Schema Validation

Contents

Overview

The Enterprise Gateway can check that XML messages conform to the structure or format expected by the Web Service by validating those requests against XML Schemas. An XML Schema precisely defines the elements and attributes that constitute an instance XML document. It also specifies the data types of these elements to ensure that only appropriate data is allowed through to the Web Service.

For example, an XML Schema might stipulate that all requests to a particular Web Service must contain a <name> element, which contains at most a ten character string. If the Enterprise Gateway receives a message with an improperly formed <name> element, it will reject the message.

The Schema Validation filter can be found under the "Content Filtering" category of filters in the Policy Studio. Drag and drop the filter onto the policy where you want to perform schema validation. The Schema Validation filter dialog has 3 tabs, each of which will be explained in the following sections.

Schema to Use

You can select schemas from the global Schema Cache or the Web Services Repository to validate messages. The following tutorials show how to import schemas into these global stores so that they can be selected in the Schema Validation filter:

The tree hierarchy on the Schema to Use tab contains two top-level nodes: Schema Cache and Web Services Repository. When these nodes are expanded, the contained XML Schemas are displayed in a tree. Each schema has an associated checkbox, which you can use to select the schema to validate the incoming message.

Note:
If you have a WSDL file that contains an XML Schema, and you want to use this schema to validate the message, you can import the WSDL file into the Web Services Repository. The WSDL Import Wizard includes an option to automatically create a Schema Validation filter and incorporate it into the auto-generated policy. In this case, the top-level schema in the WSDL, which is imported into the Web Services Repository, is selected by default in the filter. In this way, if the schema imports other schemas, they are available to the filter at runtime when validating the message. For more details on how to import WSDL files in this manner, see the Web Services Repository topic.

Part of Message to Match

A portion of the XML message can be extracted using an XPath expression. The Enterprise Gateway can then validate this portion against the specified XML Schema. For example, administrators may only want to validate the SOAP Body part of a SOAP message. In this case, they should enter (or select) an XPath expression that identifies the SOAP Body of the message. This portion should then be validated against an XML Schema which defines the structure of the SOAP Body for that particular message.

Click on the Add or Edit buttons to add or edit an XPath expression using the Enter XPath Expression dialog. Expressions can be removed by selecting the expression in the XPath Expression dropdown and clicking the Delete button.

On the Enter XPath Expression dialog, there are two ways to configure XPath expressions. Please click on the appropriate link below for more information:

The XPath Wizard assists administrators in creating correct and accurate XPath expressions. The wizard allows administrators to load an XML message and then run an XPath expression on it to determine what nodes are returned.

Advanced

The following settings are available on the Advanced tab:

Allow RPC Schema Validation:
When the Allow RPC Schema Validation checkbox is checked, the filter will make a best attempt to validate an RPC encoded SOAP message. An RPC encoded message is defined in the WSDL as having an operation with the following characteristics:

  • The style attribute of the <soap:operation> element is set to "document".
  • The use attribute of the <soap:body> element is set to "rpc".

Take a look at Section 3.5 of the WSDL specification, which explains the possible values for these attributes.

The problem with RPC encoded SOAP messages in terms of schema validation is that the schema contained within the WSDL file does not necessarily fully define the format of the SOAP message, unlike with "document-literal" style messages, for example. With an RPC encoded operation, the format of the message can be defined by a combination of the SOAP operation name, WSDL message parts, and schema-defined types. As a result, the Schema extracted from a WSDL file may not be able to validate a message.

Another problem with RPC encoded messages is that type information is included in each element that appears within the SOAP message. In order for such element definitions to be validated by a schema, the type declarations must be removed, which is precisely what the Schema Validation filter does if the checkbox is checked on this tab. It removes the type declarations and then makes a best attempt to validate the message.

However, as explained earlier, if some of the elements in the SOAP message are actually taken from the WSDL file as opposed to the Schema (for example, when the SOAP operation name in the WSDL file is used as the wrapper element beneath the SOAP Body as opposed to a schema-defined type), the schema will not be able to validate the message.

Inline MTOM Attachments into Message:
MTOM (Message Transmission Optimization Mechanism) provides a way to send binary data to Web Services within standard SOAP messages. MTOM leverages the include mechanism defined by XOP (XML Optimized Packaging) whereby binary data can be send as a MIME attachment (similar to SOAP with Attachments) to a SOAP message. The binary data can then be referenced from within the SOAP message using the <xop:Include> element.

The following SOAP request contains a binary image that has been base64-encoded so that it can be inserted as the contents of the <image> element:

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
 <soap:Body>
  <uploadGraphic xmlns="www.example.org">
   <image>/aWKKapGGyQ=</image>
  </uploadGraphic>
 </soap:Body>
</soap:Envelope>   
      

When this message s converted to an MTOM message by the Enterprise Gateway (for example, using the Extract MTOM Content filter) the base64-encoded content from the <image> element is replaced with an <xop:Include> element. This contains a reference to a newly created MIME part that contains the binary content. The following request shows the resulting MTOM message:

POST /services/uploadImages HTTP/1.1
Host: SOAPbox
Content-Type: Multipart/Related;boundary=MIME_boundary;
    type="application/xop+xml";
    start="<mymessage.xml@example.org>";
    start-info="text/xml"

--MIME_boundary
Content-Type: application/xop+xml; 
    charset=UTF-8; 
    type="text/xml"
Content-Transfer-Encoding: 8bit
Content-ID: <mymessage.xml@example.org>

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
 <soap:Body>
  <uploadGraphic xmlns="www.example.org">
   <image>
     <xop:Include xmlns:xop='http://www.w3.org/2004/08/xop/include' 
          href='cid:http://example.org/myimage.gif'/>
   </image>
  </uploadGraphic>
 </soap:Body>
</soap:Envelope>   

--MIME_boundary
Content-Type: image/gif
Content-Transfer-Encoding: binary
Content-ID: <http://example.org/myimage.gif>

// binary octets for image

--MIME_boundary

When attempting to validate the MTOM message with an XML Schema, it is crucial that you are aware of the format of the <image> element. Will it contain the base64-encoded binary data, or will it contain the <xop:include> element with a reference to a MIME part.

For example, the XML Schema definition for <image> element might look like this:

<xsd:element name="image" maxOccurs="1" minOccurs="1"  
                type="xsd:base64Binary" 
                xmime:expectedContentTypes="*/*" 
                xsi:schemaLocation="http://www.w3.org/2005/05/xmlmime" 
                xmlns:xmime="http://www.w3.org/2005/05/xmlmime"/>
      

In this case, the XML Schema validator will expect the contents of the <image> element to be base64Binary. However, if the message has been formatted as an MTOM message, the <image> element will contain a child element, <xop:Include> that the Schema know nothing about. This will, of course, cause the schema validator to report an error and the schema validation will fail.

To resolve this issue, you can check the Inline MTOM Attachments into Message checkbox on the Advanced tab. At run-time, the schema validator will replace the value of the <xop:Include> element with the base64-encoded contents of the MIME part to which it refers. This means that the message will now adhere to the definition of the <image> element in the XML Schema, i.e. the element will contain data of type base64Binary.

This standard procedure of interpreting XOP messages is described in Section 3.2 Interpreting XOP Packages of the XML-binary Optimized Packaging (XOP) specification.

Reporting Schema Validation Errors

When a Schema validation check fails the validation errors are stored in the xsd.errors Oracle message attribute. It is possible to return an appropriate SOAP Fault to the client by writing out the contents of this message attribute.

Typically, this is done by configuring a Set Message filter to write a custom response message back to the client. The Set Message filter is placed on the failure path of the Schema Validation filter. The following sample SOAP Fault message can be entered in the Set Message filter. Notice the use of the ${xsd.errors} message attribute in the <Reason> element.

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
  <env:Body>
    <env:Fault>
      <env:Code>
        <env:Value>env:Receiver</env:Value>
        <env:Subcode>
          <env:Value xmlns:fault="http://www.Oracle.com/soapfaults">
            fault:MessageBlocked
          </env:Value>
        </env:Subcode>
      </env:Code>
      <env:Reason>
        <env:Text xml:lang="en">
          ${xsd.errors}
        </env:Text>
      </env:Reason>
      <env:Detail xmlns:fault="http://www.Oracle.com/soapfaults"
        fault:type="faultDetails">
      </env:Detail>
    </env:Fault>
  </env:Body>>
</env:Envelope>

At runtime, the actual error reported by the Schema validator is set in the message. The SOAP Fault can then be returned to the client using a Reflect filter. The following example shows a SOAP Fault containing a typical schema validation error:

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
  <env:Body>
    <env:Fault>
      <env:Code>
        <env:Value>env:Receiver</env:Value>
        <env:Subcode>
          <env:Value xmlns:fault="http://www.Oracle.com/soapfaults">
            fault:MessageBlocked
          </env:Value>
        </env:Subcode>
      </env:Code>
      <env:Reason>
        <env:Text xml:lang="en">
          [XSD Error: Unknown element 'id' (line: 2, column: 8)]
        </env:Text>
      </env:Reason>
      <env:Detail xmlns:fault="http://www.Oracle.com/soapfaults"
        fault:type="faultDetails">
      </env:Detail>
    </env:Fault>
  </env:Body>>
</env:Envelope>

The following screenshot shows how the Set Message filter can be used to return a customized SOAP Fault in a policy. If the Schema Validation filter succeeds, the message is routed on to the target Web Service. However, if the schema validation fails, the Set Message filter (called "Set Custom Fault Message") is invoked. The filter sets the contents of the xsd.errors message attribute (i.e. the schema validation errors) to the custom SOAP Fault message as seen in the example above. The Reflect filter (called "Return SOAP Fault") then writes the message back to the client.


            A Policy that returns a custom SOAP Fault to the client

A Policy that returns a custom SOAP Fault to the client