Skip to Content

Real-time Service: validate requests against detailed WSDL specification

We have enhanced a .xsd file with descriptions for the expected data type, the expected length and so on.

WSDL looks fine, example:

  <xs:simpleType name="CAMPAIGN_ID">
    <xs:restriction base="xs:string">
      <xs:maxLength value="12" /> 
      <xs:minLength value="10" /> 
      <xs:pattern value="[C-]+[0-9]{8,}" /> 
  </xs:restriction>
  </xs:simpleType>

...but it has no effect. How can I activate validation at the web service endpoint?

I guess this should be done in some tomcat configuration. I could not find a hint in the SAP documentation.

Best regards, Martin

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • May 18 at 07:33 AM

    Hi Martin,

    you can enable the validation in the settings of you input or output message of your (real-time) dataflow:

    Best regards
    Marcus

    Add comment
    10|10000 characters needed characters exceeded

  • May 18 at 11:25 AM

    Hi Marcus,

    thanks for the hint.

    I tried it and now the job does the validation - and terminates due to error as expected, example:

    XML parser failed: Error <value '00001467' does not match regular expression facet '[C-]+[0-9]{8,}'

    But that might not fullfill the security requirement. Web service requests must be validated at the web service endpoint. In my understanding, this should be done in the web server, i. e. Tomcat.

    Best regards, Martin

    Add comment
    10|10000 characters needed characters exceeded

  • May 23 at 01:31 PM

    Hi Martin Nolte,

    If you want to handle the restriction type based on your regex of records in the SAP Data Services. You can create a Custom Validation function based on the restriction type and you can use that custom function in the Validation Transform. You can handle the data with the fail and pass outputs. The whole scenario is based on the SAP Data Services Perspective to capture the valid and invalid records from the source. I hope this will help you out.

    Thanks & Regards,

    Akhilesh Kiran N.


    Add comment
    10|10000 characters needed characters exceeded

  • May 24 at 07:14 AM

    Hi Akhilesh Kiran,

    I need to harden the web service against attackers, i. e. code injection, overflowing etc.

    Therefore the check should be done close to the web service endpoint. We are using the preconfigured tomcat that comes with Data Services. I am wondering, if the tomcat can handle the validation.

    Best regards, Martin

    Add comment
    10|10000 characters needed characters exceeded