WSDL and type validations

0
votes

Since WSDL specifies a section for type definitions, I wonder how this type definitions are enforced so that the message exchange will fail when the contents of the messages don't match the requested types.

According to what I have read, Web Services can exist without a WSDL (just do a quick search for "web services without wsdl"). It's not an ideal situation, but it can happen, and the Web Service can still be used as long as the consumer knows how the message is structured. If this is true, then the types defined in the WSDL are merely informative, aren't they? It seems there isn't an automatic mechanism that binds the type definitions of the WSDL with actual type validations. It seems the WSDL documentation doesn't say anything in this regard either.

How is type validation usually enforced in Web Services? Is it the server's responsibility to provide such validation and return a failure message if something goes wrong? What is the client's reponsibility when it comes to type validation?

1
web-serviceswsdlvalidation

1 Answers

1
votes

WSDL describes service and part of service description is definition of data exchanged between client and service. Data are described by XML schema (XSD) which defines exact format of each message (except some rare use cases where for example xsd:any definition is used). XML schemas are standard way to describe XML documents and they are used to validate these documents - common XML parsers allow you validating the XML document with specified schema.

You can create web service without WSDL - actually WSDL is used mostly for SOAP services but even SOAP services can be defined without WSDL but they can still consume only well defined data which can be described by XSD schemas. Other types of web services like XML service or REST service (passing XML) can also have exchanged data described by XSD.

It depends on consumer if the validation is used. Validation of XML documents can be time consuming and it can reduce throughput of the system. The way how the validation is used depends on the API - some API or tools provide this out of the box other requires manual intercepting of received message and running validation with some available XML parser.