SOAP11: Invalid request XML causes HTTP status 500 (expected: 400) [SWS-976]

[gregturn]

Andrei Kuznetsov opened SWS-976 and commented

Hi all,

When client sends invalid SOAP11 request (valid XML violating XSD), the server responds with SOAP Fault message (which contains all XSD violations), and HTTP status 500 (expected HTTP status 400). This is applicable only to SOAP11 clients. IMO, the problem is in the following lines of code:

if (SOAPConstants.SOAP_SENDER_FAULT.equals(faultCode)) {
    getHttpServletResponse()
            .setStatus(HttpTransportConstants.STATUS_BAD_REQUEST);
}
else {
    getHttpServletResponse()
            .setStatus(HttpTransportConstants.STATUS_INTERNAL_SERVER_ERROR);
}

As you can see, in SOAP11 all failures will be mapped to STATUS_INTERNAL_SERVER_ERROR, because SOAP11 and SOAP12 have different QNames for client/sender errors:

{http://schemas.xmlsoap.org/soap/envelope/}Client

{http://www.w3.org/2003/05/soap-envelope}Sender

Note, that SOAPConstants.SOAP_SENDER_FAULT is not equal to SOAP11 client fault, it only equals to SOAP12 sender fault.

---

Thanks, Andrei

---

Affects: 2.3.0, 2.4.0

[gregturn]

jaminh commented

According to https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383529 all errors in SOAP version 1.1 should result in a 500 status code, so this is the correct behavior.

[gregturn]

Andrei Kuznetsov commented

My bad. You are right. Please reject the issue.