SOAP WSDL validation

bdraven-1
Participant II

I am configuring SOAP Validation and ran into what would be a good feature request.

if you onboard a SOAP proxies a /getWSDL option is built which is handy for obvious reasons but it would seem to me that /getWSDL could be leveraged for the validation step as well.

Given the sample SOAP Validation configuration:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageValidation async="false" continueOnError="false" enabled="true" name="SOAP-Message-Validation-1">
    <DisplayName>SOAP Message Validation-1</DisplayName>
    <Properties/>
    <!-- <Element namespace="http://svc.kp.org/PtCareSupport/PHISharing/KPHCLSPApplication/v1">reqData</Element> -->
    <SOAPMessage version="1.1/1.2"/>
    <Source>request</Source>
    <ResourceURL>wsdl://SOAP-Message-Validation-1.wsdl</ResourceURL>
</MessageValidation>

Note the resource definition of:

<ResourceURL>wsdl://SOAP-Message-Validation-1.wsdl</ResourceURL>

If I could do something along the lines of:

<ResourceURL>wsdl:// /getWSDL </ResourceURL>

The I get the following benefits:

1. No need to add the WSDL as a resource to the proxy

2. I could push soap validation to a shared flow which cannot see proxy resources at the api level and avoids having environment level scoped resources.

3. All soap wsdl validations should then be the same and can be factored into shared flow.

Seem reasonable?

0 1 790
1 REPLY 1

Yes, Bill, this seems interesting. I see what you're getting at. We appreciate the feedback and input.

The general philosophy in Apigee Edge with policies is to make re-usable small-grained building blocks. So,

  • KeyValueMapOperations gets or puts to a KVM.
  • MessageValidation validates a message against a proxy-attached resource.
  • ServiceCallout performs an HTTP message exchange with an external endpoint.

Generally, we do not combine multiple of these small-grained functions into one. For example,

  • There is no ability to configure a servicecallout policy to dynamically retrieve the HTTP URL that it should call, from a KVM
  • And today, there is no ability for a MessageValidation to perform the validation by referencing some external (even proxy-resident) location for the governing WSDL

For larger-grained units of re-use, we recommend sharedflows - which you know all about.

Your proposal - to imbue the MessageValidation policy with an ability to retrieve the WSDL dyanmically - would go counter to the small building blocks philosophy. The architects of Apigee Edge have reviewed such proposals in the past, but have repeatedly declined to adopt them, in order to keep consistent with the original design philosophy of "small building blocks".

But maybe there is a way to go a half-step toward what you'd like.

I think it would be nice to have a policy that explicitly retrieves a resource into context. The MessageValidation policy implicitly retrieves the WSDL resource from the proxy. What I'm talking about is an explicit retrieval. Maybe it's called LoadResource or something like that. After LoadResource, maybe the resource is available in a context variable, and a subsequent policy could use it or operate on it. Imagine the resource is your WSDL.... and the ResourceURL in the MessageValidation policy accepts a ref= parameter. That might be handy, and would get you part-way to what you'd like to do.

Something like LoadResource might also be useful in other cases - for example loading an XSL for the XSLT policy, or loading a URL, or a public key for use in validating a signature.

But, for now this is just an idea. I haven't seen any customers that "absolutely need" this or would benefit hugely from it. It's kinda nice-to-have, and that doesn't meet the bar for implementation at the moment.

I'm sorry I cannot give you must hope for your original suggestion. But I am glad to receive your input on the topic of how things could work better. And if you have other ideas or want to explore this one further, I'd like to hear what you have to say.