TEC Workbook - IBM
TEC Workbook - IBM
TEC Workbook - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.7 Stylesheet Caching<br />
<strong>IBM</strong> Software<br />
XSL stylesheets are compiled and then cached to improve performance. Previously you configured your<br />
processing rule to transform the request XML document against productTransform.xsl. The stylesheet<br />
was fetched from a remote server, compiled, and then cached. You can verify this by checking the status<br />
of the document cache.<br />
__1. In the left hand navigation pane, under the Status menu, scroll down to find the XML Processing<br />
section, and click on Stylesheet Cache.<br />
In the cached stylesheets column, you can see the number of stylesheets that have been compiled and<br />
cached (this value also includes some system stylesheets).<br />
__2. In the XML Processing section, click on Stylesheet Status<br />
The Stylesheet Status page shows you all of the stylesheets that have been compiled and cached. Since<br />
schema documents (XSD) are compiled like stylesheets, they show up in this list too.<br />
2.8 Implicit XML Threat Protection<br />
Services that are configured to receive XML messages provide a wide array of additional XML threat<br />
protection.<br />
2.8.1 Malformed XML Content Detection<br />
In this next step, you’ll post malformed XML to your service<br />
__1. In soapUI, click on the Request tab.<br />
__2. Load the request body with file c:\labs\requests\malformed.xml.<br />
Notice that the closing tag is missing the leading slash resulting in the XML to be<br />
malformed. Don’t correct the error.<br />
__3. Click the green submit button to POST the malformed message to ProductServiceProxy. Again,<br />
you should receive a generic SOAP fault. Click the View Log link at the top of the Multi-Protocol<br />
Gateway configuration page and notice the error message pertaining to the mismatched tag.<br />
2.8.2 XML Denial of Service (XDoS)<br />
WebSphere DataPower appliances can protect Web services against both single message denial of<br />
service (XDoS) and multiple message denial of service (MMXDoS) attacks.<br />
Single message XDoS attacks may have any combination of the following characteristics:<br />
● Jumbo payloads – Sending a very large XML message to exhaust memory and CPU on<br />
the target system.<br />
● Recursive elements – XML messages that can be used to force recursive entity expansion<br />
(or other repeated processing) to exhaust server resources<br />
Lab 2 - Working with XML Page 49