You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by JuliusIT <ri...@yahoo.it> on 2008/11/09 19:35:50 UTC

Exception handling, message size and dynamic encrypt user

Hi

Now that the server is up and running there are 4 things that worry me, I
hope someone can help me or tell me if this things could be done.

1) I would like to catch the exceptions thrown by the ws layer, what I mean
is that I don't want to pass back the exception but a response of my type
with code and human readable message.

2) When the ws layer thrown an exception the server write the exception to
the console, even if i put off all the logger. This is a problem as the
server is not supposed to write anything on the console, only on some
logging files.

3) I see reading around that message with size that excedeed the 10 Mb can
cause problem with garbage collection, i would like to know if there is a
way to reject messages that are bigger then a certain size.

4) I can't find a way to programmatically set the property:

    outProps.put(WSHandlerConstants.ENCRYPTION_USER, "TestClient");

    this is a problem when there are multiple client connecting to the
server as, for now, I can't set the encryption from server to client.

Thanks for the help.

Giulio



-- 
View this message in context: http://www.nabble.com/Exception-handling%2C-message-size-and-dynamic-encrypt-user-tp20409315p20409315.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Exception handling, message size and dynamic encrypt user

Posted by Gabo Manuel <km...@solegysystems.com>.

Hi Julius,

Here is an attempt to answer some of your issues:

 > 1) I would like to catch the exceptions thrown by the ws layer

I think a fault handler would be able to perform this task. Check out: 
http://cwiki.apache.org/CXF20DOC/interceptors.html

> 2) When the ws layer thrown an exception the server write the exception to the console, even if i put off all the logger.

I think this has more to do with the logger you are using. If you are using log4j, I think the best is to turn off all loggings while having a specific log file for errors, e.g.:

log4j.appender.errorFile.File=someerrorfile.log
log4j.logger.some.package.here=ALL, errorFile

> 3) I see reading around that message with size that excedeed the 10 Mb

I think an "in" interceptor would be able to perform this task. From here you would be able to access the http headers, Content-Length. From there you could perform the checks and reject the request, not sure if HttpURLConnection.HTTP_REQ_TOO_LONG or HTTP_ENTITY_TOO_LARGE is the proper error code. 

You can check this link with regards to cutting the message flow:
http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/

I'm not sure I understand the last question, my apologies on that part. :)

Gabo

Re: Exception handling, message size and dynamic encrypt user

Posted by Daniel Kulp <dk...@apache.org>.

On Sunday 09 November 2008 1:35:50 pm JuliusIT wrote:
> Hi
>
> Now that the server is up and running there are 4 things that worry me, I
> hope someone can help me or tell me if this things could be done.
>
> 1) I would like to catch the exceptions thrown by the ws layer, what I mean
> is that I don't want to pass back the exception but a response of my type
> with code and human readable message.

An interceptor at the start of the Fault chain should be able to completely 
re-do the fault into whatever is needed. 

> 2) When the ws layer thrown an exception the server write the exception to
> the console, even if i put off all the logger. This is a problem as the
> server is not supposed to write anything on the console, only on some
> logging files.

This completely depends on the logging framwork in use.    CXF, by default, 
uses java.util.logging and you would need to configure java.util.logging to 
log elsewhere.   There is a system property that can be set to force it to 
use log4j.     See:
http://www.techper.net/2008/01/30/configuring-cxf-logging-to-go-through-log4j/

> 3) I see reading around that message with size that excedeed the 10 Mb can
> cause problem with garbage collection, i would like to know if there is a
> way to reject messages that are bigger then a certain size.

Not sure what the problem would be....   Obviously the bigger the message, the 
more data that is parsed into JAXB objects and such.    

In anycase, the best bet is to put an interceptor at the very beginning of the 
in chain.    You can TRY grabbing the Content-Length from the http headers 
and reject immediately, however that's probably not going to work for CXF 
clients as they use chunking mode and thus no Content-Length is set.   The 
only way to do that is to take the OutputStream from the message, wrap it 
with a new OutputStream that records the amount of data read, and once the 
threashold is crossed, throw an IOException or similar.

> 4) I can't find a way to programmatically set the property:
>     outProps.put(WSHandlerConstants.ENCRYPTION_USER, "TestClient");
>
>     this is a problem when there are multiple client connecting to the
> server as, for now, I can't set the encryption from server to client.

Honestly, I don't know about that one.   :-(    I don't know if setting it in 
the WebServiceContext would work or not.     It WOULD work with the 
WS-SecurityPolicy stuff on 2.2/trunk, but that's completely different 
security setup.

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog