Enabling SOAP request validation in JBOSS 5.0 using JAX-WS

Enabling SOAP request validation in JBOSS 5.0 using JAX-WS

By default, JBoss JAX-WS Web services don’t validate SOAP requests for a valid xml or schema. This is by default to prevent performance overhead.

This may turn into a problem when developing the web service since a required attribute in the schema may not be present in the request, and the request will arrive at our service with no further notice. In many cases, this behavior is not a problem; you just need to consider that a null value may come for a required attribute in your web service.

So, why validate?

  • Enforce schema

Sometimes it is good to enforce the schema validation when the request must comply with the schema, for example, when an attribute is required, or when the request must contain a list with exactly 2 elements but no more. Basically, when the request needs to comply with the xsd of the element. Validation in these cases is an aid for development since the developer wouldn’t need to verify if the request has the required attributes.

  • Prevent default behavior

There are cases when the client can misspell a tag of the request, for example, if the request has an attribute to filter the modification of a DB using a <filter> tag. If the client misspells the request and sends a <filters> tag instead of <filter> when no validation is enabled, the server will think that the client doesn’t need any filter (JBoss will set the filter variable to null), thus altering the behavior of the processing, updating all the rows in the DB without filtering, probably leading to disaster.

Validation in JBoss

In JBoss there is a simple way to enforce validation for the Web Service SOAP requests using the @SchemaValidation annotation. In the beginning, the use of the annotation seemed to be trivial, but after some unsuccessful attempts, we realized that an extra effort was needed to get it going. This tutorial explains the simple steps needed to enable schema validation for JBoss and JAX-WS.

We start with a simple web service IMyWebService and the implementing class MyWebService, which has only one WebMethod getResponse, which receives one parameter param1. You can download the full project from here. It’s an eclipse Java project.

The parameter param1 is of class Param1 which has 2 fields:

private String param1Str;
private Integer param1Int;

After deploying the test project, using Soap UI to call the web service, we first import the wsdl from: http://localhost:8080/WSTest/WebService?wsdl

Calling the web service with the following message:

10 TestString

We can see the following log in the server console (we are just printing out the input values):

19:17:24,824 INFO [STDOUT] 1019:17:24,824 INFO [STDOUT] TestString

So far so good, but until now we didn’t add any requirements on the fields. Let’s make the param1Strattribute required by adding the following annotation in the Param1 class:

@XmlElement(required=true)public String getParam1Str() { return param1Str;}

After redeploying WSTest and running the test case again we’d expect the server to reject the message due to validation errors, but this isn’t the case. As discussed earlier, JBoss disables SOAP request validation by default.

In order to enable validation, we need to do the following steps:

  1. Create a schema file with the declared elements from the wsdl
  2. Enable @SchemaValidation pointing to the schema file

See more posts
Have a project or an idea?
Let's make it real!
Prefer a meeting?
Book a meeting or call us (512) 842 9784
Yes! Book me
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.