Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SOAPHandler and SOAPMessageContext  RSS feed

 
Dennis Labajo
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi y'all!

Has anybody here done any coding on JAX-WS SOAPHandler and SOAPMessageContext?

With SOAPMessageContext, I'm able to capture both inbound and outbound soap messages for logging purposes and I need to be PCI compliant (e.g. mask sensitive info).

What's the best approach to doing this? Is my only option to parse the soap message and apply masking? Since we're using a lot of web services, will this impact performance?
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Dennis Labajo wrote:Has anybody here done any coding on JAX-WS SOAPHandler and SOAPMessageContext?

Yes, I have a publicly available example of a SOAP handler, using SOAPMessageContext, that implements SOAP logging, if that is of any interest.

What's the best approach to doing this? Is my only option to parse the soap message and apply masking? Since we're using a lot of web services, will this impact performance?

Have you considered/tested a XSLT transform?
I don't know about the performance, but you can implement different approaches in your handler and then load test the service that the handler is applied to using soapUI to see which solution has the best performance.
Any kind of filtering or processing will inevitably affect performance.
Best wishes!
 
Dennis Labajo
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ivan, thanks for the input. I'll look into XSLT or if I decide to use another approach and will let you know. Thanks.
 
Dennis Labajo
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way, where can I see examples of your SOAP logging?

Thanks again.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Take a look at section 9.6 in my document here: http://www.slideshare.net/krizsan/scdjws-5-study-notes-3085287
In order to download it, you only need to sign up for a free account.
Best wishes!

P.S. I do look forward to your findings what is the solution with the best performance.
 
Dennis Labajo
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
holy big moose saloon Ivan, nice document!!! anyways... i think i'm close to what i want to do however when i'm masking the part i want logged, the message i'm sending to the service gets masked as well. how can i create a copy of the message so that the message i'm sending to the service does not get masked?

thanks!
 
Dennis Labajo
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was able to figure out creating a copy... here it is:



The approach I took is traverse the soap message in the SOAPMessageContext and use regular expression to evaluate the value and mask if needed. However, I decided not to do this for all outbound messages. I selectively identify only the services I want to scan/mask and is configurable. If I don't do this and enable scan/mask for all outbound soap messages, 200-300 milliseconds gets added to the processing time. With selective scan/mask, I've only added 20-30 milliseconds to the processing time. So not bad at all.

Thanks again Ivan.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for sharing your findings!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!