The built-in PHP extension for SOAP doesn't validate everything in the incoming SOAP request against the XML Schema in the WSDL. It does check for the existence of basic entities, but when you have something complicated like simpleType restrictions the extension pretty much ignores their existence.
SOAP的内置PHP扩展不会根据WSDL中的XML Schema验证传入SOAP请求中的所有内容。它确实检查了基本实体的存在,但是当你有像simpleType限制这样复杂的东西时,扩展几乎忽略了它们的存在。
What is the best way to validate the SOAP request against XML Schema contained in the WSDL?
验证WSDL中包含的XML Schema的SOAP请求的最佳方法是什么?
5 个解决方案
#1
3
Been digging around on this matter a view hours. Neither the native PHP SoapServer nore the NuSOAP Library does any Validation. PHP SoapServer simply makes a type cast. For Example if you define
一直在挖掘这个问题。本机PHP SoapServer都没有NuSOAP库进行任何验证。 PHP SoapServer只是进行类型转换。例如,如果您定义
<xsd:element name="SomeParameter" type="xsd:boolean" />
and submit
<get:SomeParameter>dfgdfg</get:SomeParameter>
you'll get the php Type boolean (true)
你会得到php Type boolean(true)
NuSOAP simply casts everthing to string although it recognizes simple types:
虽然它可以识别简单类型,但NuSOAP只是将其转换为字符串:
from the nuSOAP debug log:
来自nuSOAP调试日志:
nusoap_xmlschema: processing typed element SomeParameter of type http://www.w3.org/2001/XMLSchema:boolean
So the best way is joelhardi solution to validate yourself or use some xml Parser like XERCES
因此,最好的方法是使用joelhardi解决方案来验证自己或使用像XERCES这样的xml解析器
#2
4
Besides the native PHP5 SOAP libs, I can also tell you that neither the PEAR nor Zend SOAP libs will do schema validation of messages at present. (I don't know of any PHP SOAP implementation that does, unfortunately.)
除了原生PHP5 SOAP库之外,我还可以告诉你,PEAR和Zend SOAP库都不会对目前的消息进行模式验证。 (遗憾的是,我不知道任何PHP SOAP实现。)
What I would do is load the XML message into a DOMDocument object and use DOMDocument's methods to validate against the schema.
我要做的是将XML消息加载到DOMDocument对象中,并使用DOMDocument的方法来验证模式。
#3
1
Typically one doesn't validate against the WSDL. If the WSDL is designed properly there should be an underlying xml schema (XSD) to validate the body of the request against. Your XML parser should be able to do this.
通常,不会对WSDL进行验证。如果WSDL设计得当,那么应该有一个底层的xml架构(XSD)来验证请求的主体。您的XML解析器应该能够执行此操作。
The rest is up to how you implement the web service and which SOAP engine you are using. I am not directly familiar with the PHP engine. For WSDL/interface level "validation" I usually do something like this:
其余的取决于您如何实现Web服务以及您正在使用的SOAP引擎。我不是直接熟悉PHP引擎。对于WSDL /接口级别“验证”,我通常会这样做:
- Does the body of the request match a known request type and is it valid (by XSD)?
- Does the message make sense in this context and can i map it to an operation/handler?
- If so, start processing it
- Otherwise: error
请求的主体是否与已知的请求类型匹配并且是否有效(通过XSD)?
消息在此上下文中是否有意义,是否可以将其映射到操作/处理程序?
如果是,请开始处理它
#4
-1
I was not able to find any simple way to perform the validation and in the end had validation code in the business logic.
我无法找到任何简单的方法来执行验证,最后在业务逻辑中有验证代码。
#5
-3
Some time ago I've create a proof of concept web service with PHP using NuSOAP. I don't know if it validates the input, but I would assume it does.
前段时间我使用NuSOAP用PHP创建了一个概念验证Web服务。我不知道它是否验证了输入,但我认为它确实如此。
#1
3
Been digging around on this matter a view hours. Neither the native PHP SoapServer nore the NuSOAP Library does any Validation. PHP SoapServer simply makes a type cast. For Example if you define
一直在挖掘这个问题。本机PHP SoapServer都没有NuSOAP库进行任何验证。 PHP SoapServer只是进行类型转换。例如,如果您定义
<xsd:element name="SomeParameter" type="xsd:boolean" />
and submit
<get:SomeParameter>dfgdfg</get:SomeParameter>
you'll get the php Type boolean (true)
你会得到php Type boolean(true)
NuSOAP simply casts everthing to string although it recognizes simple types:
虽然它可以识别简单类型,但NuSOAP只是将其转换为字符串:
from the nuSOAP debug log:
来自nuSOAP调试日志:
nusoap_xmlschema: processing typed element SomeParameter of type http://www.w3.org/2001/XMLSchema:boolean
So the best way is joelhardi solution to validate yourself or use some xml Parser like XERCES
因此,最好的方法是使用joelhardi解决方案来验证自己或使用像XERCES这样的xml解析器
#2
4
Besides the native PHP5 SOAP libs, I can also tell you that neither the PEAR nor Zend SOAP libs will do schema validation of messages at present. (I don't know of any PHP SOAP implementation that does, unfortunately.)
除了原生PHP5 SOAP库之外,我还可以告诉你,PEAR和Zend SOAP库都不会对目前的消息进行模式验证。 (遗憾的是,我不知道任何PHP SOAP实现。)
What I would do is load the XML message into a DOMDocument object and use DOMDocument's methods to validate against the schema.
我要做的是将XML消息加载到DOMDocument对象中,并使用DOMDocument的方法来验证模式。
#3
1
Typically one doesn't validate against the WSDL. If the WSDL is designed properly there should be an underlying xml schema (XSD) to validate the body of the request against. Your XML parser should be able to do this.
通常,不会对WSDL进行验证。如果WSDL设计得当,那么应该有一个底层的xml架构(XSD)来验证请求的主体。您的XML解析器应该能够执行此操作。
The rest is up to how you implement the web service and which SOAP engine you are using. I am not directly familiar with the PHP engine. For WSDL/interface level "validation" I usually do something like this:
其余的取决于您如何实现Web服务以及您正在使用的SOAP引擎。我不是直接熟悉PHP引擎。对于WSDL /接口级别“验证”,我通常会这样做:
- Does the body of the request match a known request type and is it valid (by XSD)?
- Does the message make sense in this context and can i map it to an operation/handler?
- If so, start processing it
- Otherwise: error
请求的主体是否与已知的请求类型匹配并且是否有效(通过XSD)?
消息在此上下文中是否有意义,是否可以将其映射到操作/处理程序?
如果是,请开始处理它
#4
-1
I was not able to find any simple way to perform the validation and in the end had validation code in the business logic.
我无法找到任何简单的方法来执行验证,最后在业务逻辑中有验证代码。
#5
-3
Some time ago I've create a proof of concept web service with PHP using NuSOAP. I don't know if it validates the input, but I would assume it does.
前段时间我使用NuSOAP用PHP创建了一个概念验证Web服务。我不知道它是否验证了输入,但我认为它确实如此。