secure webservice Archive

Testing secure webservice on Weblogic using SOAP UI

Create  the certificates for the client using keytool and store it at a location. You can refer our articles on SSL to get more details on how to create keystores. Once the client keystore is created you need to do the following configuration on SOAP UI.

 

client-keystore

 

outgoing-timestampoutgoing-signature

 

 

Once you’ve done the security configuration you should be able to invoke your secure service

 

request-response

 

REQUEST

 

<soapenv:Envelope xmlns:bea="http://www.bea.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-974A598A574C09B5B614031710223477" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICYTCCAgugAwIBAgIQsAtcv4jhs9Rpsu6mxuT69jANBgkqhkiG9w0BAQQFADB5MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTXlTdGF0ZTEPMA0GA1UEBxMGTXlUb3duMRcwFQYDVQQKEw5NeU9yZ2FuaXphdGlvbjEZMBcGA1UECxMQRk9SIFRFU1RJTkcgT05MWTETMBEGA1UEAxMKQ2VydEdlbkNBQjAeFw0wNDEwMDMxNjIzNTdaFw0xOTEwMDQxNjIzNTdaMHYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIFgdNeVN0YXRlMQ8wDQYDVQQHFgZNeVRvd24xFzAVBgNVBAoWDk15T3JnYW5pemF0aW9uMRkwFwYDVQQLFhBGT1IgVEVTVElORyBPTkxZMRAwDgYDVQQDFgd1c2VyX2QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbn/m11lE1LDIw/MybKhvDFT8RhVx+ImoV/l85J2BsWWFZAeaM2LPmC/vMcsnptR4XVEGLKtUz5KN8LD388DKkJKXpAwTPMkGtqzOLmNpL4ZKtMgCR0dVqxAqd+ZhuhBJsWPi2r6dnsSumzMNm8U1Rtn8Qve5s6GplPOVLAuD81QIDAQABoy4wLDAqBgNVHQ4EIwQhdGVzdF9jbGllbnRfMTIzNDU2Nzg5MF8wOTg3NjU0MzIxMA0GCSqGSIb3DQEBBAUAA0EAQrN57Of9U2JZOI82G02pYr3zMwvurz3SdsAOI/dh9ctmRMynVYi3vDC8xrZBeMN7+nPZwS+Tb67QA89RI+EdGQ==</wsse:BinarySecurityToken><ds:Signature Id="Signature-8" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-9">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fSztcx6n1FRtd6IY01CVwaQQKBA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-7">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3OKIlCCMbaIigZvmwM3bB6mwQj0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#CertId-974A598A574C09B5B614031710223477">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+wobq47cIXzuDHyINGRQwnhI5Fg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ivZKz9J7MP15DmrEgZhqdnkrg09+toBNTtUDHBMf+J9wmJOiVRomM10jZ+6SeqIrLSeowbp6q3Ih
uGjkwGAfX6EapHbWNinTkzUCC+i3T9e3HiZdChiEf5f6/b3Lpk+ZaOTmk6IsdIW4gTaxBefY7d5l
xJOUe7p5yKOuzWcMEJk=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-974A598A574C09B5B614031710223488">
<wsse:SecurityTokenReference wsu:Id="STRId-974A598A574C09B5B614031710223489" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-974A598A574C09B5B614031710223477" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature><wsu:Timestamp wsu:Id="Timestamp-7" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2014-06-19T09:43:42.335Z</wsu:Created><wsu:Expires>2014-06-19T11:07:02.335Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header>
   <soapenv:Body wsu:Id="id-9" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <bea:sayHello>
         <bea:s>Faisal</bea:s>
      </bea:sayHello>
   </soapenv:Body>
</soapenv:Envelope>

RESPONSE

 

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header />
   <env:Body>
      <m:sayHelloResponse xmlns:m="http://www.bea.com">
         <m:return>Hello Faisal</m:return>
      </m:sayHelloResponse>
   </env:Body>
</env:Envelope>

Please feel free to comment if you any additional details.

Cheers!
Wonders Team