This tutorial describes how the API Gateway can examine the contents of an XML message to ensure that it meets certain criteria. It uses boolean XPath expressions to evaluate whether or not a specific element or attribute contains has a certain value.
For example, you can configure XPath expressions to make sure the value of an element matches a certain string, to check the value of an attribute is greater (or less) than a specific number, or that an element occurs a fixed amount of times within an XML body.
There are two ways to configure XPath expressions on this screen. Please click the appropriate link below:
To manually configure a Content Validation rule using XPath:
-
Enter a meaningful name for this XPath content filter.
-
Click the Add button to add a new XPath expression. Alternatively, you can select a previously configured XPath expression from the drop-down list.
-
In order to resolve any prefixes within the XPath expression, the namespace mappings (i.e. Prefix, URI) should be entered in the table.
As an example of how this screen should be configured, consider the following SOAP message:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" id="sig1">
...............
...............
...............
...............
</dsig:Signature>
</soap:Header>
<soap:Body>
<prod:product xmlns:prod="http://www.company.com">
<prod:name>SOA Product</prod:name>
<prod:company>Company</prod:company>
<prod:description>WebServices Security</prod:description>
</prod:product>
</soap:Body>
</soap:Envelope>
The following XPath expression evaluates to true if the
<company> element contains the value Company:
XPath Expression: //prod:company[text()='Company']
In this case, you must define a mapping for the prod namespace as follows:
In another example, the element to be examined by the XPath expression belongs to a default namespace. Consider the following SOAP message:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" id="sig1">
...............
...............
...............
...............
</dsig:Signature>
</soap:Header>
<soap:Body>
<product xmlns="http://www.company.com">
<name>SOA Product</name>
<company>Company</company>
<description>Web Services Security</description>
</product>
</soap:Body>
</soap:Envelope>
The following XPath expression evaluates to true if the
<company> element contains the value
Company:
XPath Expression: //ns:company[text()='Company']
Because the <company> element belongs to the default
(xmlns) namespace (http://www.company.com,
you must make up an arbitrary prefix (ns) for use in the
XPath expression, and assign it to http://www.company.com.
This is necessary to distinguish between potentially several default
namespaces which may exist throughout the XML message. The following
mapping illustrates this:
The XPath Wizard assists administrators in creating correct and accurate XPath expressions. The wizard enables administrators to load an XML message and then run an XPath expression on it to determine what nodes are returned. To launch the XPath Wizard, click the XPath Wizard Button on the XPath Expression dialog.
To use the XPath Wizard, enter (or browse to) the location of an XML file in the File field. The contents of the XML file are displayed in the main window of the wizard. Enter an XPath expression in the XPath field, and click the Evaluate button to run the XPath against the contents of the file. If the XPath expression returns any elements (or returns true), those elements are highlighted in the main window.
If you are not sure how to write the XPath expression, you can select an element in the main window. An XPath expression to isolate this element is automatically generated and displayed in the Selected field. If you wish to use this expression, select the Use this path button, and click OK.
