Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

header vs parameter  RSS feed

 
william kane
Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is difference of sending information in a SOAP header as compared to sending it as a part of method parameters?
For ex. If my service needs a user id to be sent as a part all the methods what is the difference in sending the user id in a header and sending the user id as a seperate parameter?
Thanks in advance
William Kane
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no general answer. It depends on where you want to process the information. If the data is in the SOAP header, you can have a JAX-RPC handler examine it, and maybe reject it. Same on the client side, a handler could add a SOAP header, but shouldn't alter the actual request.

Another consideration is how fine-grained you need the access control to be. If it's just a yes/no thing, a header would do nicely, but if different users have different permissions you might want to have that information in the service, so that you can use it for your access control.

Generally, if it feels like actual information, it goes into the request. If it feels like meta-information, that's what the SOAP headers are for. (Going off-topic, it's a similar decision as to what should be an element, and what should be an attribute in an XML document.)
 
william kane
Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
There is no general answer. It depends on where you want to process the information. If the data is in the SOAP header, you can have a JAX-RPC handler examine it, and maybe reject it. Same on the client side, a handler could add a SOAP header, but shouldn't alter the actual request.

Another consideration is how fine-grained you need the access control to be. If it's just a yes/no thing, a header would do nicely, but if different users have different permissions you might want to have that information in the service, so that you can use it for your access control.

Generally, if it feels like actual information, it goes into the request. If it feels like meta-information, that's what the SOAP headers are for. (Going off-topic, it's a similar decision as to what should be an element, and what should be an attribute in an XML document.)


Thanks Dittmer,
That reply did clear many of my queries.
If headers can used to pass information to meta information, then is information needed for authentication a good candidate for header information?If yes,does the client have to set headers or can the capabilites for client side handlers be used for the same?
Thanks again
William Kane
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's a bit of a judgement call whether auth info is meta-info. If you can handle all auth in handlers, I'd say go for it. Of course, you may need to pass on that information to another backend system, in which case I'd put it into the body.
SOAP headers can be set and read by JAX-RPC handlers. The FAQ -linked in my signature- has links to articles describing how to do this.
[ December 05, 2005: Message edited by: Ulf Dittmer ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!