I have a client who want to send a soap message with WS-Security. In this case the complete message is signed with a certifcate. This has to be done in a java action. Now i want to send this generated soap message to its endpoint. A client certificate is needed for the connection. (this should be provided from the Mendix environment ofc) Note: If i send the generated soapmessage out of SoapUI with a client certificate all goes ok, so the soapmessage is ok. I tried three ways to solve this issue all with a java action, (i do not know a way to send a single string out of mendix, the Rest module expects a json object). First i tried the following code:
@SuppressWarnings("deprecation")
public static String mendixway(String URL, String message, String actionName) throws IOException {
byte[] result1 = null;
IWebserviceResponse response = Core.callWebservice(URL, actionName, message);
DataInputStream is = new DataInputStream(response.getStream());
is.readFully(result1);
return new String(result1);
} Core.callWebservice is deprecated but it should still do the work. it answers with a xml message which say that i am not authorized. so it seems no client certicate added by mendix Both other implementationts give me a 500 server error response. see the code for my efforts in the code below.
private static MultiThreadedHttpConnectionManager connectionManager = new MultiThreadedHttpConnectionManager();
static HttpClient client = new HttpClient(connectionManager);
public static String sendLikeRest(String url, String actionName, String soap) throws HttpException, IOException {
HttpMethodBase request = null;
try {
request = new PostMethod(url);
// headers
request.addRequestHeader("Content-Type", "text/xml;charset=UTF-8");
request.addRequestHeader("Accept-Encoding", "gzip,deflate");
request.addRequestHeader("Content-Type", "text/xml;charset=UTF-8");
request.addRequestHeader("SOAPAction", actionName);
// body
RequestEntity requestEntity = null;
requestEntity = new StringRequestEntity(soap, "text/xml", "UTF-8");
((PostMethod) request).setRequestEntity(requestEntity);
int status = client.executeMethod(request);
if (status == 200) {
return org.apache.commons.io.IOUtils.toString(request.getResponseBody(), "UTF-8");
} else {
return "error status " + status + " " + request.getStatusText();
}
} finally {
if (request != null)
request.releaseConnection();
}
} This is build with as example the implemenation of the restmodule in Mendix.
public static String testSoap(String endpointUrl, String request, Pkcs12Util theCert, String actionName) {
HttpsURLConnection httpsConnection = null;
String result = null;
try {
SSLSocketFactory factory = null;
try {
SSLContext ctx;
KeyManagerFactory kmf;
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(theCert.getKeyStore(), theCert.getPassword());
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
throw new IOException(e.getMessage());
}
URL url = new URL(endpointUrl);
// HttpsURLConnection.setDefaultSSLSocketFactory(factory);
httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setRequestProperty("Accept-Encoding", "gzip,deflate");
httpsConnection.setRequestProperty("Content-Type", "text/xml;charset=UTF-8");
httpsConnection.setRequestProperty("SOAPAction", actionName);
httpsConnection.setDoOutput(true);
httpsConnection.setRequestMethod("POST");
httpsConnection.setSSLSocketFactory(factory);
httpsConnection.connect();
OutputStream os = httpsConnection.getOutputStream();
os.write(request.getBytes("UTF-8"));
os.close();
int response = httpsConnection.getResponseCode();
if (response == 200) {
// read the response
InputStream in = new BufferedInputStream(httpsConnection.getInputStream());
result = org.apache.commons.io.IOUtils.toString(in, "UTF-8");
} else {
result = httpsConnection.getResponseMessage();
}
} catch (Exception io) {
Core.getLogger("mymodule").log(LogLevel.ERROR, "Executing request " + io.getMessage());
}
httpsConnection.disconnect();
httpsConnection = null;
return result;
} This is an own implementation. I do not see what goes wrong. Maybe someone else has an idea.
↧