I am running an SpringBoot application and I have a controller which defines Rest Api and accepts a request by a list of ids. Normally it works fine but if number of ids gets bigger, then I receive http 503. Interesting thing is that I cannot see any logs that my request was received by controller as well. Therefore I am not able to understand what is happening. Do you have any idea what can be worth to check ?
503 is a error code, which means service or url or controller, that you are requested is not running/available, make sure your jar file is running and also make sure the url you requested is valid. since service is not available you cant see any logs or error messages. because your controller dint receive any request yet.
The 503 error indicate that the server is not ready to handle the request.
There are some limitations for transferring data through URL , basically the length of the URL
In general the limit was 2047 chars and it is different for different browsers
503 means Service Unavailable.
I think something is wrong with your request.
You can try to add a custom OncePerRequestFilter and log your HTTP Request.
Related
When testing with the jsonplaceholder.typicode.com site java code does not need to set any headers. Reading the json from a URLConnection works fine. However other http endpoints will return a 403 Forbidden unless a HttpURLConnection is used and the User-Agent request property is set.
Is there a way other than trial and error to figure out the required headers for a given http endpoint?
There's nothing in the HTTP protocol that allows you to observe what headers a particular server is expecting. You send a request, and the server sends a response, that's all. (A nice server may, of course, choose to embed a helpful error message in its response.)
So the literal answer to your question is: no, there's no way to determine this beyond trial and error (unless you have access to documentation and/or source code).
I need to use Blackboard Web Services and I don't know how to establish a connection throught SOAP. I need something like Security Header. I read a lot, but always when I try to connect I get this kind of error.
I have a little big problem with this exception. Nothing is clear for me. I have nothing at the application log. I cannnot guess what should be the problem. I read also about AXIS2, Timestamps...
2016-03-08 20:53:58,739 ERROR edu.ku.it.si.registerproxytool.controller.RegisterToolController.registerProxyToolWithBlackboard:84 - There was an error in registering the tool: WSDoAllReceiver: Incoming message does not contain required Security header
Process finished with exit code 0
I'm looking to connect with a Blackboard web service through SOAP, and I can not send a correct Security Header
I read a lot about it, and finally I found this article. I'm using the project this guy post in the pdf. I have a Blackboard instance working at localhost on port 9876. I can do everything I want with it. It works fully.
I also tried to use SOAPui and I'm reaching a different error:
WSDoAllReceiver: security processing failed (actions mismatch)
I don't want to read more, I read more than 150 articles about it, and nothing.
Thanks :)
I have just started playing around with Blackboard web services, at the moment I am just accessing using SOAPui.
I am able to connect and send various functions, along the way I experienced the same error via SOAPui as you and so I found your question.
I overcame this error by doing the following:
Create a session using ContextWS.initialize, the username should be 'session' and the password 'nosession'. If successful this should return a token string.
Login using ContextWS.login. The username in the header should be 'session' and the password should be the token returned in 1. The userid and password in the body should be those of a user with sufficient web services permissions. If successful this should return 'true'.
Call whichever WS functions you wish. Always send the 'session' and token username and password in the header.
I found this here:
https://community.blackboard.com/docs/DOC-1116
I also found https://community.blackboard.com/thread/2147 and the linked youtube video useful to understand how to send the data correctly using SOAPui - you may need to change the wsdl url to https as SOAPui reverts it to a standard http. You also need to add a timestamp for every call.
I am making two HTTP GET requests to my (server) webservice in Java from a PHP website I am developing currently. I use the same function for making the GET requests. Server rejects one request & returns null as response while it accepts the other one & returns the correct response. Both these GET requests when tried from Google Chrome's extension POSTMAN returns correct response.
Why is server acting so weird like this?? For the request that server rejected, it says No 'Access-Control-Allow-Origin' header is present on the requested resource. Why is it so??? So, this means for the request that the server accepted, this particular header is present. I am confused.
The Access-Control-Allow-Origin is some kind of security-header sent by the server to prevent your server being called by random other servers but all processing of these headers is left to the client side. This means that your client-library (your webbrowser for example) checks if the domain currently visited is present in the Access-Control-Allow-Origin-Header. POSTMAN bypasses these checks (since it cannot currently visit any domain) and therefore always returns the response.
What you should check to prevent this issue from happening is that you always include the client-side-domain in Access-Control-Allow-Origin (or simply use * to allow all origins). Make sure to also include it in OPTIONS requests since they are often sent prior to POST or PUT requests.
If your requests are just failing on a certain HTTP-Method make sure to also set the Access-Control-Allow-Methods-Header to include all required HTTP-Methods (or simply use *)
Since POSTMAN always accepts your request it’s a good tool to check if these headers are included in the response. If not, simply add them and you should be fine.
I am trying to consume IBM BPEL web service, which is published on a live server and consumer using core java, working fine but the code have a warning message:
Dec 10, 2013 10:18:31 AM
com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
WARNING: SAAJ0014: Invalid reply message. Content length of reply was
zero.
NOTE: As designed this web service does not reply anything (response is empty). How can I disable calling party SAAJ client not to expecting a reply from the web service response?
I suppose that BPEL has nothing to do with the web service part. From your message I understand that when you call the web service from your client, the response is empty. Therefore, the probable cause could be in the following points:
The specific web service function gets nothing from the business logic layer to return.
You have to debug using breakpoints to find if this is true.
The web service function gets something from the business logic layer but it returns nothing due to an error in the specific function. You have to debug using breakpoints to find if this is true. Maybe the flow control of the function has a bug. Or maybe a data serialization exception throws and gets lost.
The web service endpoint is not configured properly. Double check the web service endpoint configuration. IP, port, credentials, authorization. Perhaps the web service is configured to return nothing when an anonymous user is calling it.
The client calls another endpoint. Double check that the client executes the correct request. Try using another client (eg SOAP UI) to see if it gets the same response. If the response is not the same, then the problem is on the client side.
You have the setup and the code, so you have to find out what is going wrong.
Hope I helped!
I have created a web service (RESTful) with Spring MVC 3.1 and I have added Spring security. One of the endpoints is /users/{id} which should only be available to administrators. However /users/{id} is also available to a user if and only if the username of the retrieved resource matches that of the logged in user. This is solved by using a #PostAuthorize annotation.
Now, if a user access /users/999 (which is not the logged in user), should I return HTTP status 404 or HTTP status 403? Currently I am doing a 404 (not found), but should it have been a 403 since the user shouldn't be able to access it?
If so, how would you do that when you rely on a #PostAutorize annotation?
#PostAuthorize("returnObject.username == principal.username and hasRole('ROLE_USER')")
I would use 404, because whether the resource exists or not is not information a non-administrative user should have. This is even covered in the HTTP specification with regard to code 403:
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity. If the server does not wish to
make this information available to the client, the status code 404
(Not Found) can be used instead.
(My emphasis.)
If you used 403 instead, you'd have to use 403 when replying to non-admin requests for resources that didn't exist, otherwise your implementation would be leaking information (which users exist and don't) to non-admin users who shouldn't have that information.
There's an argument for using 403 (even if the user doesn't exist), but I think 404 edges it out. However, whichever you use, use it consistently when replying to requests from non-admin users for user pages other than their own, to avoid the information leak.
You should use 403 as the resource is available but user is not allowed. HTTP 403 specification clearly mentions that:
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated. If
the request method was not HEAD and the server wishes to make public
why the request has not been fulfilled, it SHOULD describe the reason
for the refusal in the entity. If the server does not wish to make
this information available to the client, the status code 404 (Not
Found) can be used instead.
A web server may return a 403 Forbidden HTTP status code in response
to a request from a client for a web page or resource to indicate that
the server refuses to allow the requested action. In other words, the
server can be reached, but the server declined to allow the requested
access.