Testing Oracle WSM's SOAP authentication with SoapUI

Posted on 15 January 2009 by Pascal Alma

Last week I started to have a look at the product ‘Oracle Web Server Manager‘. I am reading a packtpub book about this product and am halfway now. I will post more about this book later but one thing I one to mention already is that there are several examples described which are tested by creating a web service client with .Net. I am not familiar with .Net (and do not have the intention to change that) so I used my favorite tool SoapUI as client to test the Oracle gateway.
The first example is created in chapter 4. In this example basic authentication is added to a web service. The book describes in detail how you do this with Oracle WSM. To test this setup I will use SoapUI. The first step is to create a project in SoapUI based on the web service’s WSDL. I accept the defaults so an example request is generated.
The WSDL of the web service looks like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

<definitions name="TimeService" targetNamespace="urn:Test:TimeService" xmlns:tns="urn:Test:TimeService" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/">
   <message name="getTime0SoapIn">
      <part name="format" type="xsd:string"/>
   </message>
   <message name="getTime0SoapOut">
      <part name="Result" type="xsd:string"/>
   </message>
   <portType name="TimeServiceSoap">
      <operation name="getTime" parameterOrder="format">
         <input name="getTime0SoapIn" message="tns:getTime0SoapIn"/>
         <output name="getTime0SoapOut" message="tns:getTime0SoapOut"/>
      </operation>
   </portType>
   <binding name="TimeServiceSoap" type="tns:TimeServiceSoap">
      <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
      <operation name="getTime">
         <soap:operation soapAction="getTime" style="rpc"/>
         <input name="getTime0SoapIn">
            <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
         </input>
         <output name="getTime0SoapOut">
            <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
         </output>
      </operation>
   </binding>
   <service name="TimeService">
      <port name="TimeServiceSoap" binding="tns:TimeServiceSoap">
         <soap:address location="http://localhost:3115/gateway/services/SID0003001"/>
      </port>
   </service>
</definitions>

If I don’t configure anything in SoapUI and just send the request I get the response:

1
2
3
4
5
6
7
8
9

<soap-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <soap-ENV:Body>
      <soap-ENV:Fault>
         <faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthenticationFault</faultcode>
         <faultstring>Invalid username or password</faultstring>
         <detail/>
      </soap-ENV:Fault>
   </soap-ENV:Body>
</soap-ENV:Envelope>

which is logical, because I have to supply credentials. These credentials must be added to the SOAP call according to the WS-Security specs. Luckily this is done by SoapUI by default. Here is the configuration of the call in SoapUI:

The SOAP request that is send now looks like this (the raw xml):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Test:GetTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-32950583" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>palma</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">alma23</wsse:Password>
            <wsse:Nonce>Ekgk+pK0FhRj8EnzWxFsKg==</wsse:Nonce>
            <wsu:Created>2009-01-15T08:37:08.005Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <urn:getTime soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <format xsi:type="xsd:string">?</format>
      </urn:getTime>
   </soapenv:Body>
</soapenv:Envelope>

As you might notice a SOAP header is now added with the credentials information. The result now is:

1
2
3
4
5
6
7

<soap:Envelope soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
   <soap:Body>
      <n:getTimeResponse xmlns:n="urn:Test:GetTime">
         <result xsi:type="xsd:string">09:37 AM</result>
      </n:getTimeResponse>
   </soap:Body>
</soap:Envelope>

So this works!

The next example in the book for which I use SoapUI is about encrypting and decrypting the message. This has some more configuration to setup so I will show this in a separate post.

tags: , ,

About Pascal Alma

Pascal started as an Oracle Developer in 1997 and developed numerous applications with Oracle Designer/Developer and PL/SQL. Since 2001 Pascal becomes more and more active with the development of software at the Java/J2EE platform. Nowadays Pascal is a senior JEE Developer/ Architect and has a lot of experience with several open source initiatives/ frameworks especially within the Enterprise Integration area. Besides these technical skills Pascal is a big Scrum enthusiastic.

Meest gelezen