Best Practice? PayloadRootQNameEndpointMapping & SoapActionEndpointMapping

[CorbaTheGeek]

As it states in the 'airline' sample's applicationContext-ws.xml:

The MessageDispatcher is responsible for routing messages to endpoints. It uses three endpoint mappings to determine the endpoint suitable for handling a particular incoming request. Having three mappings is not a recommended approach, it's done here only for illustration purposes.

Can you offer us any best practices or rules of thumb for when each of these mappings should be used?

• PayloadRootQNameEndpointMapping
• SoapActionEndpointMapping
• SoapActionEndpointMapping with XwsSecurityInterceptor

With just the airline sample as a guideline, was the use of the SoapActionEndpointMapping for the update transaction an intentional choice? And is the PayloadRootQNameEndpointMapping a lighter-weight solution that should be used for queries? Or am I reading too much into this sample?

[Arjen Poutsma]

The fact that the latter has a security interceptor is just to show how WS-Security works. Since interceptors are wired at the handler level, you can have some operations use WS-Security, while others don't.

The PayloadRootQNameEndpointMapping parses the payload, so that is slow(er). However, it is transport agnostic, so if you want to do SOAP 1.1 or 1.2 over something like TCP/IP, use this one.

The SoapActionEndpointMapping uses the special mime header SOAPAction. In SOAP 1.2, this has been deprecated. The good news is that it's relatively fast, since you don't need to parse the payload. So if you have larger messages under SOAP 1.1, and want to make it as fast as possible, use this mapping.

[jmgutierrez]

Mr Arjen Poutsma, you said: "you can have some operations use WS-Security, while others don't."

How could i do that? Im working with annotations but anyway, i couldnt find any example, article or forum message where i had some secure operations and others not.


thanks