We have some soap based web services using java to wsdl approach in our organization. There is a security requirement to now fix limits on the request parameters being passed to service methods. Currently we have the maxoccurs attribute for a parameter to be unbounded in wsdl because we have the parameter as a collection in java.
To resolve this it looks like we need to make some changes in java source to regenerate the WSDL's which are compliant to this requirement. I know there are some unofficial api's available which can be used as replacement to jaxb providing annotations which can be added in java source. This may result in WSDL generated having maxoccurs to a fixed configured value. But, there are some issues in using these third party solutions due to licensing and other issues. Also, we need to enable schema validation for the WSDL.
I would like to know if there is a solution to have this check done outside the scope of either the WSDL or java source to be compliant with this requirement. What I am looking at is a configurable solution without touching wsdl's or java source. We are using IBM Datapower in our organization. Want to have if we can have a policy or something configured using datapower that will intercept the web service request parameters and throw fault if the maxoccurs for any of the web service method parameters is above a configured value. Has anyone used datapower for a use case like this. Or is there a better way of achieving it.
