Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Richard, A Question on validating SOAP messages.  RSS feed

 
S Kumar
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the best practice with respect to validating SOAP messages? Should the data content within the SOAP Envelope be extracted and validated separately using the appropriate XMLSchemas? Or can the whole SOAP message be validated as is?

To use option 1 - one would have to extract the data content, most likely from a DOM Tree that has the whole SOAP message. There again lies another problem. There is no way in JAXP to validate a Node against an XMLSchema. The data content has to be probably serialized again and re-parsed with a validating parser. Unnecessary extra step. If there are several elements belonging to different namespaces in a single SOAP message, this would be rather painful.
TO use option 2, I assume there should be a way in JAXP or SAAJ to say that "validate content belonging to namespace A with schema A" and "validate content belonging to namespace B with schema B" etc. But I could not find one.
I had asked this question before in this forum, but could not get a convincing answer. Richard, can you please throw some light on this? Thank you for your time.
 
Richard Monson-Haefel
author
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In J2EE 1.4, SAAJ is based on DOM 2, so you can use W3C Schema validation to check the entire soap message, including the contents of the payload, to ensure that its valid. You could also build this into a Servlet filter if you are using JAX-RPC Service Endpoints, which are pojo Web service components that execute inside of a Servlet - that is more or less hidden from you but you do have access to Servlet APIs.
The question is: Do you want to do validation? On the surface validation seems like a good thing to do with every incoming message, but it may not be the best choice. W3C XML Schema validation is expensive. It takes memory and more importantly time to validate a document. If you use Doc/Literal or RPC/Literal messaging with JAX-RPC you may not need validation at all. Why? Well, JAX-RPC can map RPC/Literal and even Document/Literal messages to remote interface methods and Java beans (the properties beans, not the enterprise beans). As the JAX-RPC runtime receives SOAP messages it will attempt to map the XML payload into primitive or Java bean method parameters - if the SOAP message is structured wrong the marshalling won't work and so the message will be rejected. So the normal process of marshaling SOAP messages into method calls takes care of a lot of the validation that people usually need to do.
If you need to do more sophisticated validation, like the ranges of values or the patterns of a String, than you may need to use XML Schema Validation, but keep in mind that its costs a lot and can really slow a system down.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!