on 05-17-2018 7:57 AM
We have enhanced a .xsd file with descriptions for the expected data type, the expected length and so on.
WSDL looks fine, example:
<xs:simpleType name="CAMPAIGN_ID">
<xs:restriction base="xs:string">
<xs:maxLength value="12" />
<xs:minLength value="10" />
<xs:pattern value="[C-]+[0-9]{8,}" />
</xs:restriction>
</xs:simpleType>
...but it has no effect. How can I activate validation at the web service endpoint?
I guess this should be done in some tomcat configuration. I could not find a hint in the SAP documentation.
Best regards, Martin
Hi Akhilesh Kiran,
I need to harden the web service against attackers, i. e. code injection, overflowing etc.
Therefore the check should be done close to the web service endpoint. We are using the preconfigured tomcat that comes with Data Services. I am wondering, if the tomcat can handle the validation.
Best regards, Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin Nolte,
If you want to handle the restriction type based on your regex of records in the SAP Data Services. You can create a Custom Validation function based on the restriction type and you can use that custom function in the Validation Transform. You can handle the data with the fail and pass outputs. The whole scenario is based on the SAP Data Services Perspective to capture the valid and invalid records from the source. I hope this will help you out.
Thanks & Regards,
Akhilesh Kiran N.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marcus,
thanks for the hint.
I tried it and now the job does the validation - and terminates due to error as expected, example:
XML parser failed: Error <value '00001467' does not match regular expression facet '[C-]+[0-9]{8,}'
But that might not fullfill the security requirement. Web service requests must be validated at the web service endpoint. In my understanding, this should be done in the web server, i. e. Tomcat.
Best regards, Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin,
you can enable the validation in the settings of you input or output message of your (real-time) dataflow:
Best regards
Marcus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.