Testing REST API with SoapUI - Emmanuel Katto Uganda
Hello SmartBear community, I am Emmanuel Katto. I'm currently using SoapUI to test a RESTful API that requires authentication and authorization. I've successfully set up the SoapUI project and can make requests to the API, but I'm having trouble handling the authentication and authorization aspects. Specifically, I'm trying to implement OAuth 2.0 bearer token authentication, where the client app sends a request to the authorization server to obtain an access token, and then includes that token in the Authorization header of subsequent requests to the API. I've tried setting up the OAuth 2.0 configuration in SoapUI, but I'm not sure if I'm doing it correctly. Are there any best practices or examples that I can follow? Please let me know. Thanks in advance! Emmanuel
Support for java 17 using SoapUI-maven-plugin.
Hi! Can you please tell me how could it be possible to use SoapUI-maven-plugin with java 17? I would like to use it on Jenkins, and I cannot install java 16 in Jenkins... because it runs on AWS and all my other tests (Selenium) are running on Java 17. While I tried in maven to use maven-compiler-plugin with release version 16, it throws an error that a groovy script cannot be run because of unsupported class file major version 61. On my local SoapUI works as expected with java 17, but the soap plugin no.
How do i fix the CVE-2019-12180?
I need to know if CVE-2019-12180 has been fixed in the latest versions of SoapUI. All the sources I have searched explain that the CVE is reported in version 5.5 of SoapUI, but none of them clearly state whether the vulnerability has been fixed in version 5.7.x. If it is not officially fixed, how could I mitigate this vulnerability? CVE-2019-12180 : An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, th (cvedetails.com)Webinar - Invest in your Testing: Evaluating Open Source vs. Commercial Solutions
Webinar - 12 June 10:00 EST & 13 June 14:00 AEST Invest in your Testing: Evaluating Open Source vs. Commercial Solutions This webinar will help you make an informed decision about your API testing strategy by exploring the true total cost of ownership (TCO) for both open source and commercial testing solutions, using SoapUI and ReadyAPI as an example use case. The session is designed to equip stakeholders invested in the success of their API testing initiatives with the knowledge to make an informed choice that aligns with business goals and technical requirements. Sign me up!
WS-Security Configuration XML Code
The SOAP API I am trying to connect with requires a Outgoing WS-Security Configuration which i created and added an element "fooBar". It had the following components: Username Password Add Nonce (checked) Add Created (checked) Password Type : PasswordText This was all added into the SOAPUI Project and configured and Assigned into the ServicesSoapBinding Service Endpoints in the Outgoing WSS column for the SOAP API Endpoint. The service runs successfully and returns the data. But when I look at the Raw XML I do not see the XML code generated for this configuration. This causes an issue when trying to create the API call in my code (VS.net) I do see a usernameToken: <wsse:UsernameToken wsu:Id="UsernameToken-1A2345BC79125763217146873325036"> <wsse:Username>fooBar</wsse:Username> I do not see how that UsernameToken is generated and when I create my UsernameToken it is in the form of a GUID not Hexadecimal This is the RAW XML generated for a successful call: POST https://Host SOAP API URL HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "API Method" Content-Length: 1068 Host: Host Domain Connection: Keep-Alive User-Agent: Apache-HttpClient/4.5.5 (Java/16.0.2) <soapenv:Envelope xmlns:ejb="https://Host SOAP API URL" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-1A2345BC79125763217146873325036"> (dummy token) <wsse:Username>fooBar</wsse:Username> (Raw XML included the name of the WS-Security Configuration element not the actual password) <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Password encryption</wsse:Nonce> <wsu:Created>2024-05-02T22:02:12.503Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <ejb:API Method> <vendorId>Real Password</vendorId> <applicationId>Real AppID</applicationId> </ejb:API Method> </soapenv:Body> </soapenv:Envelope> Is there a way to see the missing generated WS-Security Configuration code? Thanks.Gradle publish not working suddenly from today.
Could not resolve all artifacts for configuration ':classpath'. > Could not resolve io.freefair.gradle:aspectj-plugin:3.8.4. Required by: project : > Could not resolve io.freefair.gradle:aspectj-plugin:3.8.4. > Could not get resource 'http://smartbearsoftware.com/repository/maven2/io/freefair/gradle/aspectj-plugin/3.8.4/aspectj-plugin-3.8.4.pom'. > Could not HEAD 'https://rapi.tools.ops.smartbear.io/nexus/content/groups/public/io/freefair/gradle/aspectj-plugin/3.8.4/aspectj-plugin-3.8.4.pom'. > Read timed out Could you please let us know the reason. Regards, Raghavender.
