Forum Discussion

mmoser18's avatar
mmoser18
Frequent Contributor
8 years ago
Solved

Cloning a TestStep adds a password? What the...?

Is it a bug? Is it a feature? I guess it's soapUI!

 

We discovered a pretty odd feature/bug/behavior of soapUI today: When cloning a TestStep (within the same TestSuite) we encountered the "interesting" situation, that the original test step worked perfectly fine while the cloned test step (without any change applied) would yield an error response.

 

Puzzled we digged into this and had to learn, that - for whatever weird reason - soapUI reproducibly changes three properties when cloning a test step:

  • It sets a "Username"-property to value "admin" (that Property exists apparently for each test request, but soapUI sets a value here).
  • It sets a "Password"-property to some value (no idea what soapUI enters here as one can not get hold of the value).
  • And finally it sets the Property "WSS-Password Type" to value "Password Text" (from "None" in the original step).

The three above cause an additional <wsse:Security>-security header to be added to the outgoing message:

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-A9A4320346B9CF777214804319701731"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">OLgtO3i2IeFLM9oYlnN0nw==</wsse:Nonce><wsu:Created>2016-11-29T15:06:10.172Z</wsu:Created></wsse:UsernameToken></wsse:Security>

 ... and that header caused our service to fall over.

 

Why on earth does soapUI change these setting when cloning a testcase??? This came completely unexpected for us!

I found nothing in the project nor the test suites nor the defined requests that would indicates that this "WSS-Password Type" property should be added or set for newly created test steps.

 

Any idea or rationale behind this? Or is this simply a bug? What could cause this? I am using soapUI since "ages" but it is the first time we stumbled over this effect. This is using soapUI v5.2.1.

 

Michael

 

BTW: how can one prevent this forum SW from changing certain character sequences to smilies without asking? ||-(

  • nmrao's avatar
    nmrao
    8 years ago

    Ok. You need to locate the script with name "TestSuiteTestStepAdded.groovy" and remove "if" block.

     

    Actually, that was added to demonstrate that user credentials can be added when Request test step is added automatically, useful for those use credentials.

     

    You can remove it since it is not applicable.

9 Replies

Sort By
    • mmoser18's avatar
      mmoser18
      Frequent Contributor
      8 years ago

      Not sure what you are aiming at. I *have* indeed have enabled listeners and I have implemented/populated one of them (C:\Program Files\SmartBear\SoapUI-5.2.1\bin\listeners\RequestBeforeSubmit.groovy) which always makes sure that a few HTTP-headers that we require for our tests are added to all requests. But - as I say - these are HTTP-headers. Here we are talking about test-step properties being set or added during cloning and SOAP Envelope header fields being added.

      These two appear to me to be completely distinct and unrelated, or not?

      • nmrao's avatar
        nmrao
        Champion Level 3
        8 years ago
        Looks you got what I asked for. Are you using, soapUIExtension from github which I provided?