如何利⽤SoapUI⼯具调试XML请求格式的WebService接⼝?尽管WebService已经是⽐较⽼的技术了,但是很多时候还是不得不⽤,尤其是多⽅对接的时候,在做医保这个项⽬的过程中,对⽅要求我⽅提供⼀个WebService服务,这个就⽐较简单了,服务写完了,⼀个同事想要调试⼀下这个接⼝,我便推荐了SoapUI⼯具,可是他的请
求⽼是被拦截,便到我,问我是否做了XSS拦截,能否取消这个拦截?
2020-07-23 17:31:25.372 [http-nio-8080-exec-12] WARN  f.phase.PhaseInterceptorChain - Interceptor for {prod.webService.zhm/}YbtSer f.binding.soap.SoapFault: No namespace on "MsgText" element. You must send a SOAP message.
at f.binding.soap.adVersion(ReadHeadersInterceptor.java:126)
at f.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:175)
at f.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:70)
at f.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at f.Message(ChainInitiationObserver.java:121)
at f.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
at f.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at f.transport.servlet.ServletController.invoke(ServletController.java:208)
at f.transport.servlet.ServletController.invoke(ServletController.java:160)
at f.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
at f.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
at f.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at f.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at at.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.zhmmon.xss.XssFilter.doFilter(XssFilter.java:30)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.uteChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.uteChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.ute(DelegatingSubject.java:387)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.tor.CoyoteAdapter.service(CoyoteAdapter.java:343)
at http11.Http11Processor.service(Http11Processor.java:408)
调用webservice服务at AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at at.util.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at at.util.SocketProcessorBase.run(SocketProcessorBase.java:49)
at urrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at urrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at at.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
看到这,相信⽤过SoapUI⼯具的⼈,都明⽩是怎么⼀回事了,如果传递的是xml报⽂,需要在请求中⽤<![CDATA[xml]]>将xml注释为字符串(xml替换为⾃⼰请求xml即可,需注意空格问题),⽐如这样:
<soapenv:Envelope xmlns:soapenv="/soap/envelope/" xmlns:prod="prod.webService.zhm/">
<soapenv:Header/>
<soapenv:Body>
<prod:ybtFileNotice>
<!--Optional:-->
<arg0><![CDATA[<?xml version="1.0"  encoding="UTF-8"?>
<MsgText>
<GrpHdr>
<version>1.0.0</version>
<Ref>1021000000002012090600000000000000000001</Ref>
<BusCd>0113005</BusCd>
<TradSrc>S</TradSrc>
<Sender>
<InstId>10200000</InstId>
</Sender>
<Recver>
<InstId>00000001</InstId>
</Recver>
</GrpHdr>
<BusiText>
<BkSeq>20120814100000008443</BkSeq>
<SiSeq>110461</SiSeq>
<BkAcct>
<Id>53001875036050459002</Id>
<Name>公司⼋三</Name>
</BkAcct>
</BusiText>
</MsgText>
]]></arg0>
</prod:ybtFileNotice>
</soapenv:Body>
</soapenv:Envelope>
⾮常有意思的是,由于xml后必须跟256位的MD5验签,程序中⾸先校验验签是否通过,然后再截取XML进⾏转换,然后这个同事⼜犯了⼀个很有意思的错,直接这样就运⾏了:
⾯,如:

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。