Robert Sanderson wrote:

> 
>> In case of a HTTP POST request, I need to open the POST'ed data, to see
>> what I should do - and that's application logic!
> 
> No, you can and should check the content-type header.
> 
> See:  http://www.loc.gov/standards/sru/sru-post.html

That was what I meant, but did not write clearly.

Still, you are chickening out.

I got no clear answers for the following situations a
SRU GET/POST/SOAP server should survive:

a) A HTTP POST request is not in the headers specified of content type
    application/x-www-form-urlencoded  SRU/POST or
    text/xml            SRU/SOAP or
    application/soap+xml   SRU/SOAP

    what's the correct behaviour ?? I suppose it's

    HTTP error 415 Unsupported Media Type

b) A HTTP POST request is of content type text/xml or
    application/soap+xml, but the posted data can not be parsed as XML

    I see no HTTP error which fits the bill at

    http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

    but I might have missed something. Maybe the best here is

    HTTP error 400 Bad Request   ???


c) A HTTP POST with correct text/xml headers and parsable XML, but is
    just no SOAP

     Nobody asked for SOAP, so this should be a HTTP error rather than a
     SOAP error, right ?? Which one ??

d) A HTTP POST with correct  application/soap+xml headers and parsable
     XML, but is just no SOAP with Envelope and Body wrappers.

     Now a SOAP error is appropriate, I guess.

     http://www.w3.org/TR/soap/ is the page.

     The primer
     http://www.w3.org/TR/2003/REC-soap12-part0-20030624/
     Section 2.3 "Fault Scenarios" seems not to give a clear answer.

     There it is stated that the Body has to carry a

     <env:Fault>
       <env:Code>
          <env:Value>
        ...
       <env:Reason>
       ...

    XML block, The env:Code sub-element of env:Fault is itself made up of
    a mandatory env:Value sub-element, whose content is specified in the
    SOAP specification (see SOAP Part 1 section 5.4.6) as well as an
    optional env:Subcode sub-element.

    Looking at that reference,
    http://www.w3.org/TR/2003/REC-soap12-part1-20030624/#faultcodes

    I would guess it's the "Sender" fault code which needs to be send ??

    What's your advice here ??



e) Your example of an invalid SRU GET request

    http://foo.com/sru?version=1.1

    which does not state any operation, must issue a fatal diagnostic.

    7 Mandatory parameter not supplied

    That's clear.

    I presume you wrap this in a <srw:explainResponse>,

    as there are only scan, search and explain to choose from, and the
    two others feel quite odd to wrap it into, right ??

    But this means assuming the operation 'explain' if you can not
    determine which operation to use ??


Cheers, Marc Cromme


> 
>> 3) if I get something else in the POST'ed data - I do what ??
>> How should the server respond ??
> 
> Whatever a SOAP server would do with a broken request, which I'm sure is
> defined in the SOAP w3 docs.
> 
>> If no valid operation is parsed (due to empty parameter SRU GET list),
>> explain is assumed anyhow ..
> 
> That's not exactly how it works.
> 
> Either there are no parameters, or there's an operation parameter.
> Anything else is a broken client.
> 
> eg:
>   http://foo.com/sru?version=1.1&query=cat&recordSchema=dc
> 
> is just not a valid SRU URL. Nor is:
>   http://foo.com/sru?version=1.1
> 
> 
> Rob
> 


-- 

Marc Cromme, cand. polyt, Ph.D
Senior Developer, Project Manager

Index Data Aps
Købmagergade 43, 2
1150 Copenhagen K.
Denmark

tel: +45 3341 0100
fax: +45 3341 0101

http://www.indexdata.com

INDEX DATA Means Business
for Open Source and Open Standards