Dennis Sosnoski wrote:
>
> But just because it's forbidden by WS-I BP doesn't mean it should not be
> supported by CXF. If industry groups have designed their WSDLs to be
> non-compliant with WS-I BP that's their choice, and I don't think it's
> CXF's place to be telling them they don't know what they're doing. A
> warning that they're violating WS-I BP would be the best way of handling
> this type of WSDL.
>
> - Dennis
>
I agree with you in theory, but with a safety concern. Let's say this is a
health care web service which involves using the same input request messages
for GivePatientAVitamin(patientID) and
PrintPatientsSensitiveMedicalDataInWashingtonPost(patientID). Should CXF
really allow that risky behavior? If it were just the developer's medical
data (or credit card info or whatever) that would be threatened, sure, let
him take the risks--but this is other people's data, and it's not their
fault that the developer is less rigorous. Ideally, CXF should have some
safeguards in place such that if Newbie Developer wants to use the same
input message for multiple operations that the wrong web service operations
aren't being called, perhaps by having the CXF web service refuse to
operate/activate if it is ambiguous from the {SOAP request, soapAction
header} combo which web service operation was intended.
Glen
--
View this message in context:
http://cxf.547215.n5.nabble.com/Using-the-same-SOAP-message-for-two-operations-with-different-WS-Addressing-Actions-not-allowed-tp2228236p2255422.html
Sent from the cxf-user mailing list archive at Nabble.com.
