Validate SOAP Attachments Assertion
The Validate SOAP Attachments assertion allows you to validate the size and MIME type of incoming SOAP attachments. The assertion will fail under any of the following conditions:
Validate SOAP Attachmentsassertion allows you to validate the size and MIME type of incoming SOAP attachments. The assertion will fail under any of the following conditions:
- the request message does not contain an attachment
- the request message contains an attachment that was not declared in the WSDL
- the attachment is too large
- the attachment is declared an MIME Content-Type different from the expected type
- a signature is required but not present for the attachment.
You can optionally require that the attachment be signed (not available in the XML Datascreen version of the Gateway).
The Validate SOAP Attachments assertion supports the W3C
SOAP Messages with Attachmentstandard as outlined in www.w3.org/TR/2000/NOTE-SOAP-attachments-20001211, and the
OASIS Web Services Security SOAP Messages with Attachment (SwA) Profile 1.0 (Committee Draft)for signed attachments.
(1) You cannot use the Validate SOAP Attachments assertion with XML applications. (2) If a signature is required for an attachment, one of the following assertions must precede the SOAP Request with Attachment assertion: Require WS-Security Signature Credentials, Require WS-Secure Conversation, Require SAML Token Profile, Require Encrypted UsernameToken Profile Credentials, or Require WS-Security Kerberos Token Profile Credentials.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickValidate SOAP Attachmentsin the policy window and selectSOAP Attachment Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.TheBinding,Operations, andInput Parameterscorresponding to one or more attachments are automatically populated from the web service WSDL document.If no attachments are present or your service is not capable of supporting attachments, then nothing will appear in the properties dialog.
- From theBindingdrop-down list, select the binding that contains the attachment. The operation(s) belonging to the binding appear underOperations.
- From theOperationslist, select the operation that contains the attachment(s). The following information is displayed in theInput Parametersgrid.ColumnDescriptionParameter NameName of the input parameter for the attachment.MIME Part Content TypeThe Content-Type is retrieved from the WSDL document. If it is not correct, click [...] to change it.MIME Part Length MaxSet to default size of 1000 KB by the Gateway. Modify as necessary.Require SignatureSelect this check box to require that the attachments be signed. This option does not apply to the XML Datascreen version of the Gateway.WARNING: Signatures with attachments cannot be verified when the message is save as part of auditing, as the signed attachment is not saved. Modifying an attachment will most likely break the signature of the attachment.Multiple attachments per input parameter are also supported. In this case, the total size of the attachments being referred to by the input parameter cannot exceed the value of the MIME Part Length Max column value corresponding to the input parameter.
- Click [OK]