JAXB Unexpected Element - jaxb

I have a JAXB web service that does not expect the element Id to be passed across, and a client that passes that element anyhow.
The version of the web service currently in production silently ignores that unexpected element, but the version in QA complains. Tracing the XML of inbound requests, I confirmed the Id element is sent both to the production and QA versions of the service.
The error message in QA is:
org.apache.cxf.interceptor.Fault:
Unmarshalling Error: unexpected
element
(uri:"http://mydomain.com/transaction",
local:"Id"). Expected elements are...
The message is pretty clear, but the solution is not as the client is widely deployed.
As a first step, I would like to try and understand why the production version accepts this extra element while the QA version does not. There are not many differences between the two releases.
Suggestions where to look?

i dont know whether i got you question correct, but what i understand that you are creating xml using jaxb Marshaller and sending it to service. in prod your service accepts element which ever you pass..i assume that you have restfull webservice which unmarshalls the xml and validation by code. i suggest instead of inspecting inbound xml request check the code deployed in QA and PROD.. since the exception will be thrown during the validation which happens after unmarshalling of xml.. hope this helps :).

Related

Guidewire PolicyCenter The object you are trying to update was changed by another user. Please try your change again

I'm having this weard mistake "The object you are trying to update was changed by another user. Please try your change again." I would like to know what is the reason of this without context. There are no logs about it, no exception stacktrace, no information about this mistake in documentation. I believe this is something about Bundles but I want to now the exact reason
GW throws several exceptions related, by example ConcurrentDataChangeException, DBVersionConflictException depending of entity type. It occurs when a bean is modified concurrent by two or more transactions (bundle).
This error usually happens because on one bundle two transaction changes are trying to commit where prior bundle is still not committed.
Let us understand with one example- There is user which does a policy change to add any contact or any other business operation. And at the same time another user open same transaction in his GW PC UI and tries to do some business operation at this GW system throws this error on UI because the pervious bundle is still not committed.
The error trace leads you to some OOTB java classed and I think you can get it from PCLogs from PC UI Server logs.
Hopes this clarifies you.
Actually this happens because your object was updated by someone else on the DB during your db read from the DB and your attempt to write it back into the DB.
GW does this by leveraging the version check from your database object.
The exception message actually tells you who and when did the conflicting update. There're no stack traces that will point you to the cause of the other update.
Root causes might be several - from distributed cache in clustered env going out of sync to actually having some other party doing work on the same entities as you do. So the fix is per case really.

How to prevent ServiceStack from leaking private server information during 403 Forbidden Response

Servicestack Version: 3.9.71.0
Target Framework: .NET 3.5
Program background: has been in production use for over 3.5 years
Recently due to a customer security audit items were brought to our attention. All but one have been eliminated as IIS configuration changes.
The last item identified describes a situation in which the probing software accessed an endpoint without the proper authentication. This was fine and the expected result was the 403 Forbidden. The unexpected result was that the response body is displaying certain internal information of the server.
Based on quite a few articles I have searched it seams the the response body information being returned is a result of how Servicestack my be configured.
I realize this is a fairly older version of Service Stack. My preference would be to identify an IIS setting to override a forbidden response. Aside from that an option to just return a status code of 403 without the additional information. The third would be to create and use a custom 403 response object to control what is revealed.
Any guidance or help would surely be appreciated.. Thank you in advance.
ServiceStack v3 is a very old version of ServiceStack last updated in 2013. If you need to make any changes you'll need to create a custom build from its Sources
Looking at the v3 sources for how it resolves the ForbiddenHttpHandler:
ForbiddenHttpHandler = config.GetCustomErrorHttpHandler(HttpStatusCode.Forbidden);
It looks like you'll be able to override what HttpHandler is used by overriding the CustomHttpHandlers, e.g:
EndpointHostConfig.Instance.CustomHttpHandlers[HttpStatusCode.Forbidden] = MyHandler {...}

#DocuSignAPI Unspecified_Error

I am trying to use CreateEnvelopesFromTemplatesAndForms.
I have used the PDF that I am uploading effectively using the simple CreateEnvelope. I have also used the PDF effectively by manually uploading it via the Web UI. So I don't think the error relates to the PDF.
Any hints on how to troubleshoot "Unspecified_Error" ?
I would suggest downloading SoapUI from SmartBear, then create a new SOAP Project and point it at DocuSign's WSDL: https://demo.docusign.net/api/3.0/api.asmx?WSDL. SoapUI will create sample calls for each of the DocuSign SOAP methods in the WSDL.
The error message you're getting means (generally) that you're not providing a field value that's required, or you have included a node tree that isn't necessarily required but since you included it, all of the values need to be valid.

Custom error messages for Jersey/JAXB XML validation errors

So I have a REST service setup with Jersey.
My POJO is simply annotated as #XmlRootElement
I send a POST request to my REST service and everything works fine.
1- I send malformed XML to the service I get back the containers default 400 Bad Request page. Using Glassfish 3 I can't remember exactly but I know I can change or tell my web app to map to my own 400 bad request right? Where can I look for docs on that specific subject.
2- I send valid XML but in one of the expected fields I put empty value. My service tries to do something and it throws a persistence exception. I get back the containers default 500 Internal Server Error page and it list the exception thrown. I guess I can map to my own custom error page as well, but I do not just want to show the exception message. This is considered a security issue.
I would basically like to validate the fields myself based on my business logic and return back to the client an error message such as "Field1 is invalid" Nothing more nothing less. And the client should be able to parse the error code and also know which field was wrong.
Also what can I do when my service has more then one type of bad request error? For instance, the field can expect an INT value between 1-3, but specific business request expects value of 2 and a 3 is sent.
So for type/value validation I want to simply say "Invalid field name here". But for specific business logic say for instance "Invalid account" or "Account Expired" or "Address Does Not Match" etc...
Or how about when I have more then 1 success code?
Basically I'm taking an old "xml" type service and converting to REST style for proof of concept and bring it up to standards. The old one pretty much is 100% POST even when "querying for results. I.e: GET. So basically you POST to it XML, it reads the XML, calls the business logic and logic returns appropriate code in the XML response. So everything is HTTP 200 OK and the business logic code is returned in an XML response. So the only time a client gets a 500 error is when there is hard failure where the service can't produce an XML response. Even invalid XML is returned as 200 OK, but the XML response back indicates this with my own errors codes.
A while back I was suggested I use SOAP for more "message" oriented services, but I still think it's to heavy and I can achieve with REST what my service does, even though I don't need most of REST?
You can map exceptions to HTTP responses using ExceptionMappers - see:
http://jersey.java.net/nonav/documentation/1.11/jax-rs.html#d4e433
http://jsr311.java.net/nonav/releases/1.1/javax/ws/rs/ext/ExceptionMapper.html
If you want to do validation before the request even reaches the resource method, you can try writing a ContainerRequestFilter for that and throw a WebApplicationException which takes Response as a parameter - jersey automatically maps that exception to the response it was initialized with.

Handling WCF Proxy null return issue

I have a WCF Client Proxy connected to a third party webservice.
The proxy works fine with nearly everything except on function.
This function works just fine with a ASMX proxy.
I have added service trace logging and can see the response from the service coming back.
Only the proxy returns null.
So now I know for sure that the proxy is at fault.
Where to from here?
RESOLUTION
I found the issue. WCF is less forgiving than an ASMX proxy.
The service WSDL specifies that the returned object was called "data", and the actual xml passed back was called "result"
So that was a great goose chase! I think i wasted 4 hours on this problem!
You can try to use Trace Viewer to analyse WCF communications in more detail and find out more detail when errors are encountered.
Within the app.config (Client) and web.config (Server), you can add blocks. To enable tracing, simply add dignostics blocks and trace files will be generated in the specified location when the app is run. This should enable you to dig a little deeper with the problem.
Trace viewer can be found:
("C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\SvcTraceViewer.exe")
Info on trace viewer usage:
http://msdn.microsoft.com/en-us/library/aa751795.aspx
Also, what type of method is it? does it return complex types or simple types?
ADDED:
Ah, sorry about the mis-read, didn't realise you had no control of server side. I'd try to update the service reference/proxy (you've probably already done that) and check if anything has changed.
WCF doesn't make tracking down issues very easy i'm afraid. Is it possible to provide the method signatures for a call that works and one that doesn't so we can see what data types are being passed about?

Resources