14

I have created an axis 2 web service with ws - security (which is enabled by the rampart module).

I want to test it in soapUi 4.5.1. and the request which soapUI proposes me is as it follows

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                  xmlns:nlo="http://nlo">
   <soapenv:Header/>
   <soapenv:Body>
      <nlo:echo>

         <nlo:arg>echoo</nlo:arg>
      </nlo:echo>
   </soapenv:Body>
</soapenv:Envelope>

But of course when I test it this way it gives me: missing security header

So I click on Show Project View - click on Outgoing WS-Security Configuration; Then I add WS Security Entry - UserName and I type the username, password and for PasswordType, I choose PasswordText.

Then I go back again to my request - it the same as the previous which soapUI proposed me but this time I click on the AUT section and for Outgoing WSS I choose my configuration. And everything works. But I can't see the security header which SoapUI has added. (neither in XML section not in RAW section).

Thanks in advance for the help!

James Brierley
  • 4,630
  • 1
  • 20
  • 39
Tania Marinova
  • 1,788
  • 8
  • 39
  • 67
  • I'm also unable to see the additional headers after the request is sent. Using `Outgoing WSS -> Apply " "` doesn't work for me either. – eebbesen Jul 24 '13 at 20:38

3 Answers3

19

You can view WS-Security header block in the Raw section, but before going there make some changes and resend request.enter image description here

Uladzimir
  • 3,067
  • 36
  • 30
3

Try using Wireshark to capture the entire request.

I ran into the same trouble. So capturing the network traffic on its way out via Wireshark seemed like the next best way.

Just go ahead an ping the server you are sending your SOAP request to so that you get its IP address.

Then run a capture with Wireshark while you send the SOAP request in question and filter the packets by destination IP. The filter expression will look something like this:
ip.dst == [your server IP].

It should have captured a packet of protocol type HTTP/XML. You can find your request under the tab eXtensivle Markup Language at the bottom.

PS. I realize this post is about a year old already, but I though I'd put a hint out there for any one else.

deRailed
  • 579
  • 1
  • 4
  • 9
  • Hello @deRailed I am trying to use this method but my request must be SSL - I can locate the payload but it is encrypted already. Is there a way to add the certificate key to decrypt the message so I can see the raw soap transmission? – Iofacture Nov 10 '16 at 00:21
2

The WS-Security header block won't be visible in the XML section, but it should be visible in the Raw tab after you've run your test. If you rerun your test is it still not there?

You can also try using either Fiddler or Request Bin to capture the actual message being sent out onto the wire.

Matt Hansen
  • 291
  • 3
  • 3
  • 1
    No unfortunately I can't see it in the RAw tab and I can't explain why! – Tania Marinova Apr 12 '13 at 05:34
  • Have you tried creating a Request Bin (http://requestb.in/) and fired your message at it? That will at least show you the actual message soapUI is sending out, which of course should match up with what you see in the Raw tab. – Matt Hansen Apr 15 '13 at 22:46