Solved: Validate request body against xsd

Report Inappropriate Content · 04-23-2015 08:38 AM

I am trying to validate an incoming message body against a fairly complicated xsd which is split across multiple files.

I am using a MessageValidation policy as below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageValidation async="false" continueOnError="false" enabled="true" name="Validate_OTAHotelAvailNotifRQ">
    <DisplayName>Validate_OTAHotelAvailNotifRQ</DisplayName>
    <FaultRules/>
    <Properties/>
    <Element namespace="http://www.opentravel.org/OTA/2003/05">OTA_HotelAvailNotifRQ</Element>
    <Source>request</Source>
    <ResourceURL>xsd://flat_OTA_HotelAvailNotifRQ.xsd</ResourceURL>
</MessageValidation>

The XSD is long but is valid and everything deploys ok.

I POST a message body which should definitely fail the schema validation, but it still lets the request through to my back end system. I have attached the xdd in question...

A sample request follows:

<OTA_HotelRatePlanNotifRQ EchoToken="066a1aed-5d19-49e4-8f4eda0ce8aabc3e" TimeStamp="2014-09-23T09:27:14.3852503Z" Version="2.001" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.opentravel.org/OTA/2003/05">
  <Rubbish>
  </Rubbish>
</OTA_HotelRatePlanNotifRQ>

flat-ota-hotelrateplannotifrqxsd.zip

Report Inappropriate Content

Doh - silly mistake!

You have to set the Content-Type header to be application/xml for the validate message policy to trigger.

View solution in original post

Report Inappropriate Content

@Andrew Braithwaite, have you tried the Trace tab to see what happens when the policy executes? If you start a trace session, invoke the API, and click on the MessageValidation policy in the Trace view, you should be able to see the results of the validation. You can refer to http://apigee.com/docs/api-services/content/using-trace-tool-0 for guidance.

Report Inappropriate Content

Doh - silly mistake!

You have to set the Content-Type header to be application/xml for the validate message policy to trigger.

Report Inappropriate Content

Not an uncommon oversight - good catch and useful to the community that you posted your fix. Thanks!

Report Inappropriate Content

@Andrew Braithwaite

When I try to validate the incoming request message against the XSD, the policy is failing stating that a SOAP message is mandatory. I am looking at validating an XML instead of a SOAP message. What could the issue be?

Following are the details of my SOAP message validation proxy :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageValidation async="false" continueOnError="false" enabled="true" name="validate-message">
    <DisplayName>validate-message</DisplayName>
    <Properties/>
    <Element namespace="http://shiporder.com">shiporder</Element>
    <SOAPMessage/>
    <Source>request</Source>
    <ResourceURL>xsd://validate-message.xsd</ResourceURL>
</MessageValidation>

Report Inappropriate Content

@Priya Sundararajan

This works for us:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageValidation async="false" continueOnError="false" enabled="true" name="Validate_OTA_HotelAvailNotifRQ">
    <DisplayName>Validate_OTA_HotelAvailNotifRQ</DisplayName>
    <FaultRules/>
    <Properties/>
    <Element namespace="http://www.opentravel.org/OTA/2003/05">OTA_HotelAvailNotifRQ</Element>
    <Source>message</Source>
    <ResourceURL>xsd://OTA_HotelAvailNotifRQ.xsd</ResourceURL>
</MessageValidation>

We have no <SOAPMessage> element, and the <Source> is set to request.

We haven't change it for a year, so I guess the schema might have changed in the meantime.

The problem we had was not setting the content-type header to application/xml.

Report Inappropriate Content

and one more point just remove the

in the validate policy and add the header as said above,

If you want to validate xml against xsd u have to follow two steps

1. header should be Content-type=application/xml

2. remove this tag

in the validate policy

Note: it worked for me

Report Inappropriate Content

Hi

thanks for all this. I've got a minimal example that I can't make work.

the xsd is

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
           xmlns:caps="http://xx.com/capsws"
           targetNamespace="http://xx.com/capsws">


  <xs:element name="completeApplicationRequest">
    <xs:complexType>
      <xs:sequence>
        <xs:element name="ApplicationId" type="xs:int" maxOccurs="1" minOccurs="1" />
      </xs:sequence>
    </xs:complexType>
  </xs:element>
</xs:schema>

the policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageValidation async="false" continueOnError="false" enabled="true" name="Valid.CompleteApplication">
  <DisplayName>Valid.CompleteApplication</DisplayName>
  <Properties/>
  <Element namespace="http://xx.com/capsws">completeApplicationRequest</Element>
  <Source>request</Source>
  <ResourceURL>xsd://caps.xsd</ResourceURL>
</MessageValidation>

the POST body:

<completeApplicationRequest xmlns="http://xx.com/capsws">
  <ApplicationId>77</ApplicationId>
</completeApplicationRequest>

I've tried adding various incantations of

<?xml version="1.0" encoding="UTF-8"?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"

etc in the request, no luck.

I always get:

{"fault":{"faultstring":"Valid.CompleteApplication failed with reason: \"Element name mismatch. Wildcard? [Line 2]\"","detail":{"errorcode":"steps.messagevalidation.Failed"}}}

I'm stumped. If someone can help I'd be very grateful !

Thank you

Freddie

Report Inappropriate Content

Was there ever a resolution to this. I'm having the same issue and not finding a fix to the problem.

nickdanger

Try removing the <Element> element. If you're validating against an XSD, you shouldn't need it.

yuriyl

> fairly complicated xsd which is split across multiple files.

If you are still interested to implement validation against multiple file schema fragments, you can try this callout:

https://github.com/yuriylesyuk/edge-soap-validate