Cloning a TestStep adds a password? What the...?
Is it a bug? Is it a feature? I guess it's soapUI!
We discovered a pretty odd feature/bug/behavior of soapUI today: When cloning a TestStep (within the same TestSuite) we encountered the "interesting" situation, that the original test step worked perfectly fine while the cloned test step (without any change applied) would yield an error response.
Puzzled we digged into this and had to learn, that - for whatever weird reason - soapUI reproducibly changes three properties when cloning a test step:
- It sets a "Username"-property to value "admin" (that Property exists apparently for each test request, but soapUI sets a value here).
- It sets a "Password"-property to some value (no idea what soapUI enters here as one can not get hold of the value).
- And finally it sets the Property "WSS-Password Type" to value "Password Text" (from "None" in the original step).
The three above cause an additional <wsse:Security>-security header to be added to the outgoing message:
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-A9A4320346B9CF777214804319701731"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">OLgtO3i2IeFLM9oYlnN0nw==</wsse:Nonce><wsu:Created>2016-11-29T15:06:10.172Z</wsu:Created></wsse:UsernameToken></wsse:Security>
... and that header caused our service to fall over.
Why on earth does soapUI change these setting when cloning a testcase??? This came completely unexpected for us!
I found nothing in the project nor the test suites nor the defined requests that would indicates that this "WSS-Password Type" property should be added or set for newly created test steps.
Any idea or rationale behind this? Or is this simply a bug? What could cause this? I am using soapUI since "ages" but it is the first time we stumbled over this effect. This is using soapUI v5.2.1.
Michael
BTW: how can one prevent this forum SW from changing certain character sequences to smilies without asking? ||-(
Ok. You need to locate the script with name "TestSuiteTestStepAdded.groovy" and remove "if" block.
Actually, that was added to demonstrate that user credentials can be added when Request test step is added automatically, useful for those use credentials.
You can remove it since it is not applicable.