Custom EJB sends HTTPS request with GET instead of POST
Recently, we have found an interesting error when calling a web service via Hessian protocol, and we have not found any information in Internet.
In an integration scenario, we had to invoke a web service via HTTPS and using Hessian library (version 3.2.0, more info: http://hessian.caucho.com/). Hessian is a binary protocol to improve the exchange of large messages. For example, if you are planning to exchange large messages encoded in base64 inside the body of the HTTP/SOAP request, you can try a different option using this protocol that will improve considerably the performance of the communications.
This protocol is not supported in a standard way by SAP Process Orchestration, so we had to implement a custom EJB (A java proxy) in order to invoke the web service.
After executed every possible test and analyze the network traffic, we discovered that a GET operation was sent instead of a POST (only for HTTPS, HTTP worked fine).
Finally, the explanation for this strange behavior is the following:
- The Hessian library (we have used version 3.2.0), when creating an HTTP client in the following class:
Do not establish the HTTP operation to send:
protected URLConnection sendRequest(String methodName, Object args) throws IOException
URLConnection conn = null;
conn = this._factory.openConnection(this._url);
- If the code is executed locally, the default security provider of the Java Runtime Environment is used (“SUN” provider). This provider establishes the POST operation by default for a HTTPS communication.
- On the other hand, SAP PI / PO uses the IAIK library as security provider for SSL, and the operation that is established by default for a HTTPS communication is… GET!!
That explains the error received after deploying our EJB and the Hessian library in SAP Process Orchestration.
Finally, in order to solve this issue, we had to modify the Hessian library to stablish in an explicit way the HTTP operation that we want to send:
HttpURLConnection httpConn2 = (HttpURLConnection) conn;
(Note that is required the casting to the class “java.net.HttpURLConnection” in order to have access to the method “setRequestMethod”).
To conclude, if you are going to implement a request HTTP(S) to a web service (directly or using libraries like Hessian) in Java custom code (EJB, java proxy…) over SAP PI/PO, remember to establish the HTTP operation always in an explicit way, and don’t trust in default values…