Fusion Middleware Documentation
Advanced Search


Administering Web Services
Close Window

Table of Contents

Show All | Collapse

5 Testing Web Services

This chapter describes how to test basic and advanced features of your Web service. The features you can test include security, quality of service (QoS), HTTP header options, and so on. You can also perform stress testing of the security features.

This chapter includes the following sections:

5.1 Overview of Web Services Testing

After you have deployed a Web service to WebLogic Server, you can use one of the following tools to test you Web service:

5.2 Using the Web Services Test Client

Using the Web Services Test Client, you can:

  • Test basic functionality to ensure that the Web service was deployed and is operating as expected.

  • Test basic authentication security.

  • Test advanced features, such as Web services addressing, atomic transactions, SOAP Message Transmission Optimization Mechanism (MTOM), Fast Infoset, and Oracle Web Service Manager (OWSM) security policies.

  • View the WSDL for the Web service and the imported schemas, if applicable.

  • Export and import test cases.

  • Configure Java keystores (JKS) for use in testing security.

  • Configure and use HTTP proxy settings, as required by your environment.

The following sections describe how to use the Web Services Test Client:

5.2.1 Invoking the Web Services Test Client

You can invoke the Web Services Test Client from any browser, using the Web service endpoint, or using the Administration Console, as described in the following sections:

Note:

When you first invoke the Web Services Test Client, there will be a brief delay while the application deploys.

5.2.1.1 Invoking the Web Services Test Client From a Browser

You can invoke the Web Services Test Client from any browser by entering the following URL:

http://host:port/ws_utc

where:

  • host refers to the computer on which WebLogic Server is running.

  • port refers to the port number on which WebLogic Server is listening (default value is 7001).

When prompted, enter the login credentials for the Web Services Test Client.

The Web Services Test Client home page is invoked. To select the Web service WSDL, see "Selecting the Web Service to Test".

5.2.1.2 Invoking the Web Services Test Client Using the Web Service Endpoint

You can invoke the Web Services Test Client by navigating to the Web service endpoint.

  • For an Oracle Infrastructure Web service, when you navigate to the Web service endpoint, the Web Services Test Client is invoked with the Web service WSDL selected.

  • For JAX-WS and JAX-RPC Web services, an intermediary page is invoked. Click Test to invoke the Web Services Test Client with the Web service WSDL selected.

When prompted, enter the login credentials for the Web Services Test Client.

To test the Web service operations, see "Testing Web Service Operations".

5.2.1.3 Invoking the Web Services Test Client Using the Administration Console

To test a deployed Web service using the Administration Console, follow these steps:

  1. Invoke the Administration Console in your browser using the following URL:

    http://[host]:[port]/console
    

    where:

    • host refers to the computer on which WebLogic Server is running.

    • port refers to the port number on which WebLogic Server is listening (default value is 7001).

  2. Select the Web service in the Deployments table that you would like to test. For more information, see "How Web Services Are Displayed in the Administration Console" in Understanding WebLogic Web Services for Oracle WebLogic Server.

  3. Select the Testing tab and click the Test Point link next to the Web service endpoint that you want to test.

  4. When prompted, enter the login credentials for the Web Services Test Client.

  5. Follow the procedure described in "Test a Web Service" in Oracle WebLogic Server Administration Console Online Help.

The Web Services Test Client is invoked with the Web service WSDL selected. To test the Web service operations, see "Testing Web Service Operations".

5.2.2 Selecting the Web Service to Test

From the Web Services Test Client home page, enter the WSDL corresponding to the Web service that you want to test. Return to this page at anytime by selecting Choose Another WSDL.

To select the Web service to test:

  1. Enter the WSDL in the Enter WSDL URL field.

  2. To use the configured HTTP proxy, click the HTTP Proxy check box.

    For information about configuring the proxy, see "Configuring an HTTP Proxy".

  3. Click Test.

Alternatively, you can select a WSDL that was previously loaded from the WSDL list. To toggle the list, click Show WSDL List or Hide WSDL List.

The Web service operations that are available to test are displayed. For more information, see "Testing Web Service Operations".

5.2.3 Testing Web Service Operations

To test a Web service operation:

  1. Select the Web service operation to test using one of the following methods:

    • Select the operation in the Operations pane.

    • With the Web service port folder selected in the Operations pane, click Test associated with the Web service operation that you want to test.

  2. Enter a value for each of the parameters in the Parameters section.

    Required parameters are identified using Required operation icon..

    For information about editing the XML source, see "Editing the Input Arguments as XML Source".

  3. Configure the basic settings for the test client, such as the endpoint URL, basic authentication settings, encoding and binding types, and whether or not you want to use the configured HTTP proxy. For information, see "Configuring Basic Test Settings".

  4. Test the advanced features of your Web service by configuring settings (as applicable), as described in "Testing Advanced Web Service Features and Security".

    Ensure that the advanced feature settings are compatible with the Web service endpoint that you are testing. If they are not, the test will fail and the stack error displays in the Test Results section.

  5. Click Invoke.

The Test Results section is displayed at the bottom of the content area, displaying the the SOAP request and response messages. If the test fails, the stack error information is displayed in the Test Results section.

5.2.4 Configuring Basic Test Settings

You can configure basic settings for the Web Services Test Client, including the username and password for basic authentication, by clicking the Basic Settings tab in the Settings section, setting the values defined in Table 5-1, and clicking Invoke to invoke the Web service.

Table 5-1 Basic Test Client Settings

Setting Description

Endpoint URL

Override the Web service endpoint address.

User Name

Username to use for testing basic authentication.

Note: You configure the JKS keystores, as described in "Configuring the JKS Keystores"

Password

Password to use for testing basic authentication.

Note: You configure the JKS keystores, as described in "Configuring the JKS Keystores"

Encoding

Encoding standard. Valid values include: UTF-8 and UTF-16.

BindingType

Binding type. Valid values include:

  • SOAP Binding—Standard SOAP Web service.

  • REST/HTTP Binding—SOAP over HTTP using the invoke() method of the javax.xml.ws.Provider<T> interface.

HTTP Proxy

Flag that specifies whether the HTTP proxy is enabled. You can configure the global HTTP proxy setting, as described in "Configuring an HTTP Proxy".

Note: This setting is available in development mode only.


5.2.5 Testing Advanced Web Service Features and Security

To test the advanced features of a Web service, refer to the following sections:

5.2.5.1 Testing Addressing

WS-Addressing provides a transport-neutral mechanism to address Web services and their associated messages. Using WS-Addressing, endpoints are uniquely and unambiguously defined in the SOAP header. For more information, see "Using Web Services Addressing" in Developing JAX-WS Web Services for Oracle WebLogic Server.

You can test WS-Addressing, if enabled on the Web service, by clicking the Addressing tab in the Settings section, setting the values defined in Table 5-2, and clicking Invoke to invoke the Web service.

Table 5-2 Test Settings for WS-Addressing

Setting Description

Enabled

Flag that specifies whether WS-Addressing is enabled on the Web Service Test Client.

Version

WS-Addressing version. Valid values include:

ReplyTo

Type of the ReplyTo header. Valid values include: anonymous, non-anonymous, and Addressing None.

FaultTo

Type of the FaultTo header. Valid values include: anonymous, non-anonymous, and Addressing None.


5.2.5.2 Testing Atomic Transactions

Web services enable interoperability with other external transaction processing systems, such as Websphere, Microsoft .NET, and so on, through the support of the following specifications:

For more information about Web services atomic transactions, see "Using Web Services Atomic Transactions" in Developing JAX-WS Web Services for Oracle WebLogic Server.

You can test atomic transactions, if enabled on the Web service, by clicking the Atomic Transaction tab in the Settings section, setting the values defined in Table 5-3, and clicking Invoke to invoke the Web service.

Table 5-3 Test Settings for Atomic Transactions

Setting Description

Enabled

Flag that specifies whether atomic transactions are enabled on the Web Service Test Client.

Version

Version of the Web services atomic transaction coordination context that is used for the Web Service Test Client. Valid values include: default, wsat, wsat11, and wsat12. The default value for Web service clients is wsat (equivalent to WS-AT 1.0).

Transaction Flow Type

Flag that specifies whether the Web services atomic transaction coordination context is passed with the transaction flow. For information about setting this value, see "Enabling Web Services Atomic Transactions on Web Services" in Developing JAX-WS Web Services for Oracle WebLogic Server.

Action After Invocation

Action required after invocation. Valid values include commit or rollback the transaction.


5.2.5.3 Testing MTOM

SOAP Message Transmission Optimization Mechanism/XML-binary Optimized Packaging (MTOM/XOP) defines a method for optimizing the transmission of XML data of type xs:base64Binary or xs:hexBinary in SOAP messages. When the transport protocol is HTTP, Multipurpose Internet Mail Extension (MIME) attachments are used to carry that data while at the same time allowing both the sender and the receiver direct access to the XML data in the SOAP message without having to be aware that any MIME artifacts were used to marshal the base64Binary or hexBinary data.

For more information about MTOM, see:

You can test MTOM, if enabled on the Web service, by clicking the MTOM tab in the Settings section, setting the values defined in Table 5-4, and clicking Invoke to invoke the Web service.

Table 5-4 Test Settings for MTOM

Setting Description

Enabled

Flag that specifies whether MTOM is enabled on the Web Service Test Client.

Threshold

Attachment threshold (in bytes) that specifies whether xs:binary64 data is sent inline or as an attachment. This value defaults to 0 (all data is sent as an attachment).


5.2.5.4 Testing Fast Infoset

Fast Infoset is a compressed binary encoding format that provides a more efficient serialization than the text-based XML format. For more information about Fast Infoset, see

You can test Fast Infoset, if enabled on the Web service, by clicking the Fast Infoset tab in the Settings section, setting the values defined in Table 5-5, and clicking Invoke to invoke the Web service.

Table 5-5 Test Settings for Fast Infoset

Setting Description

Enabled

Flag that specifies whether atomic transactions are enabled on the Web Service Test Client.

Negotiation Type

Negotiation strategy. Valid values include:

  • none—No negotiation strategy.

  • optimistic—Client assumes that Fast Infoset is enabled.

  • pessimistic—Initial client request, Fast Infoset is not enabled. Subsequent requests will use Fast Infoset if enabled on the service.

For more information about the content negotiation strategy, see:

  • JAX-WS: "Configuring the Content Negotiation Strategy" in Developing JAX-WS Web Services for Oracle WebLogic Server.

  • Oracle Infrastructure Web Services: "Configuring the Content Negotiation Strategy" in Developing Oracle Infrastructure Web Services.


5.2.5.5 Testing OWSM Security Policies

You can test OWSM security policies by clicking the OWSM tab in the Settings section, setting the values defined in Table 5-6, and clicking Invoke to invoke the Web service.

Note:

For Java EE Web services, this tab is available only if you have OWSM installed.

Table 5-6 Test Settings for OWSM

Setting Description

Enabled

Flag that specifies whether OWSM policies are enabled on the Web Service Test Client.

Policies

Select the policies that you want to test on the client by selecting the associated check box. You can test only a subset of security policies.

Note: For the policy selected, you must configure the required properties below. Otherwise, an exception is thrown.

Username

Username used for basic authentication.

Password

Password used for basic authentication.

Keystore Location

Location of the keystore file. For KSS, this is the KSS URI. Click Choose File to navigate to the file in your local directory.

Remote Keystore Location

Location of the remote keystore. If not specified, the keystore local to the server is used.

Keystore Password

Password used for keystore access.

Encryption Key Alias

Alias of the key within the keystore that will be used to decrypt the response from the service. This property is not used in WSS11 policies.

Encryption Key Password

Password for the key within the keystore that will be used for decryption. This property is not used in WSS11 policies.

Signature Key Alias

Alias of the key within the keystore that is used for digital signatures. For WSS11 policies, this property is used for mutual authentication only.

Signature Key Password

Password for the alias of the key within the keystore that is used for digital signatures.

Recipient Key Alias

Alias for the recipient's public key that is used to encrypt type outbound message.

SAML Audience URI

Relying party, as a comma-separated URI. This property accepts wildcards.

SAML Issuer Name

SAML issuer name to use when trying access a service that is protected using SAML mechanism.

Include User Roles

User roles in a SAML assertion.

Attesting Mapping Attribute

Mapping attribute used to represent the attesting entity. Only the DN is currently supported. This attribute is applicable only to sender vouches message protection use cases. It is not applicable to SAML over SSL policies.


5.2.6 Viewing the WSDL and Imported Schemas

To view the WSDL for the current Web service, click WSDL.

To view the imported WSDL and schemas, click Imported WSDL and Schema. From the dialog box, click the imported file that you wish to view. Click x in the upper right corner to close the dialog box.

5.2.7 Configuring the Web Services Test Client

Note:

Configuration settings are available in development only.

You can configure the Web Services Test Client to define an HTTP proxy, set the default working directory, or define a Java Keystore (JKS), as described in the following sections:

5.2.7.1 Configuring an HTTP Proxy

You configure an HTTP proxy for your Web Services Test Client on the General Settings page.

To configure an HTTP proxy:

  1. Click settings icon in the upper-right corner of the Web Services Test Client.

  2. Click General in the navigation pane.

  3. Enter the proxy host in the Http Proxy Host field.

  4. Enter the proxy port in the Http Proxy Port field.

  5. Click Submit.

5.2.7.2 Configuring the JKS Keystores

You configure the JKS keystores that are associated with the OWSM security policies that you are testing on the Web Services Test Client Security Settings page.

For more information about defining the JKS keystores on WebLogic Server, see "How to Configure a JKS Keystore on WebLogic Server" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

To configure the Java Keystores (JKS):

  1. Click settings icon in the upper-right corner of the Web Services Test Client.

  2. Click Security in the navigation pane.

  3. To add a new JKS keystore:

    1. Click Add.

    2. Enter a name for the JKS keystore in the Setting Name field.

    3. Enter the password for the JKS keystore in the Keystore Password field.

      Note:

      Defining the password for the JKS keystore in a production environment is not recommended.

    4. Enter the path to the file in the Keystore File field, or click Choose File to navigate to the file in your local directory.

    5. Click Submit.

  4. To edit or delete an existing JKS keystore:

    1. Click Edit.

    2. To delete a JKS keystore, click delete icon.

    3. To edit a JKS keystore, click edit icon, edit the fields, and click Submit Edit.

    4. To exit edit mode, click Cancel Edit.

5.2.7.3 Configuring the Default Working Directory

You can configure the default working directory for the Web Services Test Client. By default, the working directory is set to the following subdirectory within the domain directory:

<domain-directory>/tmp/WSTestPageWorkDir

To configure the default working directory:

  1. Click settings icon in the upper-right corner of the Web Services Test Client.

  2. Click General in the navigation pane.

  3. Edit the Current Working Home field to reflect the desired working home directory.

  4. Click Submit.

5.2.8 Editing the Input Arguments as XML Source

You can view the input arguments in a user-friendly form, or you can edit the XML source code directly. If you edit the XML source directly, you must enter valid XML. To view the input argument as XML, click Raw Message. To toggle back to the user-friendly form, click Form Entry.

5.2.9 Viewing the History

Note:

The Invocation History pane displays only after you invoke your first test operation and is available in development mode only.

You can view the results for tests executed previously within the current session by clicking on the operation in the Invocation History pane. Failed test instances appear in red in the Invocation History pane.

5.2.10 Exporting and Importing Test Cases

Note:

This feature is available in development mode only.

You can export individual test cases from the Web Services Test Client and then import them into another test environment, as described in the following sections:

5.2.10.1 Exporting a Test Case

To export a test case, click export test case in the upper-right corner of the Web Services Test Client. The test case is saved as an XML file using the following filename: ws-testcase.xml. If you save multiple test cases, a suffix is added to the filename as follows: ws-testcase(n).xml, where n is incremented each time a new test case is saved.

5.2.10.2 Importing a Test Case

To import a text case:

  1. Click import test case in the upper-right corner of the Web Services Test Client.

  2. Click Choose File.

  3. Navigate to the test case file, and click Open.

    Click Import.

5.2.11 Enabling and Disabling the Web Services Test Client

In a development environment, the Web Services Test Client is enabled, by default. In a production environment, the Web Services Test Client is disabled (and undeployed), by default.

You can enable or disable the Web Services Test Client in one of the following ways:

You should disable the Web Services Test Client to increase security by reducing the externally visible details of an application that exposes Web services.

Note:

It is recommended that you not enable the Web Services Test Client in production mode. For information about production mode, see "Domain Modes" in Understanding Domain Configuration for Oracle WebLogic Server.

To enable or disable the Web Services Test Client at the domain level using the Administration Console:

  1. Invoke the Administration Console, as described in "Accessing Oracle WebLogic Administration Console".

  2. Click Domain in the Domain Configurations section of the console home page.

  3. Select Configuration > General to display the general configuration options for the domain.

  4. Click Advanced to view the advanced configuration settings.

  5. Toggle the Enable Web Service Test Page configuration flag to enable or disable the Web Services Test Client.

  6. Click Save.

  7. Restart the server so that the configuration settings take effect.

    When enabling the Web Service Test Client in a production environment, the client will be deployed when you restart the server.

5.2.12 Logging Out of the Web Services Test Client

You can log out of the Web Services Test Client at any time by clicking Logout button. in the upper-right corner of the Web Services Test Client.

5.3 Using the Test Web Service Page in Fusion Middleware Control

This section describes how to use the Test Web Service page in Fusion Middleware Control to verify that you are receiving the expected results from a SOAP Web service (WSDL) or a RESTful (WADL) service.

Using the Test Web Service page, you can:

  • Test basic functionality to ensure that the Web service was deployed and is operating as expected.

  • Test advanced features, such as Web services addressing, MTOM, and HTTP headers.

  • Test security features.

  • Stress test the Web service endpoint.

The Test Web Service page allows you to test any of the operations exposed by a WSDL or WADL document. You can test Web services that are deployed on any accessible host; the Web service does not have to be deployed on this host.

Note:

The Test Web Service page can parse WSDL or WADL URLs that contain ASCII characters only. If the URL contains non-ASCII characters, the parse operation fails. To test a Web service that has non-ASCII characters in the URL, allow your browser to convert the WSDL or WADL URL and use the resulting encoded WSDL or WADL URL in the Test Web Service page.

When testing Web services that use policies, the OWSM component must be installed in the same domain from which Fusion Middleware Control is being run. Otherwise, an invalid policy exception will be returned.

5.3.1 Accessing a Web Service for Testing

You can navigate to the Test Web Service page in many ways. The following sections describes two typical ways to do so.

Access your Web service from the Oracle WebLogic Server Domain Home page

  1. In the navigator pane, expand WebLogic Domain to show the domain in which you want to test a Web service.

  2. Select the domain.

  3. From the WebLogic Domain menu, select Web Services, and then Test Web Service. The Test Web Service input page appears.

  4. Enter the WSDL or WADL URL of the Web service you want to test. If you do not know the WSDL or WADL, click the search icon and select from the registered Web services, if any.

  5. Click Parse WSDL or WADL.

    If the WSDL or WADL is secured with HTTP Basic Authentication, click HTTP Basic Auth Option for WSDL or WADL Access and enter the username and password before parsing the WSDL or WADL.

    The complete Test Web Services page displays, as shown in Figure 5-1 for a WSDL and in Figure 5-8 for a WADL.

Access your Web service from the Web Service Application Home page

  1. In the navigator pane, expand Application Deployments to view the applications in the domain.

  2. Select the application for which you want to test the Web service.

  3. In the Web Services section of the page, click Test for the Web service endpoint you want to test.

    The Test Web Service page displays, as shown in Figure 5-1 for a WSDL and in Figure 5-8 for a WADL. Note that the WSDL or WADL field is automatically populated with the WSDL or WADL for the endpoint.

5.3.2 Testing a SOAP Web Service

When the Test Web Services page refreshes with the WSDL details for the SOAP Web service, you can select the Service, Port, and Operation type that you want to test, as well as specify a variety of input parameters.

  1. Access the Test Web Service page using one of the methods described in Section 5.3.1, "Accessing a Web Service for Testing."

  2. Click Parse WSDL or WADL.

    If the WSDL is secured with HTTP Basic Authentication, click HTTP Basic Auth Option for WSDL or WADL Access and enter the username and password before parsing the WSDL.

    Figure 5-1 Test Web Service Page for a WSDL – Collapsed View

    Description of Figure 5-1 follows
    Description of "Figure 5-1 Test Web Service Page for a WSDL – Collapsed View"

  3. Select the service and port to be tested. As shown in Figure 5-1, if the WSDL has multiple services and ports, these fields are available as drop-down menus. If the WSDL has only one service and port, these fields are read-only.

  4. Select the operation that you want to test from the Operation menu. The available operations are determined from the WSDL.

  5. If you want to change the endpoint URL of the test, click Edit Endpoint URL and edit the URL.

  6. Select the Request tab if it is not already selected.

  7. Expand the test option sections. The expanded view of the Test Web Service page is shown in Figure 5-2.

    Figure 5-2 Bottom Portion of Test Web Service Page for a WSDL – Expanded View

    Description of Figure 5-2 follows
    Description of "Figure 5-2 Bottom Portion of Test Web Service Page for a WSDL – Expanded View"

  8. In the Security section, specify whether you want to test a Web service using OWSM security policies, basic HTTP authentication, authentication from a custom policy, or no credentials. The security setting is not determined from a policy in the WSDL; you can specify the type of security you want to test. The default is None. Depending on the option selected, additional fields are displayed. For details about the options available, see "Testing Security".

  9. In the Quality of Service section, specify whether you want to explicitly test a WS-Addressing, or MTOM policy. For details about the options available, see "Enabling Quality of Service Testing".

  10. In the HTTP Header section, you can add, modify, or delete HTTP headers to pass request information to a Web service. For more information, see "Testing HTTP Headers".

  11. In the Additional Test Options section, select the Enable Stress Test option if you want to invoke the Web service multiple times simultaneously. If you select this option, you can also provide values for the stress test options, or accept the defaults. For more information, see "Stress Testing the Web Service Operation".

    Note:

    The Asynchronous Test Response and Response Key fields are unique for testing asynchronous Web services. For more information, see Part , "Testing an Asynchronous Web Service.".

  12. In the Input Arguments section, enter the input arguments for the Web service in the Value fields. The parameters and type, and the required input values, are determined from the WSDL.

    Select Tree View or XML View to toggle between a hierarchical list of input parameters and the XML content.

  13. Click Test Web Service to initiate the test.

    The test results appear in the Response tab upon completion.

    If the test is successful, the Test Status field indicates Request Successfully received and the response time is displayed, as shown in Figure 5-3.

    Figure 5-3 Successful Test for a WSDL

    Description of Figure 5-3 follows
    Description of "Figure 5-3 Successful Test for a WSDL"

    If the test fails, an error message is displayed. For example, Figure 5-4 shows an error resulting from a type error in the var-Int parameter. In this particular instance, string data was entered when an int was expected.

    Note:

    The results on the Response tab are a simplified version of the standard Web service results.

  14. Figure 5-4 Data Validation Error

    Description of Figure 5-4 follows
    Description of "Figure 5-4 Data Validation Error"

5.3.3 Testing an Asynchronous Web Service

When the Test Web Services page refreshes with the WSDL details for an asynchronous Web service, it is nearly identical the Test Web Services page for a SOAP Web service, except that the following test response options are available in the Additional Test Options section, as shown in (Figure 5-5).

  • Asynchronous Test Response – Specifies whether to request an asynchronous response upon running the test.

  • Response Key – Enter a value (for example, myasynctest), which will correlate with the test's asynchronous response. Each response key must be unique. The asynchronous response can also be tracked later on the Asynchronous Test Response page by specifying the corresponding response key.

Figure 5-5 Asynchronous Testing Options on the Test Web Service Page

Description of Figure 5-5 follows
Description of "Figure 5-5 Asynchronous Testing Options on the Test Web Service Page"

If the test is successful, the Test Status field indicates Request Successfully received with the response time. The user-defined Response Key value that corresponds with the asynchronous response is also displayed.

Click Show Response to display the test response, if a response exists, in the Response field in XML format, as shown in Figure 5-6.

Figure 5-6 Successful Test and Response for an Asynchronous Web Service

Description of Figure 5-6 follows
Description of "Figure 5-6 Successful Test and Response for an Asynchronous Web Service"

Note:

An asynchronous request can only have a response if the server has not been restarted.

If the response is not available, it can also be tracked later on the Asynchronous Test Response page by using the corresponding response key.

Accessing an asynchronous test response after testing

  1. In the navigator pane, expand WebLogic Domain to show the domain in which you want to access an asynchronous Web service test response.

  2. Select the domain.

  3. From the WebLogic Domain menu, select Web Services, and then Asynchronous Test Response.

  4. On the Asynchronous Test Response page, specify the corresponding response key by either:

    • Using the Response Key List to select an existing, user-defined response key.

    • Using Search Response Key field to search for an existing, user-defined response key.

  5. Click Show Response to display the test response, if a response exists, in the Response field in XML format.

    Figure 5-7 Asynchronous Test Response page showing a test response

    Description of Figure 5-7 follows
    Description of "Figure 5-7 Asynchronous Test Response page showing a test response"

    Note:

    An asynchronous request can only have a response if the server has not been restarted.

  6. Repeat step 4 to access and view any other asynchronous test responses that have a response key.

5.3.4 Testing a RESTful Web Service

The Web Application Description Language (WADL) is an XML-based file format that describes A RESTful Web services application. When the Test Web Services page refreshes with the WADL details for the RESTful Web service, it is similar to the Test Web Services page for a WSDL, except that you can select the Resource, Method, and Media type that you want to test. You can also specify a variety of input parameters, though for this release they are more limited compared to a WSDL page.

  1. Access the Test Web Service page using one of the methods described in Section 5.3.1, "Accessing a Web Service for Testing."

  2. Click Parse WSDL or WADL.

    If the WADL is secured with HTTP Basic Authentication, click HTTP Basic Auth Option for WSDL or WADL Access and enter the username and password before parsing the WADL.

    Figure 5-8 Test Web Service Page for a WADL

    Description of Figure 5-8 follows
    Description of "Figure 5-8 Test Web Service Page for a WADL"

  3. Select the resource and method type to be tested. The Method field displays the corresponding HTTP method for the selected resource path in the Resource field

    If the WADL has multiple resources methods, these field are available as drop-down menus, as shown in Figure 5-8. If the WADL has only one resource and method, these fields are read-only.

    Note:

    Only the GET and POST methods are supported in this release. (Other methods are ignored if they are present in the WADL.)

  4. Select the MIME media type that you want to use for the test request from the Representation Media Type for Request menu. The available types, if one exists, are determined from the WADL.

  5. Select the MIME media type that you want to use for the test response from the Representation Media Type for Response menu. The available types, if one exists, are determined from the WADL. The following media types are supported in this release:

    • application/xml

    • application/json

    • text/xml

    • application/x-www-form-urlencoded

  6. Select the Request tab if it is not already selected.

  7. in the Security section the, only options are HTTP Basic Authentication or None. This is because the SOAP protocol is not used when testing RESTful Web services. The default is None. For more information, see "Testing Security".

  8. In the HTTP Header section you can add, modify, or delete HTTP headers to pass request information to a RESTful Web service. For more information, see "Testing HTTP Headers".

  9. In the Input Arguments section, enter the input arguments for the RESTful Web service in the Value fields. The parameters and type, and the required input values, are determined from the WADL.

    Select Tree View or Raw View to toggle between a hierarchical list of input parameters and the raw data view, where you can provide input directly to the request Header and Body sections.

  10. Click Test Web Service to initiate the test.

    The test results appear in the Response tab upon completion.

    If the test is successful, the Test Status field indicates Request Successfully received and the response time is displayed, as shown in Figure 5-9.

    Figure 5-9 Successful Test for a WADL

    Description of Figure 5-9 follows
    Description of "Figure 5-9 Successful Test for a WADL"

    Only the Raw View is available on the Response tab, which will display the entire response from the request invocation.

    If the test fails, an error message is displayed. For example, Figure 5-10 shows an error resulting from a type error in the var-Int parameter. In this particular instance, string data was entered when an int was expected.

  11. Figure 5-10 Data Validation Error

    Description of Figure 5-10 follows
    Description of "Figure 5-10 Data Validation Error"

5.3.5 Editing the Input Arguments as XML Source

You can view the input arguments in a user-friendly form, or you can edit the XML source code directly. If you edit the XML source directly, you must enter valid XML.

Figure 5-11 Input Arguments - XML View

Description of Figure 5-11 follows
Description of "Figure 5-11 Input Arguments - XML View"

Use the drop-down list in the Input Arguments section of the page to toggle between Tree View and XML View.

Figure 5-12 Input Arguments - Tree View

Description of Figure 5-12 follows
Description of "Figure 5-12 Input Arguments - Tree View"

5.3.6 Testing Security

You can use the Test Web Service Page to test Web services security using OWSM security policies, HTTP basic authentication, or custom policies. You can choose the type of test by selecting one of the options in the Security section of the page.

The security setting is not determined from a policy in the WSDL; you can specify the type of security you want to test. The default is None.

The following options available, and described in more detail in the subsequent sections:

  • OWSM Security Policies– Uses the credentials and other security options required by the OWSM security policies for authentication and message protection.

  • HTTP Basic Auth – Inserts the username and password credentials in the HTTP transport header. Both the username and password are required.

    If you do specify a username and password, they must exist and be valid.)

  • Advanced – Uses a custom policy to authenticate the user. You must specify the URI for the policy. You can also specify configuration overrides.

  • None – No credentials are included.

Note:

When testing RESTful Web services, because the SOAP protocol is not used, the only security options are HTTP Basic Authentication or None.

OWSM Security Policies

The options available when you select OWSM Security Policies, are shown in Figure 5-13. Note that in this figure the Advanced Options field is selected to display all of the available fields.

Note:

This option is not available for RESTful Web services in this release.

Figure 5-13 OWSM Security Policies Test Options

Description of Figure 5-13 follows
Description of "Figure 5-13 OWSM Security Policies Test Options"

To test the Web service security using OWSM security policies:

  1. From the Compatible Client Policies list, which displays the compatible client policies as specified in the WSDL, select the client policy to test.

    Alternatively, to perform a negative test on the endpoint, you can select a non-compatible policy, or All from the Other Client Policies list.

    Notes:

    Non-security policies and policies not supported by the test function are shown as read-only and cannot be selected. For a list of client policies supported by the test function, see "Supported Client Security Policies".

    Service polices that support multiple client security policies are not supported by the test function.

    The Configuration Properties required by the selected policy are indicated with an asterisk (*). For example:

    • For username_token and http_token policies, the Username and Password fields are required; for SAML policies only the Username field is required.

    • For message protection and SSL policies, the JKS Keystore Location and JKS Keystore Password fields are required.

  2. Provide values for the required fields as determined by the policy.

    If the JKS Keystore Location and JKS Keystore Password fields are required by the policy, enter the location and password of a temporary user-created keystore that is NFS accessible and click Load Keys. The associated keystore fields under Advanced Options are populated with the aliases specified in the keystore.

    For more information about creating a keystore, see "Generating Private Keys and Creating the Java Keystore" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

  3. Click Advanced Options. Additional keystore alias and SAML properties fields are displayed. Properties required by the selected policies are indicated with an asterisk. Enter the required values, or provide override values in the applicable fields.

HTTP Basic Auth

This option requires Username and Password credentials that are inserted into the HTTP transport header. The username and password must exist and be valid for the WebLogic Server.

Advanced

The options available when you select the Advanced option are shown in Figure 5-14.

Figure 5-14 Advanced Test Options

Description of Figure 5-14 follows
Description of "Figure 5-14 Advanced Test Options"

The Advanced option allows you to use a custom policy to test the Web service security. To do so:

  1. Specify the URI of the custom policy in the Policy URI field. This field is required.

  2. Specify any configuration overrides for the policy in the Name and Value fields. To add properties, click Add and provide the name/value pair for the configuration override. To delete a property, select it in the table and click Delete.

    Note:

    Properties must be specified using the full name of each property, for example oracle.wsm.security.util.SecurityConstants.ClientConstants.WSS_KEYSTORE_LOCATION. For a complete list of property names for properties that can be overridden, see "Overriding Client Policy Configuration Properties at Design Time" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

5.3.6.1 Supported Client Security Policies

The following OWSM client security policies are supported by the test function:

  • oracle/wss_http_token_client_policy

  • oracle/wss_http_token_over_ssl_client_policy

  • oracle/wss_saml_token_bearer_over_ssl_client_policy

  • oracle/wss_saml_token_over_ssl_client_policy

  • oracle/wss_saml20_token_bearer_over_ssl_client_policy

  • oracle/wss_saml20_token_over_ssl_client_policy

  • oracle/wss_username_token_client_policy

  • oracle/wss_username_token_over_ssl_client_policy

  • oracle/wss10_message_protection_client_policy

  • oracle/wss10_saml_token_with_message_integrity_client_policy

  • oracle/wss10_saml_token_with_message_protection_client_policy

  • oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy

  • oracle/wss10_saml20_token_with_message_protection_client_policy

  • oracle/wss10_username_id_propagation_with_msg_protection_client_policy

  • oracle/wss10_username_token_with_message_protection_client_policy

  • oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy

  • oracle/wss10_x509_token_with_message_protection_client_policy

  • oracle/wss11_message_protection_client_policy

  • oracle/wss11_saml_token_identity_switch_with_message_protection_client_policy

  • oracle/wss11_saml_token_with_message_protection_client_policy

  • oracle/wss11_saml20_token_with_message_protection_client_policy

  • oracle/wss11_username_token_with_message_protection_client_policy

  • oracle/wss11_x509_token_with_message_protection_client_policy

5.3.7 Enabling Quality of Service Testing

Note:

This section is not applicable when testing RESTful Web services.

Three characteristics of Quality of Service (QoS) can be tested: WS-Addressing, and MTOM in the Quality of Service section of the Test Web Service Page (Figure 5-15). For each type of Quality of Service, there are three options:

  • WSDL Default – Execute the default behavior of the WSDL. For example, if WSDL Default is selected for MTOM, and the WSDL contains a reference to an MTOM policy, the policy is enforced. If the WSDL does not contain a reference to an MTOM policy, then no MTOM policy is enforced.

  • None – No policy for the specific QoS, even if it is included in the WSDL, is executed.

  • Custom – Enforce a custom policy. For example, if a WS-Addressing policy is referenced in the WSDL, this policy will be ignored, and the policy specified in URI will be used instead.

  • URI – Specify the location of the policy to be enforced.

Figure 5-15 Quality of Service Parameters on the Test Web Service Page

Description of Figure 5-15 follows
Description of "Figure 5-15 Quality of Service Parameters on the Test Web Service Page"

5.3.8 Testing HTTP Headers

The HTTP Header section allows you to add, modify, or delete HTTP headers to pass request information to a SOAP or RESTful Web service. After the service invocation, the HTTP headers should be displayed as part of the message response.

Figure 5-16 HTTP Header on the Test Web Service Page

Description of Figure 5-16 follows
Description of "Figure 5-16 HTTP Header on the Test Web Service Page"

5.3.9 Stress Testing the Web Service Operation

Select the Enable Stress Test check box (Figure 5-17) to invoke a continuous series of invocations of the Web service operation (Figure 5-17). The following options are available:

  • Concurrent Threads – The number of concurrent threads on which the invocations should be sent. The default is 5 threads.

  • Loops per Thread – The number of times to invoke the operation. The default is 10 times.

  • Delay in Milliseconds – The number of milliseconds to wait between operation invocations. The default is 1000 milliseconds (1 second).

    Figure 5-17 Stress Testing Parameters on the Test Web Service Page

    Description of Figure 5-17 follows
    Description of "Figure 5-17 Stress Testing Parameters on the Test Web Service Page"

When you invoke the test, a progress box indicates the test status. When the stress test is complete, a confirmation page displays the results of the test.

The Response tab provides additional information about the stress test, including the number of tests with errors, and the average, minimum, and maximum response times. Details about each test are provided in tabular form. For each test, you can view the thread and loop numbers, the duration of the test, the start and end times for the test, and the invocation status. You can filter the fields displayed in the table using the View menu.

Figure 5-18 Stress Test Results on Test Web Service Page

Description of Figure 5-18 follows
Description of "Figure 5-18 Stress Test Results on Test Web Service Page"