spring-ws icon indicating copy to clipboard operation
spring-ws copied to clipboard
verified publisher icon spring-projects

SOAP11: Invalid request XML causes HTTP status 500 (expected: 400) [SWS-976]

Open gregturn opened this issue 9 years ago • 2 comments

Andrei Kuznetsov opened SWS-976 and commented

Hi all,

When client sends invalid SOAP11 request (valid XML violating XSD), the server responds with SOAP Fault message (which contains all XSD violations), and HTTP status 500 (expected HTTP status 400). This is applicable only to SOAP11 clients. IMO, the problem is in the following lines of code:

if (SOAPConstants.SOAP_SENDER_FAULT.equals(faultCode)) {
	getHttpServletResponse()
			.setStatus(HttpTransportConstants.STATUS_BAD_REQUEST);
}
else {
	getHttpServletResponse()
			.setStatus(HttpTransportConstants.STATUS_INTERNAL_SERVER_ERROR);
}

As you can see, in SOAP11 all failures will be mapped to STATUS_INTERNAL_SERVER_ERROR, because SOAP11 and SOAP12 have different QNames for client/sender errors:

{http://schemas.xmlsoap.org/soap/envelope/}Client

{http://www.w3.org/2003/05/soap-envelope}Sender

Note, that SOAPConstants.SOAP_SENDER_FAULT is not equal to SOAP11 client fault, it only equals to SOAP12 sender fault.

Thanks, Andrei

Affects: 2.3.0, 2.4.0

gregturn avatar Nov 29 '16 16:11 gregturn

jaminh commented

According to https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383529 all errors in SOAP version 1.1 should result in a 500 status code, so this is the correct behavior.

gregturn avatar Dec 01 '16 00:12 gregturn

Andrei Kuznetsov commented

My bad. You are right. Please reject the issue.

gregturn avatar Dec 01 '16 14:12 gregturn