SOA Security Manager Gateway Validating a SOAP Header Manifest Against the Body Root Element

Document ID : KB000024020
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

This document presents an example of the SOA Security Manager Gateway validating a SOAP header manifest against the body root element.

Ā 

Instructions:

Given the following XML:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
     xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
     xmlns:starws="http://www.starstandards.org/webservices/2005/10/starwssport">
     <soapenv:Header>
          <starws:payloadManifest>
          <starws:manifest contentID="Content0"
                   namespaceURI="http://www.starstandards.org/STAR"
                   element="ProcessPartsOrder" version="5.3.2" />
          </starws:payloadManifest>
     </soapenv:Header>
     <soapenv:Body>
          <starws:ProcessMessage>
          <starws:payload>
                <starws:content id="Content0">
                      <ns:ProcessPartsOrder
                          xmlns:ns="http://www.starstandards.org/STAR">
                      </ns:ProcessPartsOrder>
                </starws:content>
           </starws:payload>
           </starws:ProcessMessage>
      </soapenv:Body>
</soapenv:Envelope>

In this example we want to validate "ProcessPartsOrder" in the soap header against the name of element "ProcessPartsOrder". We need to see that the element with name identified by the attribute element "" and namespace identified by the attribute "namespaceURI" in the element "manifest".

This is how you could do it:

Figure 1

  1. Extract the value of the "element" and "namespaceURI" attribute using two XPath filters ("Attributes" > "Retrieve from message" filter).

    "Retrieve from message - element attribute" filter is configured as shown:

    Figure 2

    Figure 3

    "Retrieve from message - namespace attribute" filter is configured as shown:

    Figure 4

    Figure 5

  2. Use the "Utility" > "Scripting" filter to do your custom validation, based on the attributes retrieved in step1. In this case I'm just testing for the presence of the element in the given namespace:
    importPackage(Packages.org.w3c.dom);
    importPackage(Packages.com.vordel.circuit);
    importPackage(Packages.com.vordel.mime);
    importPackage(Packages.com.vordel.trace);
    function invoke(msg)
    {
        var elementName = msg.get("elementName");
        var namespaceURI = msg.get("namespaceURI");
        // look in the doc for the element
        var body = XMLBody.locate(msg);
        var doc = body.getDocument();
        var root = doc.getDocumentElement();
        var nodes = 
              root.getElementsByTagNameNS(namespaceURI, elementName);
        if ((nodes == null) || (nodes.getLength() <= 0)) {
              Trace.error("The element " + elementName  + " was not found in message");
              return false;
        }
        Trace.error("Found the element " + elementName);
        return true;      
    }
    Figure 6