Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 1 of 3
Java, Core API, & Session Keys
 
Ashley
Member
 
Total Posts:  51
Joined:  2008-07-23
 

I have written an java application which sends a request to the SOAP server in the new release 1.1.0

My application sends a login request which returns a session key. I then use this session key to send another request to get a list of categories using catalog_category.tree. The problem is that I get an access denied response in the java application but I have manually checked the generated session key using XML spy to send the same request and it works fine. I have also used XML spy to login and then used the generated session key directly in the application and I still get the same error.

Has anybody else had issues using Java and the new API? If not then what is the best way to use Java and the API. I currently setup a new SOAP message, set the envelope and body parameters, and then send the request. Do you have to use XML-RPC when using the API with Java?

This error really does not make sense as the key my application retrieves and tries to use works with XML spy after it has been generated but not the Java Application!

Any help or advice would be much appreciated

Kind Regards
Ashley

Generated Key: cdfff32024cf44cae1ec53683272da12

Generated SOAP Request (Works in XML Spy but not Java): WHY?

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:env="http://schemas.xmlsoap.org/soap/envelop/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Header/><SOAP-ENV:Body><m:call xmlns:m="urn:Magento"><sessionId xsi:type="xsd:string">cdfff32024cf44cae1ec53683272da12</sessionId><resourcePath xsi:type="xsd:string">catalog_category.tree</resourcePath><args xsi:type="xsd:string">1</args></m:call></SOAP-ENV:Body></SOAP-ENV:Envelope>
Response:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>2</faultcode><faultstring>Access denied.</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>

I have just looked through my Magento Log and have got the following error;

HEADERS ALREADY SENT: <pre>[0] /Users/ashleyswatton/Documents/Projects/magento/app/code/core/Mage/Core/Controller/Response/Http.php:44
[1] /Users/ashleyswatton/Documents/Projects/magento/lib/Zend/Controller/Response/Abstract.php:727
[2] /Users/ashleyswatton/Documents/Projects/magento/app/code/core/Mage/Core/Controller/Varien/Front.php:180
[3] /Users/ashleyswatton/Documents/Projects/magento/app/Mage.php:420
[4] /Users/ashleyswatton/Documents/Projects/magento/index.php:46

Please could somebody give some advice as there is no information anywhere about this!

 
Magento Community Magento Community
Magento Community
Magento Community
 
epromer
Member
 
Total Posts:  62
Joined:  2008-04-04
Germany, Schiffweiler
 

Hello Ashley,

i have the same problem.

Instead of soap i used XMLRPC with the apache library http://ws.apache.org/xmlrpc/ and then the login works.

Thomas

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ashley
Member
 
Total Posts:  51
Joined:  2008-07-23
 

Thanks Thomas,

I have kinda found a fix for this problem with Java though. I monitored all the http requests and responses from both my application and xml spy and noticed one fundemental difference!

xmlspy had a Cookie set in the header of the request and Magento returns a cookie in the response.

The request cookie looks like this; PHPSESSID=37cd16fa69e1dfa8ea5e26b9c1b0f967

And the response cookie looks like: magento=uzukvoy37h9v3m4rqpyn20q4vomnlsch; expires=Sat, 23-Aug-2008 08:39:47 GMT; path=/shop; domain=jkplatform

I just added the request cookie to the header of my soap message, fired the application, and got the desired result. I have noticed though that if you change the cookie value in the request to any random value (e.g. PHPSESSID=pfgfe), a correct response in still returned. I don’t know where xmlspy gets this value from though to begin with or how you would go about getting the cookie from the server.

My revised java code looks like

// Setup SOAP Message Headers
  HEADER MESSAGE.getMimeHeaders();
  
HEADER.addHeader("SOAPAction""\"urn:Mage_Api_Model_Server_HandlerAction\"");
  
HEADER.addHeader("Cookie""PHPSESSID=37cd16fa69e1dfa8ea5e26b9c1b0f967");
Does anybody know where xmlspy would get this cookie from and if the value is of relevance. Does the API just look for a cookie with the name ‘PHPSESSID’ and ignore it’s value?
 
Magento Community Magento Community
Magento Community
Magento Community
 
egwada
Jr. Member
 
Total Posts:  12
Joined:  2007-09-10
 

Hello !

I also tried to access to magento services web from java and I also had the same error. I followed your instruction about the PHPSESSID cookie and now my web service consummer can send / recieve information wtih magento.

I employ apache axis 1.4 in order to generate classes from the Wsdl. To have the PHPSESSID in the Soap header message you have to add for exemple a method which correct the “_call” in the “Stub” classe generated:

private void fixSoapAction (org.apache.axis.client.Call _callString session{
        _call
.setProperty(
                 
org.apache.axis.client.Call.SESSION_MAINTAIN_PROPERTY
            new 
Boolean(true));
        
_call.setProperty(
              
org.apache.axis.transport.http.HTTPConstants.HEADER_COOKIE2
             
"\r\nSOAPAction: " _call.getSOAPActionURI());
        
_call.setProperty(
             
org.apache.axis.transport.http.HTTPConstants.HEADER_COOKIE
             
"PHPSESSID=" session);
    
}

After you have to call this method only when you need: so you have to correct all calls of magento api except the login call:

this.fixSoapAction(_callsessionId);
I hope that can help to call magento api for java.

Cheers.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ashley
Member
 
Total Posts:  51
Joined:  2008-07-23
 

I had the need to use XML-RPC instead of SOAP because I was having problems with data binding. When moving from our development environment to our production server my application had the exact same problem even though I am now using XML-RPC.

This was overcome by attatching a http client to a Transport Factory which then gets assigned to the XmlRpcClient. You can then attatch a cookie to the httpClient and then send the request. Without doing this, Magento just says access denied to any call request such as category.tree even though the login session key was sent in the request.

This is an example of how I attatched the cookie to the XML-RPC Request.

I am using Apache XMLRPC by the way

XMLRPC_CLIENT = new XmlRpcClient();
    
    
HttpClient httpClient = new HttpClient();
    
XmlRpcCommonsTransportFactory factory = new XmlRpcCommonsTransportFactory(XMLRPC_CLIENT);
    
factory.setHttpClient(httpClient);

    
Cookie c = new Cookie();
    
c.setName("magento");
    
c.setValue(SESSION);
    
c.setDomain("aDomain.com");  // Enter Your Domain
    
c.setPath("/shop");

    
httpClient.getState().addCookie(c);
    
    
XMLRPC_CLIENT.setTransportFactory(factory);
    
   
// Use Client To Send XML-RPC Requests
 
Magento Community Magento Community
Magento Community
Magento Community
 
Ashley
Member
 
Total Posts:  51
Joined:  2008-07-23
 

Think I have finally found out why this happens! I was using file based sessions and everything was working ok with the API. We then changed to using database sessions which is when I started to recieve this error. Access denied is returned because the session is retrieved via a cookie which is not in the request and a new session is generated when the request is recieved.

I don’t think the API should work like this, but it is the only solution I can come up with to make it work. People are also having the same problems using .NET which can be fixed in same manner.

 
Magento Community Magento Community
Magento Community
Magento Community
 
celuser
Jr. Member
 
Total Posts:  15
Joined:  2008-09-10
 

I’m wondering why no one from the magento team reply to this thread.

 
Magento Community Magento Community
Magento Community
Magento Community
 
celuser
Jr. Member
 
Total Posts:  15
Joined:  2008-09-10
 

Hi egwada,

Thanks for sharing this piece of code. But it seems the line that sets the uri is also not required.

private void fixSoapAction (org.apache.axis.client.Call _callString session{
        _call
.setPropertyorg.apache.axis.client.Call.SESSION_MAINTAIN_PROPERTYBoolean.TRUE);
        
_call.setPropertyorg.apache.axis.transport.http.HTTPConstants.HEADER_COOKIE"PHPSESSID=" session);
}

Seems these two lines fix the issue.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ashley
Member
 
Total Posts:  51
Joined:  2008-07-23
 

That is a very good point, Why does nobody rom the Magento team post in this thread? I think maybe they want to sell support and a custom API is something many companies are interested in so to make money it appears they are not willing to help people with problems.

I have been using the API now since it was released and have posted problems and fixes for it but have yet to recieve any response from a Magento team member. I recall watching a video from the Magento team a few weeks ago where the origional developers stated that they read every post in the forum. If this is the case then why does nobody answer us, afterall we are only going to help make the final product better!

P.S. I’m not knocking the work of the Magento team as it is an amazing e-commerce platform and I find new features and clever functionality in it everyday, I just think that if people are making use of a new feature and are running into problems then maybe a little light should be shed on the subject by the original developers.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Killoff
Magento Team
 
Avatar
Total Posts:  17
Joined:  2008-05-22
 

Hi everybody! 

I am a bit surprised about java client problem.
There is no difference whether you send cookies in the request or not.
PHP session will start and session ID will be generated in any case.

Thus web-service client is working within a single http request, it’ll always get session ID, which used in call() method.
Even without login() method, if we have not-expired session ID.

I tested the services of storage sessions in files and database, everything was fine. Using SoapClient class, of course.
By the way, it doesn’t send Cookie header in the request.

Maybe it was smth wrong on your php server, not in java?
Will be glad to see other issues.

 
Magento Community Magento Community
Magento Community
Magento Community
 
celuser
Jr. Member
 
Total Posts:  15
Joined:  2008-09-10
 

With a Java client, Php Session cookie is received after the login request.

But the next request; say call() just fail if we do not send the PHPSESSID cookie back.

I tried with the different versions like 1.4, 1.6; but none of these has resolved the issue.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Killoff
Magento Team
 
Avatar
Total Posts:  17
Joined:  2008-05-22
 

If you get session ID after login, you can forget about cookie.
session ID is saved to API users and if you use call() method with this session ID, session is renewed by this ID
(Mage_Api_Model_Session::_renewBySessId())

So, if adding Cookie header to request helps, I think this is not a bad solution.

 
Magento Community Magento Community
Magento Community
Magento Community
 
celuser
Jr. Member
 
Total Posts:  15
Joined:  2008-09-10
 

Adding this header is not just helping, it’s the only way I found to resolve the issue.

Anyway since the login part is working on web services, can you provide us with some information on calling your web services throw Java. I have posted the question in a separate thread as well. (here)

We are stuck on trying to call magento Web services throw Java.

Any help will be appreciated.

 
Magento Community Magento Community
Magento Community
Magento Community
 
cnrx
Member
 
Total Posts:  34
Joined:  2008-07-24
 

As egwada points out, it seems that Apache Axis may be the only (other way) to accessing the API from Java via SOAP.
Of course, there’s also Ashley’s approach using Apache XMLRPC. Both have their pros and cons, mostly depending on how often the API is updated at the back end and how much work one is willing to do…
XMLRPC seems to be better in many ways, but I can’t confirm that yet.

Up until a few days ago, I was using a different platform alltogether, and after many, many, many hours of testing, I now have the confirmation of different SOAP-experts that the actual problem IS THE WSDL! (well, that’s NO news to most)
The same experts also said: ‘Well, it’s terrible that the provider {Magento} is not resolving this quickly. It’s a terrible possition for developers to find themselves in...’. That’s the word they used: ‘TERRIBLE’.

Now, let’s be fair: It is a major task Magento has undertaken and a good think for the community. However, infortmation is PARAMOUNT in projects like this. Otherwise, developers will walk away, and/or the community will break down.

I am now trying out both egwada’s and Ashley’s approaches but I’m stuck with ACL’s… It’s a small (!?!) problem perhaps, but it seems they just don’t work properly, unless the WebServices role has Role Resources -> Resource Access = ALL.
Has anyone else seen similar behaviour?

Like many others, I am eager to see what information the Magento team provides.

Best regards to all - let’s keep it up!

 
Magento Community Magento Community
Magento Community
Magento Community
 
celuser
Jr. Member
 
Total Posts:  15
Joined:  2008-09-10
 

Hi cnrx,

As you said, I’m using Axis to connect to the web services API.

However I could call the login(), getCoutryList methods.

But I’m still trying to find a way to execute the customer.add method.

A PHP sample has given the following code.

// Create new customer
$newCustomer = array(
    
'firstname'  => 'First',
    
'lastname'   => 'Last',
    
'email'      => 'test@example.com',
    
'password'   => 'password',
    
'store_id'   => 0,
    
'website_id' => 0
);
 
$newCustomerId $proxy->call($sessionId'customer.create', array($newCustomer));

But how should a Java program create the Java object for this?

I tried to create a Map with key/values like;

Map<StringStringcustomer = new HashMap<StringString>();
customer.put("firstname""User-FN-1");
customer.put("lastname""User-LN-1");
customer.put("email""email1@magento.com");

Object id service.call(sessionId"customer.create"customer);

But above does not work.

So I tried the following, but Magento is unable to extract the email, firstName, etc correctly. So Magento creates a empty customer (without any information we pass).

Object[] customer = new Object[3];
cust[0] "email@magento.com";
cust[1] "CUST-FN";
cust[2] "Cust-LN";

Object id service.call(sessionId"customer.create"customer);

Can you please let me know the way to generate the expected Customer object for magento “customer.create” ?

Thanks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
PandaWebStudio
Member
 
Avatar
Total Posts:  40
Joined:  2008-04-19
Amsterdam, Netherlands
 

@celuser

In php is

$newProductData = array(
‘name’ => ‘name of product’,
‘short_description’ => ‘short description’,
‘description’ => ‘description’,
‘price’ => 12.05
);

// Create new product
$proxy->call($sessionId, ‘product.create’, array(’simple’, $set[’set_id’], ‘sku_of_product’, $newProductData));

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 1 of 3