Q

Application servers processing SOAP requests

A SearchWebServices.com member asks one of our experts, "When an application server gets a SOAP request, what namespaces/schemas does it use to parse it?"

When an application server gets a SOAP request, what namespaces/schemas does it use to parse it? Does it rely on SOAP message data or WSDL?

The exact process by which the application server processes the SOAP request is dependent on the server in question. I don't know of any SOAP servers, though, that use WSDL at runtime to process requests. WSDL doesn't provide the information that a server needs to know to process requests. WSDL is used on the client side, as described below.

Typically, when you deploy the service you supply a configuration file that tells the server how to process requests sent to the service. The configuration file indicates information such as:

  • which methods should be invoked in what sequence to process SOAP header entries and to perform other system-level functions, such as authentication, authorization, auditing, logging, decryption, decompression, etc.
  • a WSDL operation name maps to an object method name
  • an XML type maps to a class using a particular set of serializers and deserializers

None of this configuration information is dynamic in nature.

Rogue schemas could pose a more serious threat than rogue WSDLs. If you indicate that you want to validate an incoming request, then the server loads the schema at runtime and uses it for validation. The validation process is often not under the direct control of the SOAP server; it's typically performed by a "handler" -- often written by a developer. You should establish policies within your organization to prevent use of "wild" schemas for validation.

Many client-side SOAP toolkits use WSDL at runtime to support dynamic binding and dynamic invocation. If you view this practice as too strong a security threat, then you should be able to disable dynamic processing and force clients to use only precompiled stubs.

This was first published in July 2005

Dig deeper on XML and XML schema

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close