Allow setting ReadyAPI working directory for user
Feature request:Please consider adding aglobal log file location and removing the dependency on the bin/ directorybeing writeable by the user running ReadyAPI (or testrunner.sh, etc). Evenbetter would be if you would support using a variable in the path, orsimply relative paths, so that the ReadyAPI logs of one project could beplaced under the project's working directory. I'm not overly familiar with ReadyAPI but I imagine the ideal location inwhich to specify a log path would be in soapui-settings.xml. Background (as per our forum post and support ticket): We have installed in a system-wide location at /opt/SmartBear/ReadyAP-1.2.2, but unless we make the bin/ subdirectory of that path writeable by the user (not a good idea!) the software refuses to start. Even giving write permissions to all of the individual log files that ReadyAPI expects to write to is insufficient. It requires write access to the bin/ subdirectory. If I temporarily make bin/ writeable, I can launch the GUI, run tests, etc. Even if installed into a user's home directory, we'd prefer for logs not to be created in the same dir as the binaries. I have so far tried setting global properties as follows using the GUI: Name: soapui.logroot /home/user/soapui-workdir user.dir /home/user/soapui-workdir Neither of these worked when running our test suite, even after restarting the ReadyAPI GUI. I have tried various combinations but ended up having to make our user theowner of the directory for ReadyAPI to even launch at all. I had consideredediting soapui-log4j.xml but thought it was bad form to do so (and it'slikely changes will be over-written next time we upgrade ReadyAPI). I think many *nix systems administrators would be concerned about the factthat ReadyAPI requires write access to the binaries directory (not just thelog files in it, but the whole directory).
SOAPUI not signing/ security header empty
Hi, Ive been stressed out by this item. Ive followed through the following guide:soapui keystore + security guide, double checked everything (keystore status = OK) and created the corresponding "Outgoing WS-Security Configurations". Added Signature and Timestamp, both items fully configured. Later I added, to my Request, a Basic Auth (pre-emptive auth: Use global preference) and pointed "Outgoing WSS" to my created configuration. The service that I need to connect with is stating: "An error occurred when verifying security for the message." I do believe that the reason behind all of this is because Im not seeing a security or signature token anywhere (or they are empty). I even tried creating a Mock Service, in order to review the exact message that Im sending and its as follows (extracted from raw): <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wcf="http://wcf.dian.colombia"> <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/><wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus</wsa:Action></soap:Header> <soap:Body> <wcf:GetStatus> <wcf:trackId>1d1</wcf:trackId> </wcf:GetStatus> </soap:Body> </soap:Envelope> As stated, this is almost empty. I reviewed other cases on site and they tended to go into two directions: * Incorrect or missing configuration: Im pretty sure Ive followed through every required step, I even checked multiple guides on this item. * Invalid JKS store: I tried with multiple certificates, even created one following a guide from smartbear for this purpose (right now, Im unsure which) and, as stated, all of them show Status = OK. Im terrible frustrated by this, which I do require for work, so if anyone could point me out on the correct direction... Ill really appreciate it. Thanks!
SSL Certificate verification missing
Hi Community, I've been trying to get SoapUI 5.5. (OpenSource) to verify and reject my self-signed ssl server certificate for security reasons (self-signed, not trusted), just like other clients do. Where can I switch the behavior between test and live environment? I need the verification enabled. In my case soapui just accepts the connection and does not even notify about any security issues. I have searched the database but didn't find much information. Thanks in advance.Does TestComplete and/or LoadComplete support the use of soft security certificates?
Does TestComplete and/or LoadComplete support the use of soft security certificates? The browser-based application I'm assigned to requires the use of security certificates for user authentication. TestComplete tests are currently written to automate authentication as long as a hard certificate is available from a security card inserted into a card reader. The issue, of course, is that test automators can not execute a suite of automated tests in the evening and go home. The other issue is the inability to run load tests simulating the many virtual users authenticating into the browser-based application. The solution to this is to create and/or acquire soft certificates used specifically to support test automation which my project is able to do, but TestComplete and LoadComplete needs to be able to use them. If TestComplete and/or LoadComplete do not support soft certificates is this a current requirement for them and when are the requirements to be fulfilled with each one?SecurePRO (ReadyAPI 1.6.0): How to modify the default assertion "Valie HTTP Status Codes"
We run SecurePRO Security-Tests. Therefore we use all the default scans provided. One of them is "HTTP Method Fuzzing" Request: PATCH http://localhost:14080/rest-service/rest/contact/contacts?languageCode=xx Response: HTTP/1.1 500 Internal Server Error Now, SecurePro isalerting (Warning): Valid HTTP Status Codes: Response status code 500 is not in the list of status codes But I can't find any place to modify the list of valid status codes. Please note, I did not add this assertion manually It's a default assertion as it is alsoa default security scan. Any ideas? Thanks Regards, Reto
11.3 Community version turns on external authentication
We have tried to upgrade to 11.3, but can't login. It returns an error message: com.smartbear.ccollab.service.api.v7001.ServiceException: This version of the product doesn't support external authentication External authentication has obviously never been setup, and we have tried reinstalling with no success. We have had to rollback to 11.2 due to this issue.Unable to access service due to WSS-Password Type
Hi all, I am fairly novice with web services, and have a come across a problem with security. I am trying to access a 3rd party web service, which I can do fine when using SOAP. I have to set up 'Basic Security' and add a Username and Password, and then finally set the WSS-Password Type = PasswordText. This resolves perfectly in SOAP, and I can call and interact with the web service with no issues. However, when we try to do this externally (I am working with a web developer) we are coming across an issue with WSS-Password Type. I am posting the following - POST /serviceadress.svc HTTP/1.1 Host:Hostname Connection: Keep-Alive User-Agent: PHP-SOAP/5.5.23 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://servicehost/method" Content-Length: 678 Authorization: Basic R0lGVFZPVUNIRVI6R0lGVFZPVUNIRVI= WSS-PasswordType: PasswordText Username:xxxxxx Password:xxxxxx Every time I add the “WSS-Password Type”, the server rejects the request: failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request I have tried different parameters in the WSS-PasswordType field but all give the same error. If I remove this parameter altogether I get a security verification message, the same as in SOAP which is correct. I think its something simple but I have been unable to resolve. Any ideas?Configure WSS11 Security Policy
Has anyone had any luck in configuring WSS11 security policy on Soap UI? I am using Ready API 1.4.1. I have attempted to find multiple forum articles regarding this, but no-one seems to have had an answer e.g. - https://community.smartbear.com/t5/SoapUI-NG/Support-for-signature-using-secretkey/td-p/33846 - http://community.smartbear.com/t5/SoapUI-NG/SecretKey-not-supported-due-to-JCEKS-keystores-not-supported/m-p/110835#M25770 It looks like a feature request was raised for this. If anyone has managed to configure this, please get in touch. Thanks.
