Forum Discussion

bigjim's avatar
bigjim
Occasional Contributor
9 years ago
Solved

SOAPUI. Accessing a basic authentication webservice through companies web proxy

Hi.  I'm on SOAPUI v5.2.1.

 

I need to call an internet exposed service from inside my companies network.  To get out to the internet I need to go through the companies web proxy.  Windows domain\user credentials allow this.  The target WebService expects basic authentication credentials.

 

I configure Preferences->Proxy Settings (pointing at the proxies IP, on port 80, specifying by domain\user\password)

 

In the HTTP header I see a Authorization : Basic : elements added with a base64 encoded string.

 

I can hit the target endpoint - but get a noat authorised error (not suprisingly).

 

NOW:

 

I add the basic authentication details to my request -> Authorization Basic, username/password...

 

I now get an Error getting response;java.lang.NullPointerException...

 

I don't see anything in the requests http headers to do with authorization at all.

 

SO:

 

Any tips for setting up access to a basic auth protected http web service when accessing via a web proxy that also needs to be authenticated to?

 

Thanks

Jamie

  • bigjim's avatar
    bigjim
    9 years ago

    We also had problems working around this in our Java code, so possibly not all product related.

     

    Right now we have two options.

     

    1)  Run a Burp instance as a local proxy, this intercepts the request from the client and takes responsibility for managing the connection/authentication to our internal web proxy.

     

    2) Configure an exception rule in the web proxy to non authenticate traffic bound for the target url for the relevant source node.

     

    Both worked, option 1 good enough for dev, option 2 will be taken forward in to environments.

9 Replies

Sort By
  • bigjim's avatar
    bigjim
    Occasional Contributor
    9 years ago

    We also had problems working around this in our Java code, so possibly not all product related.

     

    Right now we have two options.

     

    1)  Run a Burp instance as a local proxy, this intercepts the request from the client and takes responsibility for managing the connection/authentication to our internal web proxy.

     

    2) Configure an exception rule in the web proxy to non authenticate traffic bound for the target url for the relevant source node.

     

    Both worked, option 1 good enough for dev, option 2 will be taken forward in to environments.

  • nmrao's avatar
    nmrao
    Champion Level 3
    9 years ago
    Can you just attach full stacktrace of exception that you see?
    • bigjim's avatar
      bigjim
      Occasional Contributor
      9 years ago

      Good shout Rao.  I'll do this first thing tomorrow morning.

       

      Thanks

      Jamie

    • bigjim's avatar
      bigjim
      Occasional Contributor
      9 years ago

      Ok so if I put in my authentication details for the local web proxy (Preferences->Proxy Settings)

      Do not authenticate preemptively (Prefrences->HTTP Settings )

      Add my authentication details for the webservice endpoint (Auth (Basic) username+password).

       

      SoapUI log

       

      Thu Nov 05 08:21:54 GMT 2015:DEBUG:Attempt 1 to execute request
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Sending request: POST http://targetapi/api HTTP/1.1
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Receiving response: HTTP/1.1 407 Proxy Authentication Required
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Proxy requested authentication
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Authorization challenge processed
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Authentication scope: NTLM <any realm>@192.168.41.8:80
Thu Nov 05 08:21:54 GMT 2015:INFO:192.168.41.8:80 requires Windows authentication
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Found credentials
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Connection closed
Thu Nov 05 08:21:54 GMT 2015:DEBUG:Connection shut down
Thu Nov 05 08:21:54 GMT 2015:ERROR:Exception in request: java.lang.NullPointerException
Thu Nov 05 08:21:54 GMT 2015:ERROR:An error occurred [java.lang.NullPointerException], see error log for details
Thu Nov 05 08:21:54 GMT 2015:INFO:Error getting response for [apiSOAP.GetTagsIssuedToHolding:GetTagsIssuedToHolding - Request 1]; java.lang.NullPointerException

       

      http log

      Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "POST http://targetapi/api HTTP/1.1[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "Content-Type: text/xml;charset=UTF-8[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "SOAPAction: "http://targetapi/api/GetTagsIssuedToHolding"[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "Content-Length: 709[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "Host: targetapi[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "Proxy-Connection: Keep-Alive[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://targetapi/api/">[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "   <soapenv:Header/>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "   <soapenv:Body>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "      <api:GetTagsIssuedToHoldingRequest>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <ApplicationName>SUSS data requester</ApplicationName>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <ApplicationVersion>1.6</ApplicationVersion>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <ApplicationKey>private</ApplicationKey>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <SchemaVersion>1.5.4</SchemaVersion>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <Timestamp>2015-10-16T12:55:00.1234</Timestamp>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <HoldingNumber>70/222/0101</HoldingNumber>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <StartDate>2010-01-01</StartDate>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "         <StopDate>2015-10-16</StopDate>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "      </api:GetTagsIssuedToHoldingRequest>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "   </soapenv:Body>[\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:>> "</soapenv:Envelope>"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "HTTP/1.1 407 Proxy Authentication Required[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Mime-Version: 1.0[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Date: Thu, 05 Nov 2015 08:21:54 GMT[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Content-Type: text/html[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Proxy-Authenticate: NTLM[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Connection: close[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Proxy-Connection: close[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "Content-Length: 2854[\r][\n]"
Thu Nov 05 08:21:54 GMT 2015:DEBUG:<< "[\r][\n]"

       

       

      error log

      Thu Nov 05 08:21:54 GMT 2015:ERROR:java.lang.NullPointerException
   java.lang.NullPointerException
   	at org.apache.http.impl.auth.NTLMEngineImpl.stripDotSuffix(NTLMEngineImpl.java:175)
   	at org.apache.http.impl.auth.NTLMEngineImpl.convertDomain(NTLMEngineImpl.java:188)
   	at org.apache.http.impl.auth.NTLMEngineImpl.access$500(NTLMEngineImpl.java:45)
   	at org.apache.http.impl.auth.NTLMEngineImpl$Type1Message.<init>(NTLMEngineImpl.java:766)
   	at org.apache.http.impl.auth.NTLMEngineImpl.getType1Message(NTLMEngineImpl.java:128)
   	at org.apache.http.impl.auth.NTLMEngineImpl.generateType1Msg(NTLMEngineImpl.java:1298)
   	at org.apache.http.impl.auth.NTLMScheme.authenticate(NTLMScheme.java:125)
   	at org.apache.http.impl.auth.AuthSchemeBase.authenticate(AuthSchemeBase.java:124)
   	at org.apache.http.client.protocol.RequestProxyAuthentication.process(RequestProxyAuthentication.java:113)
   	at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:108)
   	at org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:174)
   	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.preProcess(HttpClientSupport.java:113)
   	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:452)
   	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
   	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
   	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
   	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
   	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
   	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
   	at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
   	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
   	at java.util.concurrent.FutureTask.run(Unknown Source)
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
   	at java.lang.Thread.run(Unknown Source)

       

       Is this enought detail to spark any thoughts ?

       

      Thanks

      Jamie