Configure HTTP Basic Auth for soapUI Test Suties.
Since soapUI is a powerful tool, it frequently offers more than one way to do things. Setting up HTTP Basic Authentication is one of these things. If you’re dealing with a SOAP based web service that has this kind of security setup, this article will show you how to best configure your soapUI tests to supply the basic authentication credentials. The username and password supplied for HTTP Basic Authentication is ultimately an HTTP header field. As such, each SOAP test request in soapUI can be configured with a HTTP Basic Authentication username and password. When the test request is run an “Authorization” header is added to the HTTP envelope that contains the SOAP request. Here’s an example:
Authorization: Basic QRJ3aXphblByb2ZpbGU6VGVzdCCmMs==
There are at least three ways in soapUI to setup HTTP Basic Authentication:
- on each SOAP test request (in a test case or in sample request)
- through the “Interface Viewer”
- with a Groovy setup script for a test suite.
Setting up HTTP Basic Authentication for A Test Request
This is an easy, quick way to set the username and password for a few requests, but not a good solution for a test suite. When you use this method each individual SOAP test request must have the username and password set for the request to work properly. With a SOAP test request open, you can change the username and password for that request by clicking the button labeled “Aut” underneath the request pane, as shown below. Just enter the username and password in the fields. The next time you run the SOAP request the “Authorization” header will be added to the HTTP envelope.
Setting up HTTP Basic Authentication through the Interface Viewer
If you know that many SOAP test requests will need to share the same HTTP Basic Authentication credentials, you’ll want to just set them one time. You can do this through a soapUI tool called the Interface Viewer. To open the Interface Viewer, right-click on a WSDL operation in the project explorer tree on the left-hand side of the soapUI interface and choose “Show Interface Viewer”. This will open a screen with four tabs: Overview, Service Endpoints, WSDL Content, and WS-I Compliance. The HTTP Basic Authentication credentials are set through the “Service Endpoints” tab. For each endpoint in the list you can specify what username and password to use. Once specified, all of the test requests on the WSDL operation (the one you selected to open the Interface Viewer) using the specific endpoint will automatically use the username and password you entered. An example of using the Interface Viewer is shown below.
Setting up HTTP Basic Authentication with a Groovy Test Suite Setup Script
Another fairly effective way to do this setup for all the SOAP test requests in a test suite is with a Groovy setup script. Using the Interface Viewer is probably a more convenient way to do the setup than the Groovy script, but if you need some more control then you might have to use the script. Below is a sample Groovy script that you could copy and paste into the “Setup Script” text box for one of your test suites. The script relies on the existence of two properties which must be defined in the test suite: basicAuthUser and basicAuthPass. These properties should contain, respectively, the username and password to be used in the HTTP Basic Authentication header for each SOAP test request in the test suite.
import com.eviware.soapui.impl.wsdl.teststeps.*
for( testCase in testSuite.getTestCaseList() ) {
log.info("Setting HTTP basic auth for all WSDL test requests in test case ["+
testCase.getLabel()+"]")
for( testStep in testCase.getTestStepList() ) {
if( testStep instanceof WsdlTestRequestStep ) {
testStep.getTestRequest()
.setUsername(testSuite
.getPropertyValue("basicAuthUser"))
testStep.getTestRequest()
.setPassword(testSuite
.getPropertyValue("basicAuthPass"))
}
}
}
The script above uses the soapUI Java API to access the necessary pieces of the test suite. It first loops over all of the test cases in the test suite. For each test case, the script loops over each test step therein. If the test step is a WsdlTestRequestStep, which is a SOAP test request, then the username and password are set. This script will run just before the test cases run when the entire test suite is executed.
Nick A. Watts - The Blog 
Excellent Tutorial for this purpose….
I work in SoapUI pro for past 5 months.. and I could only make my authentication work via the first step you mentioned here.
I tried your “groovy” step today and it is working only when I have 1 testcase in the testsuite, if I have more testcases the authentication is NOT flowing in to all testcases.
could you please let me know what could go wrong here?
thanks!
Without seeing your setup it’s hard to say. The Groovy script *should* be looping through every test step in every test suite. However, notice that the HTTP basic auth is only being set if the test step has the type WsdlTestRequestStep. To my understanding, the WsdlTestRequestStep class is the “SOAP Request” test step in the soapUI interface. So, if you’re using other types of test steps you might have to change the if statement or remove it completely. Also, I’ve had the best luck by just setting the username/password for the endpoints through the Interface Viewer. I am using version 3.5.1 of the free soapUI, which could also make a difference.
Thanks for the comment!
Quick Question on SAOP UI/RAD7.5 and JAXWS. I created a simple webservice with all default options selected while creating the webservice usr RAD7.5. It is JAXWS one. So no WSDL or webservices.xml got created.
I have two question
1) Can we test it from SOAP UI free version? I tried giving the ?wsdl in soap UI to generate the sampel request. It said error importing WSDL. But the WSDL shows up fine in browser.
2) After generating the Webservice the way i just did – Ofcource I would have to get the WSDL to clients. The only way to get the WSDL is find the endpoint URL. Get the project name, the look at the Delegate Class which fot create. Correct?
Question #1: Yes, you can test it from the free version of soapUI. It sounds like you know the URL to the WSDL is correct because you’ve seen it in the browser. If soapUI is failing to import it, the problem may be that the WSDL is not valid. Since you didn’t have a WSDL to start with, I can only assume that you’ve created a “Bottom Up Java Bean Web Service”, which requires that you have a pre-written service implementation. Maybe something is wrong with that and it produced an invalid WSDL. Try saving the WSDL from your browser and adding it to your RAD project. You can then right-click on the WSDL in RAD and choose “Validate” to see if there are any problems with the XML. Another option is to check through the soapUI log after you try to import the WSDL. There’s a button at the bottom of the soapUI window that says “soapUI log”. Click that and you can see all of soapUI’s log messages. Maybe you’ll see something related to your problem there.
Question #2: In my experience there’s really just two ways to get the WSDL to the client: 1.) Save the WSDL to a file and send it to them via email (or FTP server or whatever) or 2.) give them access to the endpoint URL where they can get it themselves. The preferred way is to just give them the endpoint URL so they can refresh their client whenever necessary.
Do you know if it’s possible to customize login and password in WS Security Header per virtual user? I would like to create test with, say 100 virtual users, each having having different credentials to simulate users with different privileges using the system.
Is it at all possible in SoapUI or should I look for another tool?
Thanks in advance.
Yes, that should be possible. The way I would approach that initially is to look into using properties in your test cases. See the soapUI documentation on properties here: http://www.soapui.org/Scripting-Properties/working-with-properties.html. Basically, you would feed the different credentials into the test in a loop, where the credentials have been brought into the project as properties. There could be some difficulties with that, which you may have to work around with a Groovy script, I’m not 100% sure though. If you’re using soapUI Pro, I think that gives you the capability to easily run a loop over a set of data in a data source such as a database or Excel spreadsheet.
I was trying out the code from your original post to set up credentials once and got the following error:
groovy.lang.MissingMethodException: No signature of method: static com.eviware.soapui.model.testsuite.TestSuite.getTestCaseList() is applicable for argument types: () values: []
Code was modified slightly to reflect API changes (example simplified):
import com.eviware.soapui.model.testsuite.*
for( TestCase in TestSuite.getTestCaseList() ) {
log.info(“Setting HTTP basic auth for all WSDL test requests in test case”)
}
Both properties and setup script are configured on the level of the test suite (soap ui 4.5.1)
I tried this code with the same result on project, test suite and test case levels and now out of ideas.
My bloody mistake, sorry for bothering. Got confused by concepts of SoapUI contexts.
Now I am trying to adopt this code for test case level, do you think it’s possible or should it be completely rewritten?
I think that depends. What is it you want to do at the test case level?
Change credentials on each iteration for some wsdl’s (not all of them). Story is that anonymous users send requests which are assigned to predefined users depending on the body of request. These predefined users then work on the requests using their credentials (http basic authentication), all the communication is performed via web services.
I am able to parametrize body requests, but can’t figure out authentication part. I try to set up groovy test step which would change credentials on each iteration.
I tried removing test suite related code and add missing imports but it results in MethodMissingException, which I guess relates to execution context.
I understand, but unfortunately, I don’t know the answer to your question. I would try the soapUI forums if you haven’t already.