SOAP Web Service Errors Are Handled Externally To The ColdFusion Application Framework
A while back, I posted about how CFC and CFM pages were simply "page requests" that could easily be routed via the ColdFusion application framework. This was a very important point to understand because it allows all requests and responses to be massaged by the ColdFusion application framework. This morning, I was thinking about SOAP-based web service calls and I wondered if they were also treated in the same manner as standard CFM and CFC rest-based requests. As it turns out, this is true mostly, but not entirely:
As you can see in the above video, unlike rest-based CFM and CFC invocation, SOAP-based web service calls use error handling that is external to the standard ColdFusion application framework. Even when I define a SOAP FAULT response in my Application.cfc's OnError() event handler, the error that is ultimately returned to the SOAP request is one that the ColdFusion server defines in spite of my customized response.
I am by no means a SOAP expert (I'd say I have a very elementary understanding of SOAP-based web services); however, this behavior seems like a bug to me. I am sure that the reasoning behind this is to allow the SOAP response to be standardized - but, if my ColdFusion application framework has a way to handle error responses in a centralized fashion, and does so explicitly for all requests, it seems crazy that the SOAP response would ignore this.
Or maybe, I am just doing something completely wrong that I don't see. Let me know if there are any glaring mistakes in the code below. Here is my target Application.cfc:
Application.cfc (Of Target Web Service)
<cfcomponent
output="false"
hint="I provide application settings and event handlers.">
<cfsetting showdebugoutput="false" />
<cffunction
name="OnError"
access="public"
returntype="void"
output="true"
hint="I handle uncaught application errors.">
<!--- Define the arguments. --->
<cfargument
name="Exception"
type="any"
required="true"
hint="I am the uncaught exception."
/>
<!--- Define the local scope. --->
<cfset var LOCAL = {} />
<cfxml variable="LOCAL.SOAPResponse">
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode>ErrorCode</faultcode>
<faultstring>ErrorString</faultstring>
<detail />
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</cfxml>
<!--- Set error response code. --->
<cfheader statuscode="500" statustext="Server Error" />
<!--- Stream soap error. --->
<cfcontent
type="text/xml"
variable="#ToBinary( ToBase64( LOCAL.SOAPResponse ) )#"
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
</cfcomponent>
... and here is my web service oriented ColdFusion component:
Test.cfc
<cfcomponent
output="false"
hint="I am a test ColdFusion component.">
<cffunction
name="Test"
access="remote"
returntype="any"
returnformat="plain"
output="false"
hint="I am a test remote method.">
<!--- Throw error. --->
<cfthrow
type="Unauthorized"
message="You are not authorized to access this method."
/>
<!--- Return test string. --->
<cfreturn "I am a remote method (method: Test())." />
</cffunction>
</cfcomponent>
As you can see, the application is really small. There is nothing complicated going on - just a CFC with a single remote method and an Application.cfc with an OnError() event handler. The code that calls this web service lives in a completely separate folder with a different application (so that errors in one would not be mistaken for errors in the other). Here is my SOAP web service invocation code:
<!--- Define WSDL url. --->
<cfset strURL = (
"http://" &
CGI.server_name &
REReplace( CGI.script_name, "[^\\/]+[\\/][^\\/]+$", "", "one" ) &
"Test.cfc"
) />
<!--- Build SOAP Request XML. --->
<cfsavecontent variable="xmlRequest">
<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<Test />
</soap:Body>
</soap:Envelope>
</cfsavecontent>
<!--- Make SOAP request. --->
<cfhttp
result="objSOAPResponse"
method="post"
url="#strURL#"
username="#username#"
password="#password#">
<cfhttpparam
type="header"
name="soapaction"
value=""
/>
<cfhttpparam
type="xml"
value="#Trim( xmlRequest )#"
/>
</cfhttp>
<!--- Output the HTTP response. --->
<cfdump
var="#objSOAPResponse#"
label="CFHTTP Response"
/>
<!--- Output the SOAP Response --->
<cfdump
var="#XmlParse( objSOAPResponse.FileContent )#"
label="SOAP Response"
/>
I went over this code for a solid hour and a half this morning and simply couldn't see any placed where error handling could be changed. I would love some feedback.
Want to use code from this post? Check out the license.
Reader Comments
Ben,
Something doesn't seem right with the cfcontent tag you are using to stream the soap error response. You are setting the type to text/xml but then you are sending back binary encoded data. It seems like you should use something other than cfcontent here, perhaps just a plain cfoutput?
-Marc
@Marc,
The CFContent tag's Variable attribute only accepts binary values. Converting to binary simply allows me to stream the string value back AS the binary response.
If I run that chunk of code by itself, it returns:
Could not convert the value of type class coldfusion.xml.XmlNodeList to binary
From your tests, it may not even be getting to this code, but something does seem off.
@Marc,
Hmm, that's an odd error. ColdFusion should be implicitly converting the XML document to string when passed to the ToBase64() method. Perhaps try wrapping the XML doc in a ToString() method first:
variable="#ToBinary( ToBase64( ToString( LOCAL.SOAPResponse ) ) )#"
WOW NICE
Ben,
Did you ever find way to catch the soap errors? The soap exception is disclosing some server information and is causing us to fail a compliance audit.
Has anyone found a solution to this. Am facing the same problem and need to add custom fault details like inserting <faultinfo>
<message>Internal Error</message></faultinfo> inside fault SOAP <detail>