Working with Response Messages for the Security Authorization Service
This section discusses how to:
Read authorization status in response messages.
Evaluate response messages that contain multiple responses.
Read validation and error information in response messages.
An authorization service response message contains the element ACCESS which can contain the following values:
T. User can access the content reference, menu, pagelet, query, iScript or row-level data.
F. User is denied access to the content reference, menu, pagelet, query, iScript or row-level data.
If the request message has three (3) PARAMS elements that correspond to three (3) requests, the response message also contains three (3) PARAMS elements. Each PARAMS element in the response message contains an ACCESS element to convey the authorization status for each corresponding request.
In cases where there are multiple sub requests in a single request, the sub responses do not appear in the same order in the response message as the sub requests in the request message. Use the SERVICEID element value to map the sub responses to the sub requests.
The following examples show how the SERVICEID element maps sub-requests to sub-responses:
The following example shows requests in the order SVC_1, SVC_2, and SVC_3:
<PARAMARRAY>
<PARAMS>
<SERVICEID>SVC_1</SERVICEID>
</PARAMS>
<PARAMS>
<SERVICEID>SVC_2</SERVICEID>
</PARAMS>
<PARAMS>
<SERVICEID>SVC_3</SERVICEID>
</PARAMS>
<PARAMARRAY>
The following example shows that the PARAMS elements in the response are not in the same order as in the request:
<PARAMARRAY>
<PARAMS>
<SERVICEID>SVC_3</SERVICEID>
<ACCESS>F</ACCESS>
</PARAMS>
<PARAMS>
<SERVICEID>SVC_1</SERVICEID>
<ACCESS>F</ACCESS>
</PARAMS>
<PARAMS>
<SERVICEID>SVC_2</SERVICEID>
<ACCESS>F</ACCESS>
</PARAMS>
<PARAMARRAY>
Use the service ID value in each PARAMS element to map the sub responses to the sub requests.
A MSG element is contained within each PARAMS element when the system must convey validation or error information. For example, if a required element is missing from a request message, such as SERVICE_TYPE, or if an exception has occurred, a MSG element that contains information about the validation or error is included in the response.
The following example shows a response message for the authorization service. The information contained in each MSG element conveys validation or error information for the request:
<?xml version="1.0"?>
<soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http:
//schemas.xmlsoap.org/ws/2003/03/addressing/" xmlns:xsd="http://www.w3.org/
2001/XMLSchema/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/">
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.
org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401
-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>PTDMO</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<FindAccess xmlns="http://xmlns.oracle.com/Enterprise/Tools/schemas/
PTCSSecurityReq.v1">
<PARAMARRAY>
<PARAMS>
<SERVICEID>2</SERVICEID>
<SERVICE_INSTID/>
<ACCESS>F</ACCESS>
<SERVICE_TYPE>CREF</SERVICE_TYPE>
<MSG>Market name is defaulted to 'GBL'</MSG>
<MSG>Portal name is defaulted to the default portal EMPLOYEE of the node
PT_LOCAL</MSG>
<MSG>Invalid Cref</MSG>
</PARAMS>
<PARAMS>
<SERVICEID>1</SERVICEID>
<SERVICE_INSTID/>
<ACCESS>T</ACCESS>
<SERVICE_TYPE>CREF</SERVICE_TYPE>
<MSG>Market name is defaulted to 'GBL'</MSG>
<MSG>Portal name is defaulted to the default portal EMPLOYEE of the node
PT_LOCAL</MSG>
<MSG>Basic Security Cleared</MSG>
</PARAMS>
</PARAMARRAY>
</FindAccess>
</soapenv:Body>
</soapenv:Envelope>