You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Robert Bateman <bo...@sequoiallc.com> on 2005/02/09 19:31:37 UTC

Message response code(s)

Hello everyone!

I'm currently in a tug-of-war with the folks over in our network
"security" department over a web service I'm attempting to deploy.

My web service is a one-way transaction.

The security folks are complaining because they are seeing HTTP 202
ACCEPTANCE messages in their network logs without any associated HTTP
200 OK message.  They insist that my web service is broken because it
doesn't notify the client via a HTTP 200 message that processing is
complete.

The person I'm in a tug-of-war with has gone so far as to "convince" our
IT Director that my web service is broken and shouldn't be allowed to be
deployed.  the "security" person insists my web service is leaving
things open and is a very large security risk.  I've shown my management
all of the documentation about HTTP 202 messages that I can find - none
of which indicates my web service is truly broken.

Is my Web Service truly broken?  I've replaced my web service with a
simple stub that does nothing more than return - and my result from Axis
is a HTTP 202 message of zero length.

Is it possible to replace the 202 message with a 200 message to get the
Network Security people off my back?


Thanks in advance!

Bob

Re: Message response code(s)

Posted by Bill Keese <bi...@tech.beacon-it.co.jp>.

Hi Robert,

I don't know anything about one-way transactions (it sounds similar to
putting a message onto an asynchronous queue), but I'm curious why you
don't want to return a response from your web service... even if the
response says "I got your message and I'm going to process it later". It
seems easier to change your webservice than to fix the people problem.

Bill

Robert Bateman wrote:

>Hello everyone!
>
>I'm currently in a tug-of-war with the folks over in our network
>"security" department over a web service I'm attempting to deploy.
>
>My web service is a one-way transaction.
>
>The security folks are complaining because they are seeing HTTP 202
>ACCEPTANCE messages in their network logs without any associated HTTP
>200 OK message.  They insist that my web service is broken because it
>doesn't notify the client via a HTTP 200 message that processing is
>complete.
>
>The person I'm in a tug-of-war with has gone so far as to "convince" our
>IT Director that my web service is broken and shouldn't be allowed to be
>deployed.  the "security" person insists my web service is leaving
>things open and is a very large security risk.  I've shown my management
>all of the documentation about HTTP 202 messages that I can find - none
>of which indicates my web service is truly broken.
>
>Is my Web Service truly broken?  I've replaced my web service with a
>simple stub that does nothing more than return - and my result from Axis
>is a HTTP 202 message of zero length.
>
>Is it possible to replace the 202 message with a 200 message to get the
>Network Security people off my back?
>
>
>Thanks in advance!
>
>Bob
>
>
>
>  
>