Testing Oracle WSM’s SOAP authentication with SoapUI

Last week I started to have a look at the product ‘Oracle Web Server Manager‘. I am reading a packtpub book about this product and am halfway now. I will post more about this book later but one thing I one to mention already is that there are several examples described which are tested by creating a web service client with .Net. I am not familiar with .Net (and do not have the intention to change that) so I used my favorite tool SoapUI as client to test the Oracle gateway.
The first example is created in chapter 4. In this example basic authentication is added to a web service. The book describes in detail how you do this with Oracle WSM. To test this setup I will use SoapUI. The first step is to create a project in SoapUI based on the web service’s WSDL. I accept the defaults so an example request is generated.
The WSDL of the web service looks like this:

<definitions name="TimeService" targetNamespace="urn:Test:TimeService" xmlns:tns="urn:Test:TimeService" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/">
   <message name="getTime0SoapIn">
      <part name="format" type="xsd:string"/>
   <message name="getTime0SoapOut">
      <part name="Result" type="xsd:string"/>
   <portType name="TimeServiceSoap">
      <operation name="getTime" parameterOrder="format">
         <input name="getTime0SoapIn" message="tns:getTime0SoapIn"/>
         <output name="getTime0SoapOut" message="tns:getTime0SoapOut"/>
   <binding name="TimeServiceSoap" type="tns:TimeServiceSoap">
      <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
      <operation name="getTime">
         <soap:operation soapAction="getTime" style="rpc"/>
         <input name="getTime0SoapIn">
            <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
         <output name="getTime0SoapOut">
            <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
   <service name="TimeService">
      <port name="TimeServiceSoap" binding="tns:TimeServiceSoap">
         <soap:address location="http://localhost:3115/gateway/services/SID0003001"/>

If I don’t configure anything in SoapUI and just send the request I get the response:

<soap-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
         <faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthenticationFault</faultcode>
         <faultstring>Invalid username or password</faultstring>

which is logical, because I have to supply credentials. These credentials must be added to the SOAP call according to the WS-Security specs. Luckily this is done by SoapUI by default. Here is the configuration of the call in SoapUI:

The SOAP request that is send now looks like this (the raw xml):

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Test:GetTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-32950583" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">alma23</wsse:Password>
      <urn:getTime soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <format xsi:type="xsd:string">?</format>

As you might notice a SOAP header is now added with the credentials information. The result now is:

<soap:Envelope soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
      <n:getTimeResponse xmlns:n="urn:Test:GetTime">
         <result xsi:type="xsd:string">09:37 AM</result>

So this works!

The next example in the book for which I use SoapUI is about encrypting and decrypting the message. This has some more configuration to setup so I will show this in a separate post.

About Pascal Alma

Pascal is a senior IT consultant and has been working in IT since 1997. He is monitoring the latest development in new technologies (Mobile, Cloud, Big Data) closely and particularly interested in Java open source tool stacks, cloud related technologies like AWS and mobile development like building iOS apps with Swift. Specialties: Java/JEE/Spring Amazon AWS API/REST Big Data Continuous Delivery Swift/iOS
This entry was posted in Security, SoapUI, Web Service and tagged , , , . Bookmark the permalink.