Hi All,
Any updates on findings on how this could be achieved. I am really
stuck up at this and need urgent help for the same.
I am using a WSDL file and invoking a method of the web service.
What I want to do is validate the obtained SOAP response message
against the WSDL file.
Pleaseeeeeeeeeeeeee do help me. I am stuck at this and am not able to
proceed further.
Thanks
Sneha
On Tue, Mar 17, 2009 at 5:19 PM, Sneha Nikum <[email protected]
<mailto:[email protected]>> wrote:
Hi Dhanush,
Yes i do make a call to te service.
You are right I would need some APIs for it.. but ,y question is
are there such APIs and if there are such APIs please let me know
which APIs can be used to achieve this.
Thanks
Sneha
On Tue, Mar 17, 2009 at 4:51 PM, Dhanush Gopinath
<[email protected] <mailto:[email protected]>>
wrote:
Hi Sneha,
I assume when you say that you are injecting some attack
patterns , you make a call to the service after that, right ?
If the attack pattern is not a valid input then the WS will
throw faults, otherwise it will return back a response or
fault depending upon the WS implementation. You can get hold
of this SOAP Message in any of the client handlers and then
validate the SOAP Message against a WSDL since you know the
WSDL and also the operation. Of course I think this needs to
be done by using the WSDL API’s and recursing through each
soap elements.
Hope this helps
Thanks
Dhanush
*From:* Sneha Nikum [mailto:[email protected]
<mailto:[email protected]>]
*Sent:* Tuesday, March 17, 2009 4:03 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: Regarding validating SOAP responses against the
WSDL
Hi Guys,
Thanks for your replies.
My use case is as follows:
I get a WSDL (I know it before hand) and using Axis 2.0 i get
the various operations that the WSDL supports.
The further I select a operation out of the various operations
the WSDL supports and create a request for the same and send
it to the service with the input parameters filled.
When I fill the parameters, I might inject some attack
patterns to test the service for vulnerabilities.
When I get the response, I would like to validate it with the
given WSDL, to see the effect the injected attack pattern
created on the service.
For this particular use case I want to do a validation of the
SOAP response against the WSDL file.
Hope the use case is clear now.
Please do let me know if there are ways to achieve the same.
Thanks
Sneha
On Tue, Mar 17, 2009 at 3:38 PM, Dhanush Gopinath
<[email protected]
<mailto:[email protected]>> wrote:
Hi,
I am not sure if there are any Axis API’s for the same (I do
not think so).
I can tell you a similar way in which I constructed a
predefined SOAP response after parsing the WSDL and Schema.
What I will get as input is the operation name and target
namespace.
From that I get the wsdl from my DB and the parse it
(including the schemas) and then construct the SOAP Message
Response.
To fill this soap message I have output parameters of the
operation already populated.
So similarly you can do something of this sort to validate the
SOAP response. But I am afraid there are any single API’s in Axis.
Thanks
Dhanush
*From:* Sneha Nikum [mailto:[email protected]
<mailto:[email protected]>]
*Sent:* Tuesday, March 17, 2009 3:02 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: Regarding validating SOAP responses against the
WSDL
Hi All,
I am stuck up at this place.
Please please do help me with this problem. Please do reply
with the solutions to the query
Thanks
Sneha
On Mon, Mar 16, 2009 at 2:42 PM, Sneha Nikum
<[email protected] <mailto:[email protected]>> wrote:
Hi,
I want to validate the SOAP response structure against the
structure of that response in the WSDL file.
Are there any Axis APIs that would help me in achieving this task?
Please let me know if there are any APIs that would help me do
the above task
--
Sneha Anil Nikum
Don't get even with people
get AHEAD of them!
