I want to know how can I change the address location to which my webservice client makes the request.
I created my webservice client using a wsdl given to me in which the address location of the webservice is specified in the next line:
I want to change this address to the same one plus a post parameter, it will look something like: "http://10.10.10.11:8080/posystem/soaj/updateService?param=312312312"
The value of the parameter constantly changes then I need to change the address.
Any ideas to change that address in code?
Thanks in advance!!
Kumar Raja wrote:Hi David,
Just curious to know, why you want to change the service URL, when the service hosted is specified in WSDL.
I have to change that url because I also have to send a parameter with a token that I get before using an authentication process.
That token changes everyday, then I cannot fix the whole URL.
The fix part is: http://10.10.10.11:8080/posystem/soaj/updateService which is the one specified in the wsdl
The part that I have to add is the parameter thing.
I thinkg that the correct way would be letting that URL fix and somehow sending the parameter with POST, but I dont know how to set that parameter,
then I thought about the option of putting it in the url. (maybe not the best solution) :S
btw, I genereted my webservice client using the netbeans wizard, when I import the webservice client operation I just get the an instance of my webservice client class
which extends from javax.xml.ws.Service.
I have been exploring the object, and I cold not find where the url to access the webservice is stored. :S
Somewhere I read that SOAP 1.1 (atleast) supports only POST. So if you are using SOAP1.1, I seriously question on the possibility of appending the parameter to the URL. But SOAP 1.2 seems to support GET request, though I have not seen any examples. But the other option is RESTful style WS. But that would interfere with your design.
I'm also eagerly waiting to hear from experts on this problem .
Now coming to the URLin the Service class, I usually use eclipse and ant build script to generate the artifacts (ofcourse uses wsimport) and I see it being used in the static block of the class. Something like below
But I supply this URL as the WSDL location in wsimport.
The other option is to create Service object using one of its overloading constructors which takes URL, Qname. Have you tried this option ?
I already tried creating the service with url and the qname, but in that case I have to send the wsdl url.
The url that I have to change is not the url of the wsdl but the one where the webservice is located. :S.
This is part of the wsdl file:
The line 14 contains the url that I have to change.
Just to test the webservice I change the wsdl adding to that url this: ?SessionID=9540f8c0-2a23-11e0-b723-3221365d415d then in that line I temporally put
After that I generate my client again with the new wsdl and it worked perfectly... but the problem is that the value of SessionID constantly changes... then
somehow I have to make it change in my client too :S.
Then the 2 possible solutions are:
1. Make that url change.
2. Set the url to "https://10.285.16.20:443/Services/Service0002/Interface/Service0002.serviceagent/portTypeEndpoint" and somehow send the SessionID parameter
But I still dont have idea how to do it
Ivan Krizsan wrote:Hi!
With JAX-WS, here is how:
Thanks Ivan, I learnt something new today.
But, one question which I have now is, if at runtime we can change the endpoint address (compared to what initially existing) would not it cause the problem. Say for eg,
there is a service deployed with endpoint as http://www.domain1.com/servicename/service and now if we change this to http://www.domain2.com/servicename2/service2, how is it ensured that the request is actually going to the right service located at right host... I may be sounding stupid, but a little bit confused
Kumar Raja wrote:But, one question which I have now is, if at runtime we can change the endpoint address (compared to what initially existing) would not it cause the problem. Say for eg,
there is a service deployed with endpoint as http://www.domain1.com/servicename/service and now if we change this to http://www.domain2.com/servicename2/service2, how is it ensured that the request is actually going to the right service located at right host...
Doubt is a good thing!
I have found that the best way to clear my own doubts is to perform experiments.
Thus, this is what I would have done in your place:
- Find a public web service with a WSDL.
- Develop a web service client for the web service.
- Send and receive a request to the web service to see that it works as expected.
- Download and install Membrane SOAP monitor ( http://www.membrane-soa.org/soap-monitor/ ).
- Configure Membrane to receive requests and pass them on to the endpoint in the WSDL.
- Change the endpoint address of the web service client developed to localhost:2000 (2000 is the default port Membrane listens on, may need to be changed if you changed the Membrane setup).
- Run the web service client again and send a request to the service.
- Look at the message log in Membrane.
If the web service message is displayed in Membrane, this means that your web service client indeed sent it to localhost instead of the original endpoint address.
Since Membrane will forward the message, it will be delivered to the real web service and, when a response arrives to Membrane, the response will be forwarded to the web service client you developed.
The logging of the request and response in Membrane is the proof that the client used the new endpoint address you configured.
I understand your point. Please correct me if I'm wrong here. When Monitor was configured to forward the request it receives at port 2000 to port 8080 (in this instance), when the SOAP request is sent, it relayed that request to 8080. May be Monitor is designed to work only to relay the request and it may not actually check what the service is, why it was invoked when it does not really host that service.
But what I was thinking earlier is, suppose there are two services hosted at http://genuine:8080/app/actualservice and http://fraud:8080/app/fraudservice where in first service is the genuine one and the second one is a fraud and wicked. Now assume that the original artifacts were created based on the wsdl located at the good service. Now, if the endpoint can be changed either dynamically or static, by accident or by intention, if the request is forwarded to an evil service, then would that not be risky. This is what I was thinking earlier, on why should they even let you change the endpoint once artifacts are generated.
Yes, if the intention is bad , the evil developer could follow other ways of routing the request to bad service, specially through dynamic approach, but should not this be restricted atleast in proxy invocation.
Am I contradicting myself
Security is a very big and complex topic (to me, at least).
If a person has physical access to a computer, then he/she can do about anything he/she desires, including replacing the entire computer with one of his/her own. Modifying the program(s) that is running on the computer is one of the more less likely things I suspect, since it is time consuming.
People do not need to gain physical access to the client computer to be able to intercept, replace and/or redirect messages from a client.
I am sure there are a lot more things to worry about, but I am not a security expert.
The conclusion to draw, as far as I am concerned, is that if you need to consider security, you hire someone who works with security for a living for some time to get advice how to secure the particular scenario in question.
There are a lot of books and articles one can read and having basic knowledge of security and threats is very good, even though you hire a security consultant.