Soap message validation - can I check just the toplevel element?

Hi Team,

I have used soap message validation policy and i just need to validate the soap operation.

I do not need to validate the content of the soap body.

Below is my soap validation policy

<MessageValidation name="Api_MessageValidation_WSDL">
  <DisplayName>Api_MessageValidation_WSDL</DisplayName>
  <Properties/>
  <Element namespace="http://OnDemand-2011-03">Search</Element>
  <Element namespace="http://OnDemand-2011-03">Address</Element>
  <Element namespace="http://OnDemand-2011-03">Data</Element> <SOAPMessage/>
  <Source>request</Source>
  <ResourceURL>wsdl://OnDemand.wsdl</ResourceURL>
</MessageValidation>

the above configuration also validates the payload.

For example, if one of the tag <country> within in the /soap envelope/soap body is greater then three letters, then it will give error.

I understand that the wsdl file itself has these rules defined. But is there any way to tweak the policy so that it only validates the soap operation?

Thanks and Regards,

Gaurav Bhandari

Solved Solved
1 3 659
1 ACCEPTED SOLUTION

No, there's no way to "turn off" the payload validation in the MessageValidation policy.

When you say that you want to validate the soap operation, specifically what does that translate to, in terms of XML and HTTP headers?

There is a SOAPAction header that is sometimes used. Are you validating that?

Within the SOAP message, I suppose you would want to validate

  • the SOAP Envelope
  • the SOAP body
  • The first child element of the Body

anything else?

If so, you can use a single ExtractVariables policy, coupled with a compound Condition element and a RaiseFault policy, to do this. Here's how it will work: Configure the ExtractVariables to extract the elements for the soap Envelope and Body, and also the first child of the body. Then use the Condition to check that all of these things were successfully extracted.

Something like this:

<ExtractVariables name='EV-SOAP-Elements-1'>
  <Source>request</Source>
  <VariablePrefix>soapValidation</VariablePrefix>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <XMLPayload>
    <Namespaces>
      <Namespace prefix='soap'>http://schemas.xmlsoap.org/soap/envelope/</Namespace>
      <Namespace prefix='ns1'>http://myrequestns.org/2020/03/16</Namespace>
    </Namespaces>
    <Variable name="envelope" type="string">
      <XPath>local-name(/soap:Envelope)</XPath>
    </Variable>
    <Variable name="body" type="string">
      <XPath>local-name(/soap:Envelope/soap:Body)</XPath>
    </Variable>
    <Variable name='requestElement' type='string'>
      <XPath>local-name(/soap:Envelope/soap:Body/ns1:soapRequest1)</XPath>
    </Variable>
  </XMLPayload>
</ExtractVariables>


And this is the proxy flow.

    <Flow name="flow1">
      <!-- 
           In this scenario, all of the validation is in the EV policy;
           this includes a hardcoded namespace for the local-name and
           namespace-uri of the request element.
      -->
      <Request>
        <Step>
          <Condition>NOT (request.header.content-type = "text/xml")</Condition>
          <Name>RF-InvalidRequest-ContentType</Name>
        </Step>
        <Step>
          <Name>EV-SOAP-Elements-1</Name>
        </Step>
        <Step>
          <Condition>
            soapValidation.envelope = null OR soapValidation.body = null OR soapValidation.requestElement = null
          </Condition>
          <Name>RF-InvalidRequest</Name>
        </Step>
      </Request>


working example attached.

check-soap.zip

View solution in original post

3 REPLIES 3

No, there's no way to "turn off" the payload validation in the MessageValidation policy.

When you say that you want to validate the soap operation, specifically what does that translate to, in terms of XML and HTTP headers?

There is a SOAPAction header that is sometimes used. Are you validating that?

Within the SOAP message, I suppose you would want to validate

  • the SOAP Envelope
  • the SOAP body
  • The first child element of the Body

anything else?

If so, you can use a single ExtractVariables policy, coupled with a compound Condition element and a RaiseFault policy, to do this. Here's how it will work: Configure the ExtractVariables to extract the elements for the soap Envelope and Body, and also the first child of the body. Then use the Condition to check that all of these things were successfully extracted.

Something like this:

<ExtractVariables name='EV-SOAP-Elements-1'>
  <Source>request</Source>
  <VariablePrefix>soapValidation</VariablePrefix>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <XMLPayload>
    <Namespaces>
      <Namespace prefix='soap'>http://schemas.xmlsoap.org/soap/envelope/</Namespace>
      <Namespace prefix='ns1'>http://myrequestns.org/2020/03/16</Namespace>
    </Namespaces>
    <Variable name="envelope" type="string">
      <XPath>local-name(/soap:Envelope)</XPath>
    </Variable>
    <Variable name="body" type="string">
      <XPath>local-name(/soap:Envelope/soap:Body)</XPath>
    </Variable>
    <Variable name='requestElement' type='string'>
      <XPath>local-name(/soap:Envelope/soap:Body/ns1:soapRequest1)</XPath>
    </Variable>
  </XMLPayload>
</ExtractVariables>


And this is the proxy flow.

    <Flow name="flow1">
      <!-- 
           In this scenario, all of the validation is in the EV policy;
           this includes a hardcoded namespace for the local-name and
           namespace-uri of the request element.
      -->
      <Request>
        <Step>
          <Condition>NOT (request.header.content-type = "text/xml")</Condition>
          <Name>RF-InvalidRequest-ContentType</Name>
        </Step>
        <Step>
          <Name>EV-SOAP-Elements-1</Name>
        </Step>
        <Step>
          <Condition>
            soapValidation.envelope = null OR soapValidation.body = null OR soapValidation.requestElement = null
          </Condition>
          <Name>RF-InvalidRequest</Name>
        </Step>
      </Request>


working example attached.

check-soap.zip

Thank you so much for the repsonse. It helped.
Finally, i use the below configuration

<MessageValidation name="MessageValidation_SOAP">
  <SOAPMessage version="1.1/1.2"/>
  <Source>request</Source>
</MessageValidation>

This validated wheter the payload is correct SOAP format or not. The content type can be any of the following:

  • text/xml
  • application/xml
  • application/soap+xml

For extracting the Soap operation, i used the below

<ExtractVariables name="ExtractVariables_SoapOperation"> 
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> 
  <XMLPayload> 
    <Variable name="name" type="string"> 
      <XPath>local-name(/*[local-name() = 'Envelope']/*[local-name() = 'Body']/*[position() = 1])</XPath> 
    </Variable> 
  </XMLPayload> 
  <Source clearPayload="false">request</Source> 
  <VariablePrefix>operation</VariablePrefix> 
</ExtractVariables>

Excellent. Thanks for the followup.