From f27ff5780d98e747742140c526fb1e3469bb5748 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Thu, 9 May 2019 15:41:19 +0200 Subject: Fix: Enable ApacheCXF's Automated Schema Validation Problem: Apache CXF does not validate incoming mzs:DeliveryRequests automatically. Per default, validation is off (performs better). However, (1) we need to validate incoming requests, and (2) automated CXF validation requires less maintenance and is expected to be more stable than manual validation. Solution: - Add @SchemaValidation annotation to @Service. - Endpoint Configuration: set WsdlLocation and ServiceName (needed to prevent parser errors; see [1]). Without those, CXF validates against generated classes and not against the WSDL spec, and generated classes do not contain format restrictions. Add a testcase with an invalid delivery request ("rejectBothProfile- AndCorporateBody") to ensure that the validator works. [1] https://stackoverflow.com/questions/2231779/cxf-and-validation-schema-restrictions-ignored --- .../at/gv/egiz/moazs/DeliveryPreprocessor.java | 39 +--------------------- 1 file changed, 1 insertion(+), 38 deletions(-) (limited to 'src/main/java/at/gv/egiz/moazs/DeliveryPreprocessor.java') diff --git a/src/main/java/at/gv/egiz/moazs/DeliveryPreprocessor.java b/src/main/java/at/gv/egiz/moazs/DeliveryPreprocessor.java index 4b62164..5f75750 100644 --- a/src/main/java/at/gv/egiz/moazs/DeliveryPreprocessor.java +++ b/src/main/java/at/gv/egiz/moazs/DeliveryPreprocessor.java @@ -26,50 +26,13 @@ public class DeliveryPreprocessor { */ public DeliveryRequestType preProcess(DeliveryRequestType request) { - validate(request); + //validate(request); return new DeliveryRequestTypeBuilder(request) .withConfig(coalesce(request.getConfig(), initDefaultConfig()).get()) .build(); } - private void validate(DeliveryRequestType request) { - validate(request.getSender()); - - notNull(request.getReceiver(), "Receiver is missing."); - notNull(request.getPayload(), "Payloads are missing."); - notNull(request.getMetaData(), "Metadata is missing."); - notNull(request.getMetaData().getAppDeliveryID(), "AppDeliveryID is missing."); - - } - - private void validate(DeliveryRequestType.Sender sender) { - notNull(sender, "Sender is missing."); - - isTrue(sender.getSenderProfile() != null ^ sender.getCorporateBody() != null , - "Either SenderProfile or CorporateBody (but not both) need to be defined."); - - if(sender.getSenderProfile() != null) - validate(sender.getSenderProfile()); - else - validate(sender.getCorporateBody()); - } - - private void validate(SenderProfile profile) { - notNull(profile.getProfileID(), "ProfileID is missing."); - } - - private void validate(CorporateBodyType body) { - notNull(body.getIdentification(), "Identification is missing."); - notNull(body.getFullName(), "FullName is missing."); - isTrue(body.getIdentification().size() > 0, "No Identification provided."); - isTrue(body.getIdentification().size() <= 1, "Too many means of Identification were provided."); - - var id = body.getIdentification().get(0); - notNull(id.getType(), "Identification Type is missing"); - notNull(id.getValue(), "Identification Value is missing"); - } - private ConfigType initDefaultConfig() { return configTypeBuilder() .withPerformQueryPersonRequest(false) -- cgit v1.2.3