Hi Sneha,
I assume when you say that you are injecting some attack patterns , you make a call to the service after that, right ? If the attack pattern is not a valid input then the WS will throw faults, otherwise it will return back a response or fault depending upon the WS implementation. You can get hold of this SOAP Message in any of the client handlers and then validate the SOAP Message against a WSDL since you know the WSDL and also the operation. Of course I think this needs to be done by using the WSDL API's and recursing through each soap elements. Hope this helps Thanks Dhanush From: Sneha Nikum [mailto:[email protected]] Sent: Tuesday, March 17, 2009 4:03 PM To: [email protected] Subject: Re: Regarding validating SOAP responses against the WSDL Hi Guys, Thanks for your replies. My use case is as follows: I get a WSDL (I know it before hand) and using Axis 2.0 i get the various operations that the WSDL supports. The further I select a operation out of the various operations the WSDL supports and create a request for the same and send it to the service with the input parameters filled. When I fill the parameters, I might inject some attack patterns to test the service for vulnerabilities. When I get the response, I would like to validate it with the given WSDL, to see the effect the injected attack pattern created on the service. For this particular use case I want to do a validation of the SOAP response against the WSDL file. Hope the use case is clear now. Please do let me know if there are ways to achieve the same. Thanks Sneha On Tue, Mar 17, 2009 at 3:38 PM, Dhanush Gopinath <[email protected]> wrote: Hi, I am not sure if there are any Axis API's for the same (I do not think so). I can tell you a similar way in which I constructed a predefined SOAP response after parsing the WSDL and Schema. What I will get as input is the operation name and target namespace. >From that I get the wsdl from my DB and the parse it (including the schemas) and then construct the SOAP Message Response. To fill this soap message I have output parameters of the operation already populated. So similarly you can do something of this sort to validate the SOAP response. But I am afraid there are any single API's in Axis. Thanks Dhanush From: Sneha Nikum [mailto:[email protected]] Sent: Tuesday, March 17, 2009 3:02 PM To: [email protected] Subject: Re: Regarding validating SOAP responses against the WSDL Hi All, I am stuck up at this place. Please please do help me with this problem. Please do reply with the solutions to the query Thanks Sneha On Mon, Mar 16, 2009 at 2:42 PM, Sneha Nikum <[email protected]> wrote: Hi, I want to validate the SOAP response structure against the structure of that response in the WSDL file. Are there any Axis APIs that would help me in achieving this task? Please let me know if there are any APIs that would help me do the above task
