[SalesForce] INVALID_SESSION_ID when calling Salesforce services from Java

We have a Java application running on glassfish that makes callouts to WebServices hosted on our SF sandbox using the Partner WSDL and the SF Web Service Connector (wsc).

Yesterday it was working just fine. Today, after we did an Instance Refresh it stopped working. Whenever the Java tries to make the callout to a SF web method, we get the following error.

INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: D78G6B4m/rAhFmb5LxHR/jNoDfMCMBPWY0jIrCGnxyE= This error usually occurs after a session expires or a user logs out.

Relevant information:

The login on SF from the Java application is successful. I can look at the information it returns (I can see it is connecting to the correct sandbox URL) and it's all correct. The login is done in the following way:

ConnectorConfig connectorConfig = new ConnectorConfig();
config.setAuthEndpoint("https://test.salesforce.com/services/Soap/u/34.0");
config.setUsername("user@email.com.sandboxname");
config.setPassword("passwordtoken");

PartnerConnection partnerConnection = new PartnerConnection(config);

I can also see on the SF user page that the login was successful, and a user session is created on Session Management.
The sandbox refresh caused the sandbox instance and URL to be changed.
(The number after CS was changed: company–preprod.cs108.my.salesforce.com)
I have tried to reset the token and modify the java code accordingly, to no avail. As I said, the login is successful, it's just the session ID that is messing things up.

In short, what I need to understand is why the login is returning an invalid session ID.

Any help is appreciated.

Best Answer

This is a pretty common problem.

After you call the login method you get a LoginResult back in the response.

That response includes the sessionId that you then need to include in the in the SessionHeader for all the subsequent API calls.

However, the LoginResult also includes a serverUrl, which is critically important to get any subsequent API calls to work.

From the docs:

serverUrl

URL of the endpoint that will process subsequent API calls. Your client application needs to set the endpoint.

That serverUrl becomes your new endpoint for any subsequent API calls.

That your code was working and is now failing after refreshing the sandbox suggests you had some fixed coding to work against the old sandbox.

The sample code in Examples Using the Partner WSDL shows this explicitly in the .NET example code with the line:

// Set the returned service endpoint URL
binding.Url = lr.serverUrl;

Yet the equivalent is conspicuously absent in the Java sample. That implies it should almost be handled implicitly by the PartnerConnection.

If you look at the source of PartnerConnection you can see that it should be doing the following with the LoginResult.

config.setServiceEndpoint(result.getServerUrl());

Maybe try a getServiceEndpoint() on the PartnerConnection after you created it to confirm it is pointing to the correct sandbox pod instance.

Related Solutions

[SalesForce] how to avoid hardcoding environment urls for salesforce api for our call ins

You should always be logging in to https://test.salesforce.com/ for sandboxes, and https://login.salesforce.com/ for production instances. Your firewall should likewise be configured to allow connections to https://*.salesforce.com/. This is to allow load balancing, future expansions, etc. Edit: The login response includes a serverUrl that should be used for all future requests. Your client should be resetting the endpoint after logging in.

Edit 2, Code Sample

I wrote up an example login script using Visual Studio 2008. It took me some time to find a syntax that worked, because C# created bindings that were not like the examples on the developer site Quick Start.

Here's my basic example (no error checking):

        // Create a client
        SforceService.SoapClient client = new ForceTools.SforceService.SoapClient();
        // Attempt to login. You should catch faults/exceptions.
        // The two nulls are headers I'm not using.
        SforceService.LoginResult lr = client.login(null, null, username, password);
        // Create a session header for future calls.
        SforceService.SessionHeader sh = new ForceTools.SforceService.SessionHeader();
        // Assign a session ID.
        sh.sessionId = lr.sessionId;
        // We need to reset the Endpoint. For some reason, C# wouldn't let me actually
        // set a new client.Endpoint.Address value, so I just trashed the original
        // client and created a new one with the reset URL.
        client = new ForceTools.SforceService.SoapClient("Soap", lr.serverUrl);
        // Now I can do things like query. Those nulls are various headers I could set.
        SforceService.QueryResult qr = client.query(sh, null, null, null, null, "SELECT Id FROM Account");

This successfully returned records from my demo org. This binding was the partner.wsdl; I assume the Enterprise WSDL is easier to work with. If you find a better way get this to work (e.g. actually be able to set the Endpoint without re-initializing the entire client), I'd be glad to see it.

[SalesForce] Invalid Session id in Wsdl2Apex

You will need to correctly set the SessionHeader on the instance of CaseCreationUtility.CS_CaseCreationUtility. You don't need to set the session id in the inputHttpHeaders_x map.

E.g.

CaseCreationUtility.CS_CaseCreationUtility stub = new CaseCreationUtility.CS_CaseCreationUtility();
ts.SessionHeader = new CaseCreationUtility.SessionHeader_element();
ts.SessionHeader.sessionId = oauth.access_token;

You may also need to adjust the endpoint URL if it differs from the Org that it was generated from.

// You will need to set the instance (here na5) 
// to match the origin of the sessionId
ts.endpoint_x = 'https://na5.salesforce.com/services/Soap/class/OptionalNamespaceHere/CaseCreationUtility';

The requested oAuth session id should have the full or api scopes to be able to access the web service. The session should be to the same org where the Apex web service is implemented.

If it doesn't work initially with the oAuth derived session, try getting the web session id from the sid cookie or via anonymous Apex with UserInfo.getSessionId().

Best Answer

serverUrl

Related Solutions

[SalesForce] how to avoid hardcoding environment urls for salesforce api for our call ins

[SalesForce] Invalid Session id in Wsdl2Apex

Related Topic