Has anyone got a sample SOAP payload for the ideone.com service?
I've tried several clients including the Firefox SOA client ( which returns an error from the service), the 360Works java soap client which crashes on reading the wsdl, and the online soapclient.com which returns nothing.
I tried two of the SOAP clients you mentioned, soapclient.com and Firefox SOA, and successfully accessed the service at ideone.com.
First, make sure you are using the API password when trying the service and not the site password.
With soapclient.com, make sure that you're viewing the results as XML. You won't see anything if you choose HTML (one of their options).
With both clients, make sure you don't interpret the status with a key name of "error" as meaning that an error has been returned, if the value of this field is "OK". This indicates success.
Related
We have come across similar problem, need your help to resolve this.
Can you please either let us know your contact number so that we can reach out to you or if you can provide your script if possible so that we can refer to
Here is the problem we are stuck with:
I am trying to test a Rest service through HTTP sampler using Jmeter. Not sure how to capture token from the sampler generates a token and to use this token for authorization in the header manager of another HTTP.
Loadrunner is not displaying the web address when trying to enter in the truclient browser. Below is the problem as this web address automatically redirect to another web address which is the authentication server.
Can you please suggest another solution for the below issue?
Here is the exact scenario we are trying to achieve
we want to loadtest the portal however due to redirect and different authentication method being used we are unable to do it using truclient protocol in loadrunner. Also tried Multiple protocol selecting LDAP, SMTP, HTTP/HTML etc but no luck.**
Thank You,
Sonny
JMETER is going to architecturally be the HTTP protocol layer equivalent with LoadRunner, with the exception of the number of threads per browser emulation.
In contrast to the code request, I want to architecturally visualize the problem. You mention redirect, is this an HTTP 301/302 redirect or one which is handled with information passed back to the client, processed on the client and then redirected to another host? You mention dynamic authentication via header token, have you examined the web_add_header() and web_add_auto_header() in Laodrunner web virtual users for passing of extra header messages, including ones which have been correlated from previous requests, such as the token being passed back as you note?
This authentication mechanism is based upon? LDAP? Kerberos? Windows Integrated Authentication? Simple Authentication based upon username/password in header? Can you be architecturally more specific and when this comes into play, such as from the first request to gain access to the test environment through the firewall or from a nth request to gain access within a business process?
You mention RESTFul services. These can be transport independent, such as being passed over SMTP using a mailbox to broker the passing of data between client and server, or over HTTP similar to SOAP messages. Do you have architectural clarity on this? Could it be that you need to provide mailbox authentication across SMTP and POP3 to send and receive?
I am using GWT to create my web-app.
When making RPC call from client side (browser), in inspect element my Request Payload is as below :
7|0|8|https://xxxx.xxxx.in/TestProject/in.TestProject.Main/|87545F2996A876761A0C13CD750EA654|in.TestProject.client.CustomerClassService|check_User_Login|java.lang.String/2004016611|in.TestProject.Beans.CustomerBean/3980370781|UserId|Password|1|2|3|4|3|5|5|6|7|8|6|0|0|0|0|0|CustId|0|0|0|0|0|0|0|0|0|
In this request all the details like username, password & custid are displayed in the request payload.
My question is, is it possible to encode OR hide those details from request payload?
You are looking at the wrong level of abstraction. What's the point of encoding/"hidding" these values in the payload? Everything you exchange between the server and client can be intercepted anyway... unless you use HTTPS. It ensures safe/encrypted communication between the server and client. Don't try to be "clever" and only encrypt part of the communication/payload, just use HTTPS.
But my concern is client itself should not be able to seen which method call we are making, parameter type in the request, parameter values etc. It should be hidden from client.
But those parameter values were input by the user himself or are hardcoded somewhere in the application (which the user will always be able to see/decipher, because his browser has to). So what you are trying to achieve is security through obscurity and is never a good idea. I'd focus my attention and efforts into securing the endpoints (GWT-RPC services), validating the input sent there, etc.
You have to remember one thing - that the user has access to the source code (compiled and minified, but still) of the client-side part of your application. So:
He'll always be able to figure out how to communicate with your server, because your application has to.
He can modify the application to send malicious requests - even if you created some hypothetical way of encoding parameters/addresses. Just find a place just before the encoding is done and voila. Firebug and other Developer Tools will help you immensely in this.
So "securing" client-side in this way is meaningless (of course, CSRF, XSS, etc. should be your concern), a malicious user will always bypass it because you have to give him all the tools to do it - otherwise, a "normal" user (or rather his browser) wouldn't be able to use your application.
I am going to develope REST(without any framework like SPRING) services which can accept xml. I am going to create XSD for the input xml format.
Now, when client sends some invalid xml which is not as per schema, how should i validate it? Do i need to write a specific code to validate. Can't it get failed in the client side itself?
Previously we had soap service, so if i try to send soap request which is not as per schema, soapui will throw error. The request even will not come to server i guess.
I hope you understood my question, please clarify.
RESTful clients are free to transmit any content they wish to the server, and even try to negotiate different encoding formats like JSON instead of XML. That's part of the power of REST.
It's up to the server to validate that clients send correctly encoded data in the payload, and return a 400-range status code such as 400 - Bad Request if they do not.
You will need to write all your server validation code yourself unless the REST API framework on the server side provides it for you.
I'm trying to generate a quick website to allow a customer to access a SOAP service specified in WSDL. Any language/toolkit is ok.
Ideally I'd like to feed the WSDL file to a code generator and have it emit servlets/PHP/python, one URL per operation specified in the WSDL, with form fields equivalent to the attributes in the WSDL. The generated app would allow the user to fill in a form, submit the operation to the SOAP service, and return the result.
There's a website at http://www.soapclient.com/SoapTest.html that does almost exactly what I want to do, but they don't publish any source code.
The website at http://www.soapclient.com/SoapTest.html was generated using this tool: http://www.sqldata.com/SoapClient/soapclient30.htm
It's a Windows-only program, but the C++ code it generates might be fairly easy to port to another platform, or be translated to PHP, etc.
In my iPhone project, I have to consume webservices (public - no need
of authentication) for most of the data that I have to display to the
users.
I am struck with retreiving the data, I am pretty sure that the xml
request I send is true, But I wonder why I am getting the (null)
response, But it says that xxx number of bytes has been received.
Surprisingly one or two webmethods works well, I dont say any
difference either in their definition in WSDL document.
I have checked the same webservices using android code, it works very
well for all the webmethods.
I also had a discussion with the server side developer (who has
written webservices using SOAP protocol), he said that both the
request and the response is true (he can trace the logs of the
requests when I called ). But couldnt able to figure out why I am
getting null.
It is neither throwing any exception nor showing any fault in the
request and I dont have any build or runtime warning
Thankyou in anticipation