Using SOAP Headers

Those familiar with HTTP or MIME headers are probably used to seeing various sorts of metadata included with the main data in the message. In a lot of ways, the SOAP header is similar, with one major difference.

HTTP uses the Content-Type header to indicate the MIME type of the data in the body of an HTTP request or response. Similarly, an HTTP client can request what kind of data it wants in the response, by including the HTTP Accept header. From a high level, SOAP messages always contain XML data, so in that sense there is no need to specify a MIME type to describe the data. In fact, the structure of the data in SOAP messages is much better defined through the use of XML schema.

A Web service that defines its interface through WSDL defines the schema of its data along with the bindings that specifies what response data types will be generated from which request data types.

The well-defined nature of SOAP messages is what allows them to be so easily used from within applications. Therefore, because the data structure is already defined, using SOAP headers to describe the data structure in a SOAP message is unnecessary.

The focus of the SOAP header should be to help process the data in the body. It makes sense to include information about authentication or transactions, because this information will be involved in identifying the person or company who sent the body and in what context it will be processed. Expiration data could be included in the header, to indicate when the data in the body may need to be refreshed. User account information could be included, to ensure that processing the message is performed only for a request that has been legitimately paid for.

Another factor in determining whether information should be included in SOAP headers is whether that information will have broad application to a wide variety of SOAP messages. If so, it should be included in the header. It makes more sense to define a single schema and insert it into the definition of one header element than to force inclusion of the same data into the body schemas of a large number of message definitions. Authentication and routing are problems common to many Web services, so it makes sense that this information lives in the header element.

In JADE, SOAP headers are defined as a subclass of the JadeWebServiceSoapHeader class. Properties that are to be included in the header are then defined on this class. These classes can then be included in a Web service definition, by adding properties to the service of this type. Individual methods can then be assigned these headers.

When session handling is enabled for a Web service application, a SOAP header is automatically generated for every method call. This header carries the current session id. The client system does not need to process this header but it is required to return the header back to the JADE Web service provider. The header is defined as input‑output so that the client knows to do this.