 16 '13 at 13:37

score 0 · Accepted Answer · answered Jan 21 '14 at 09:52

Problem has solved, The cause of this problem is I forwarded the wrong (HttpServletRequest) request. I should forward

chain.doFilter(copiedRequest, res);

Instead of

chain.doFilter(req, res);

Since I'm working on copiedRequest

Thanks for your comments

score -1 · Answer 3 · answered Dec 16 '13 at 07:01

-1

What i could understand from the error, Whwn PEP is trying to authenticate using parameters from your soap header, It is getting html/text message in response instead of soap message . Either you are providing wrong user name and password in header or you are not returning soap message in your webservice implementation.

Thanks, ambuj

answered Dec 16 '13 at 07:01

kingAm

1,755
1
13
23

What are you expecting in terms of "help". You posted the error, i am telling you the reason. If you will copy the from your wsdl and paste it in webbrowser addressbar, it will ask for credential and you will get some error in html format i suppose (like login failure or something). Thats the reason you are getting this error. it should return success message like "SOAPServletSuccess", something like that. – kingAm Dec 16 '13 at 08:18
post your implementation, step by step to find exact error dear. – kingAm Dec 16 '13 at 08:22
Thanks for your comment @ambuj My PEP is an implementation of `javax.servlet.Filter` interface. it will intercept all requests (SOAP Message) sending from client and it is trying just to check the authorization to invoke the webservice target. If the user who send this request have a right to access, I'll let this request pass to webservice corresponding if not I'll reject the request. The problem is when I try to extract SOAP header it produces this exception. There is something I don't understand, when I let le request pass directly to the web service without verification, everything is fine – N87UW Dec 16 '13 at 13:22

SOAP Header Errors in JAVA Web Service

3 Answers3