各位大侠;问题是JAX Webservice通过soapUI进行安全性测试,burpsuite篡改某一字段值为16进制的00,返回异常信息,要求是服务端response里不能有异常信息,不能暴露堆栈信息;server log异常信息如下:
<Sep 16, 2015 2:36:55 PM CST> <Error> <com.sun.xml.ws.transport.http.HttpAdapter> <BEA-000000> <Couldn't create SOAP message due to exception: javax.xml.ws.WebServiceException: com.ctc.wstx.exc.WstxUnexpectedCharException: Illegal character (NULL, unicode 0) encountered: not valid in any content
at [row,col {unknown-source}]: [7,19]
com.sun.xml.ws.protocol.soap.MessageCreationException: Couldn't create SOAP message due to exception: javax.xml.ws.WebServiceException: com.ctc.wstx.exc.WstxUnexpectedCharException: Illegal character (NULL, unicode 0) encountered: not valid in any content
at [row,col {unknown-source}]: [7,19]
at com.sun.xml.ws.encoding.SOAPBindingCodec.decode(SOAPBindingCodec.java:319)
at com.sun.xml.ws.transport.http.HttpAdapter.decodePacket(HttpAdapter.java:347)
at com.sun.xml.ws.transport.http.HttpAdapter.access$400(HttpAdapter.java:101)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:670)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
Truncated. see log file for complete stacktrace
soapUI里response的错误信息如图