Forum Discussion

drnet's avatar
drnet
New Contributor
12 years ago

Create request, get respone

I am currently working on plugin for soapUI.
Plugin is a RequestFilter. It filters all request and if encounters <SignRequired> tag in header, it performs custom signature of request, using properties file defined in tag.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ejb="http://ejb.jaxws/">
   <soapenv:Header><SignRequired prefsFile="D:\singReq\signProperties.properties"/>
</soapenv:Header>
   <soapenv:Body>
      <ejb:echo>
         <!--Optional:-->
         <message>some message</message>
      </ejb:echo>
   </soapenv:Body>
</soapenv:Envelope>


Right now I get token with custom signed request in soapUI, save the responce to file and then use it in signature process.
It works fine now.

Now I need to automaticaly refresh token before signature process.
The question is - how to execute token Request before returning filtered request back to soapUI. (example code will be very helpfull)

3 Replies

  • nmrao's avatar
    nmrao
    Icon for Champion Level 1 rankChampion Level 1
    12 years ago
    Please confirm if the below understanding is correct.

    You would like to change the request with something else in the Hear section if it contains SignRequired element.

    Just for understanding how are you doing this in soapui currently?
  • drnet's avatar
    drnet
    New Contributor
    12 years ago
    RequestFilter java plugin through SoapUI java api.
    Actually problem is solved right now sending tokenRequest to Soap webservice manually using HttpConnection inside my plugin. I even sign request with x509 certificate

    But it will be more interesting to send request with SoapUI.
  • drnet's avatar
    drnet
    New Contributor
    12 years ago
    Just to clear:

    We have secure webservices. QA needs to test it in near real-world environment.
    As every service is secured - it requires signed request.
    To sign request I need Saml assertion. Assertion has limited ttl.
    So i need regular assertion re-request from identity provider.

    My plugin right now filters all requests, finds that request that need to be signed.
    Request fresh assertion from IdP, signs request with it, and return it to soapUi.

    For tester it is absolutely transparent, it can be used for single or test suite requests.
    Just add special tag and all your requests are signed properly.

    Sorry for my poor English.