Last week I started to have a look at the product 'Oracle Web Server Manager'. I am reading a packtpub book about this product and am halfway now. I will post more about this book later but one thing I one to mention already is that there are several examples described which are tested by creating a web service client with .Net. I am not familiar with .Net (and do not have the intention to change that) so I used my favorite tool SoapUI as client to test the Oracle gateway.
The first example is created in chapter 4. In this example basic authentication is added to a web service. The book describes in detail how you do this with Oracle WSM. To test this setup I will use SoapUI. The first step is to create a project in SoapUI based on the web service's WSDL. I accept the defaults so an example request is generated.
The WSDL of the web service looks like this:

PLAIN TEXT
XML:
  1. <definitions name="TimeService" targetNamespace="urn:Test:TimeService" xmlns:tns="urn:Test:TimeService" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/">
  2.    <message name="getTime0SoapIn">
  3.       <part name="format" type="xsd:string"/>
  4.    </message>
  5.    <message name="getTime0SoapOut">
  6.       <part name="Result" type="xsd:string"/>
  7.    </message>
  8.    <portType name="TimeServiceSoap">
  9.       <operation name="getTime" parameterOrder="format">
  10.          <input name="getTime0SoapIn" message="tns:getTime0SoapIn"/>
  11.          <output name="getTime0SoapOut" message="tns:getTime0SoapOut"/>
  12.       </operation>
  13.    </portType>
  14.    <binding name="TimeServiceSoap" type="tns:TimeServiceSoap">
  15.       <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
  16.       <operation name="getTime">
  17.          <soap:operation soapAction="getTime" style="rpc"/>
  18.          <input name="getTime0SoapIn">
  19.             <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
  20.          </input>
  21.          <output name="getTime0SoapOut">
  22.             <soap:body use="encoded" namespace="urn:Test:GetTime" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
  23.          </output>
  24.       </operation>
  25.    </binding>
  26.    <service name="TimeService">
  27.       <port name="TimeServiceSoap" binding="tns:TimeServiceSoap">
  28.          <soap:address location="http://localhost:3115/gateway/services/SID0003001"/>
  29.       </port>
  30.    </service>
  31. </definitions>

If I don't configure anything in SoapUI and just send the request I get the response:

PLAIN TEXT
XML:
  1. <soap-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  2.    <soap-ENV:Body>
  3.       <soap-ENV:Fault>
  4.          <faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthenticationFault</faultcode>
  5.          <faultstring>Invalid username or password</faultstring>
  6.          <detail/>
  7.       </soap-ENV:Fault>
  8.    </soap-ENV:Body>
  9. </soap-ENV:Envelope>

which is logical, because I have to supply credentials. These credentials must be added to the SOAP call according to the WS-Security specs. Luckily this is done by SoapUI by default. Here is the configuration of the call in SoapUI:

The SOAP request that is send now looks like this (the raw xml):

PLAIN TEXT
XML:
  1. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Test:GetTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  2.    <soapenv:Header>
  3.       <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  4.          <wsse:UsernameToken wsu:Id="UsernameToken-32950583" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  5.             <wsse:Username>palma</wsse:Username>
  6.             <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">alma23</wsse:Password>
  7.             <wsse:Nonce>Ekgk+pK0FhRj8EnzWxFsKg==</wsse:Nonce>
  8.             <wsu:Created>2009-01-15T08:37:08.005Z</wsu:Created>
  9.          </wsse:UsernameToken>
  10.       </wsse:Security>
  11.    </soapenv:Header>
  12.    <soapenv:Body>
  13.       <urn:getTime soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
  14.          <format xsi:type="xsd:string">?</format>
  15.       </urn:getTime>
  16.    </soapenv:Body>
  17. </soapenv:Envelope>

As you might notice a SOAP header is now added with the credentials information. The result now is:

PLAIN TEXT
XML:
  1. <soap:Envelope soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
  2.    <soap:Body>
  3.       <n:getTimeResponse xmlns:n="urn:Test:GetTime">
  4.          <result xsi:type="xsd:string">09:37 AM</result>
  5.       </n:getTimeResponse>
  6.    </soap:Body>
  7. </soap:Envelope>

So this works!

The next example in the book for which I use SoapUI is about encrypting and decrypting the message. This has some more configuration to setup so I will show this in a separate post.