Hi All, Any updates on findings on how this could be achieved. I am really stuck up at this and need urgent help for the same.
I am using a WSDL file and invoking a method of the web service. What I want to do is validate the obtained SOAP response message against the WSDL file. Pleaseeeeeeeeeeeeee do help me. I am stuck at this and am not able to proceed further. Thanks Sneha On Tue, Mar 17, 2009 at 5:19 PM, Sneha Nikum <[email protected]> wrote: > Hi Dhanush, > > Yes i do make a call to te service. > > You are right I would need some APIs for it.. but ,y question is are there > such APIs and if there are such APIs please let me know which APIs can be > used to achieve this. > > Thanks > Sneha > > > On Tue, Mar 17, 2009 at 4:51 PM, Dhanush Gopinath < > [email protected]> wrote: > >> Hi Sneha, >> >> >> >> I assume when you say that you are injecting some attack patterns , you >> make a call to the service after that, right ? >> >> >> >> If the attack pattern is not a valid input then the WS will throw faults, >> otherwise it will return back a response or fault depending upon the WS >> implementation. You can get hold of this SOAP Message in any of the client >> handlers and then validate the SOAP Message against a WSDL since you know >> the WSDL and also the operation. Of course I think this needs to be done by >> using the WSDL API’s and recursing through each soap elements. >> >> >> >> Hope this helps >> >> >> >> Thanks >> >> Dhanush >> >> >> >> *From:* Sneha Nikum [mailto:[email protected]] >> *Sent:* Tuesday, March 17, 2009 4:03 PM >> >> *To:* [email protected] >> *Subject:* Re: Regarding validating SOAP responses against the WSDL >> >> >> >> Hi Guys, >> >> Thanks for your replies. >> >> My use case is as follows: >> >> I get a WSDL (I know it before hand) and using Axis 2.0 i get the various >> operations that the WSDL supports. >> >> The further I select a operation out of the various operations the WSDL >> supports and create a request for the same and send it to the service with >> the input parameters filled. >> >> When I fill the parameters, I might inject some attack patterns to test >> the service for vulnerabilities. >> >> When I get the response, I would like to validate it with the given WSDL, >> to see the effect the injected attack pattern created on the service. >> >> For this particular use case I want to do a validation of the SOAP >> response against the WSDL file. >> >> Hope the use case is clear now. >> >> Please do let me know if there are ways to achieve the same. >> >> Thanks >> Sneha >> >> On Tue, Mar 17, 2009 at 3:38 PM, Dhanush Gopinath < >> [email protected]> wrote: >> >> Hi, >> >> >> >> I am not sure if there are any Axis API’s for the same (I do not think >> so). >> >> >> >> I can tell you a similar way in which I constructed a predefined SOAP >> response after parsing the WSDL and Schema. >> >> >> >> What I will get as input is the operation name and target namespace. >> >> >> >> From that I get the wsdl from my DB and the parse it (including the >> schemas) and then construct the SOAP Message Response. >> >> >> >> To fill this soap message I have output parameters of the operation >> already populated. >> >> >> >> So similarly you can do something of this sort to validate the SOAP >> response. But I am afraid there are any single API’s in Axis. >> >> >> >> Thanks >> >> Dhanush >> >> >> >> *From:* Sneha Nikum [mailto:[email protected]] >> *Sent:* Tuesday, March 17, 2009 3:02 PM >> *To:* [email protected] >> *Subject:* Re: Regarding validating SOAP responses against the WSDL >> >> >> >> Hi All, >> >> I am stuck up at this place. >> >> Please please do help me with this problem. Please do reply with the >> solutions to the query >> >> Thanks >> Sneha >> >> On Mon, Mar 16, 2009 at 2:42 PM, Sneha Nikum <[email protected]> >> wrote: >> >> Hi, >> >> I want to validate the SOAP response structure against the structure of >> that response in the WSDL file. >> >> Are there any Axis APIs that would help me in achieving this task? >> >> Please let me know if there are any APIs that would help me do the above >> task >> >> >> >> >> >> > > > > -- Sneha Anil Nikum Don't get even with people get AHEAD of them!
