Friday, July 19, 2013

How to send Basic Auth information when invoking a web service with SoapUI

I recently wanted to invoke a web service via SoapUI, which was expecting basic auth credentials. There are two options.

1. When you open a request generated by SoapUI, at the bottom you will find two tabs named Auth and Headers. When you click on the Headers tab, it will open a small window which allows you to add any headers to the message. There you can add a header name "Authorization" and its values should be "Basic <Base64 encoded username:password>".

If your username and password are admin:admin, then when you encode it, your header values will look like "Basic YWRtaW46YWRtaW4="

After setting this, if you send a request in SoapUI, you will be able to see the Authorization header in the request.

2. Other option is to use the Auth tab and define the username and password there. But, these information will not get sent as a header. To send them as a header, you need to do the following.

Open the "Preferences" window by clicking the icon or from the SoapUI menu. Then select "HTTP settings". From that settings list check (tick) the "Authenticate Preemptively" option as shown in the image below.

Then, set the username and password in the Auth tab as I described previously and send a request. You will see the Authorization header sent with the request as shown below.

I learned this from Charitha Kankanmge of WSO2 and thought of writing it down for others benefit.

Thursday, July 18, 2013

PublishWSDL option in WSO2 ESB explained...

If you are wondering what is the PublishWSDL option of WSO2 ESB, you can have a look at how to create proxy services in WSO2 ESB.

Lets say you are going to expose a web service by creating a proxy service. If you do not publish the WSDL of the web service you are exposing, then if you take the WSDL of the created proxy, it will only show the "mediate" operation. If a client wants to invoke the backend service via the proxy service, it needs to know the expected message format by the web service (parameters, their names etc.).

But, if you decide to publish the WSDL of the web service, then the WSDL of the proxy service will show all the operations which are available in the web service. This makes life easier to the client.
But publishing WSDL also exposes all the operations of the web service. What if you want to expose only a few operation to the clients? In that case, you can publish a WSDL with only the operations which you want to expose.

There is another advantage. Lets say the backend service operation expects three parameters to be sent (lets assume these are name,department and a permission level). We want the client to send only the name and department and we are planning to add the permission level to the request within the proxy service. In such a scenario, we can publish a modified WSDL which is expecting only the name and the department and inject the permission level within the proxy service.

Above are the use cases of PublishWSDL option available in WSO2 ESB. Although this is a simple thing, I couldn't find a place which explains this. So, hope this helps somebody.

Thanks Kasun Indrasiri of WSO2 for explaining this to me... :)