Enabling SOAP request validation in JBOSS 5.0 using JAX-WS

Category

Blog
24 December, 2014 0

By default, JBoss JAX-WS Web services don’t validate SOAP requests for a valid xml or schema. This is by default to prevent performance overhead.

This may turn into a problem when developing the web service since a required attribute in the schema may not be present in the request, and the request will arrive at our service with no further notice. In many cases, this behavior is not a problem; you just need to consider that a null value may come for a required attribute in your web service.

So, why validate?

  • Enforce schema

Sometimes it is good to enforce the schema validation when the request must comply with the schema, for example, when an attribute is required, or when the request must contain a list with exactly 2 elements but no more. Basically, when the request needs to comply with the xsd of the element. Validation in these cases is an aid for development since the developer wouldn’t need to verify if the request has the required attributes.

  • Prevent default behavior

There are cases when the client can misspell a tag of the request, for example, if the request has an attribute to filter the modification of a DB using a <filter> tag. If the client misspells the request and sends a <filters> tag instead of <filter> when no validation is enabled, the server will think that the client doesn’t need any filter (JBoss will set the filter variable to null), thus altering the behavior of the processing, updating all the rows in the DB without filtering, probably leading to disaster.

Validation in JBoss

In JBoss there is a simple way to enforce validation for the Web Service SOAP requests using the @SchemaValidation annotation. In the beginning, the use of the annotation seemed to be trivial, but after some unsuccessful attempts, we realized that an extra effort was needed to get it going. This tutorial explains the simple steps needed to enable schema validation for JBoss and JAX-WS.

We start with a simple web service IMyWebService and the implementing class MyWebService, which has only one WebMethod getResponse, which receives one parameter param1. You can download the full project from here. It’s an eclipse Java project.

The parameter param1 is of class Param1 which has 2 fields:

private String param1Str;
private Integer param1Int;

After deploying the test project, using Soap UI to call the web service, we first import the wsdl from: http://localhost:8080/WSTest/WebService?wsdl

Calling the web service with the following message:

<soapenv:Envelope xmlns:soapenv=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:type=”http://test/com/wsTest/ws/type“> <soapenv:Header/> <soapenv:Body>   <type:param1>     <param1Int>10</param1Int>     <param1Str>TestString</param1Str>   </type:param1> </soapenv:Body></soapenv:Envelope>

We can see the following log in the server console (we are just printing out the input values):

19:17:24,824 INFO [STDOUT] 1019:17:24,824 INFO [STDOUT] TestString

So far so good, but until now we didn’t add any requirements on the fields. Let’s make the param1Strattribute required by adding the following annotation in the Param1 class:

@XmlElement(required=true)public String getParam1Str() { return param1Str;}

After redeploying WSTest and running the test case again we’d expect the server to reject the message due to validation errors, but this isn’t the case. As discussed earlier, JBoss disables SOAP request validation by default.

In order to enable validation, we need to do the following steps:

  1. Create a schema file with the declared elements from the wsdl
  2. Enable @SchemaValidation pointing to the schema file

COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *

bkadmin
Wednesday December 24, 2014 - 22:12 Blog
Recent posts
From idea to deploy

When the great idea and background just isn’t enough […]

Read More…

Continue reading
11 August, 2020
Reclaim your disk space from Xcode

Do you have problems with the space on your disk? You are in the right place! This post is for […]

Read More…

Continue reading
25 June, 2020
RoR – Get your exceptions notified via Slack

Have you ever wanted to be one step ahead, and be notified of any unwanted exception before your users have […]

Read More…

Continue reading
18 October, 2018
Easy creation of a new Node + React project

Starting a new project is something everybody loves to do. However, some steps are always the same for every project. […]

Read More…

Continue reading
3 October, 2018