cancel
Showing results for 
Search instead for 
Did you mean: 

Real-time Service: validate requests against detailed WSDL specification

martin_nolte
Discoverer
0 Kudos

We have enhanced a .xsd file with descriptions for the expected data type, the expected length and so on.

WSDL looks fine, example:

  <xs:simpleType name="CAMPAIGN_ID">
    <xs:restriction base="xs:string">
      <xs:maxLength value="12" /> 
      <xs:minLength value="10" /> 
      <xs:pattern value="[C-]+[0-9]{8,}" /> 
  </xs:restriction>
  </xs:simpleType>

...but it has no effect. How can I activate validation at the web service endpoint?

I guess this should be done in some tomcat configuration. I could not find a hint in the SAP documentation.

Best regards, Martin

Accepted Solutions (0)

Answers (4)

Answers (4)

martin_nolte
Discoverer
0 Kudos

Hi Akhilesh Kiran,

I need to harden the web service against attackers, i. e. code injection, overflowing etc.

Therefore the check should be done close to the web service endpoint. We are using the preconfigured tomcat that comes with Data Services. I am wondering, if the tomcat can handle the validation.

Best regards, Martin

akhileshkiran
Contributor
0 Kudos

Hi Martin Nolte,

If you want to handle the restriction type based on your regex of records in the SAP Data Services. You can create a Custom Validation function based on the restriction type and you can use that custom function in the Validation Transform. You can handle the data with the fail and pass outputs. The whole scenario is based on the SAP Data Services Perspective to capture the valid and invalid records from the source. I hope this will help you out.

Thanks & Regards,

Akhilesh Kiran N.


martin_nolte
Discoverer
0 Kudos

Hi Marcus,

thanks for the hint.

I tried it and now the job does the validation - and terminates due to error as expected, example:

XML parser failed: Error <value '00001467' does not match regular expression facet '[C-]+[0-9]{8,}'

But that might not fullfill the security requirement. Web service requests must be validated at the web service endpoint. In my understanding, this should be done in the web server, i. e. Tomcat.

Best regards, Martin

MarcusZwirner
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Martin,

you can enable the validation in the settings of you input or output message of your (real-time) dataflow:

Best regards
Marcus