SOAP UI access control

Question

SOAP UI is an open source tool and it is currently used in our project for testing multiple services.Our client has security concerns since anyone who has service endpoint can invoke the service using SOAPUI.Is it possible we can control the access of these services to specific user.These user will use id/password for testing and only authorized user can test.Is this feautur already present in SOAPUI.if yes how we can configure it.

Thanks,

Anish

redfish4ktc2 · Answer

hi,To solve your issue, you have to configure your service using one of the authentication mecanisms supported by soapui, see* http://www.soapui.org/SOAP-and-WSDL/aut ... uests.html* http://www.soapui.org/SOAP-and-WSDL/spn ... ation.html

smartbear_suppo · Answer

Right. This security concern should be implemented at the web service level. You should easily restrict the web service to use WS-Security, user authentication, or some network restriction like a application server whitelist to include your authorized users.

SoapUI can then be used to test and send in authentication if need be, but as a tool itself, it doesn't implement security on your web service for you. Even without SoapUI, people can still access your web service with curl scripts and other methods while your web service is unsecured.

Thanks,
Michael Giller
SmartBear Software

Forum Discussion

SOAP UI access control

2 Replies

Recent Discussions

Invalid Content-Type for attachments

Malfunction changing between multiple screens

How do I add a REST query string without the 'name='

Related Content

Accessibility Testing Made Easy: How TestComplete Ensures Web Compliance

Unable to access jarfile agent.jar

Access to "Sentinel Admin Control Center" program