Oracle® Fusion Middleware
Part 2. General Configuration

API Gateway Explorer Classic Mode shows a simplified view of a SOAP request and its corresponding response, together with any other relevant information, including HTTP headers, SOAP Action, certificates, and attachments. Classic Mode is most suitable for sending single requests to a Web service or target system to see how it behaves. You can perform more complicated testing scenarios using the Design Mode.

The following sections describe the functionality available from the Classic tab on the right in the toolbar.

A WSDL file contains definitions of SOAP operations and describes the wire format of SOAP messages for those operations. API Gateway Explorer can use these definitions to auto-generate sample SOAP messages, which can then be sent to the service URL specified in the WSDL file. Complete the following steps to do this:

The auto-generated SOAP message contains comments above elements that have certain cardinality rules associated with them to help you create more formally correct SOAP messages. Similarly, where an element's content model comprises a sequence or choice of elements or values, these options are listed in the comment.

The SOAP Request panel contains the currently loaded SOAP message. When a request has been loaded into the panel, you can insert security tokens (for example, XML Signature and XML Encryption) into the message before sending it to the Web service specified in the URL field at the top of the API Gateway Explorer screen. The options to modify the message in this way are available to the left of the SOAP Request panel.

As discussed in the previous section, you can auto-generate a request for a SOAP operation exposed by a Web service using the WSDL for that service. In this case, the SOAP Request panel is automatically populated with the SOAP message. However, you can also load a SOAP message from a file using the File > Load Request menu option.

A number of sample SOAP messages for live sample Web services ship with the API Gateway Explorer. These samples are available from the File > Samples menu. When a sample service is selected from this menu, the message for that service is loaded into the SOAP Request panel. Furthermore, the URL, SOAP Action, and WSDL fields are all populated accordingly.

When a message has been loaded into the SOAP Request panel (or SOAP Response panel), there are several different views of the message available, which can be selected by clicking one of the following tabs at the bottom of the panel:

No matter how the message is loaded into the SOAP Request panel, it can always be sent using the Send Request button on the left of the screen.

When you press the Send Request button, the message in the SOAP Request panel is sent to the Web service running at the address specified in the URL field.

The response from the Web service is displayed in the SOAP Response panel. You can view any HTTP headers or attachments that were returned with the SOAP response by clicking the Headers and Attachments tabs, respectively. Similarly the HTTP response status (for example, HTTP/1.1 200 OK is displayed at the top of the panel.

When you click the Send Request button, and if this is the first message you have sent to the Web service running at the address specified in the URL field, the Connection Settings dialog is displayed. You can configure the following settings:

For more details, see the topic on Configuring Connection Settings.

As discussed earlier, when a SOAP message has been loaded into the SOAP Request panel, you can insert one or more different types of security token into the message. One such token is an XML Signature, which contains a digital signature of (a part of) the SOAP message.

By signing the message, the integrity of the message is guaranteed. In other words, any changes to the message after it has been signed can be detected by someone validating the XML Signature on the message.

You can use API Gateway Explorer to check the validating process on the server. Typically, you would achieve this by loading a message into API Gateway Explorer, signing it, and sending it to the server where the signature is being validated. The next step would be to change some of the content covered by the Signature to make sure that the changes are detected by the server.

To sign a message that has already been loaded into the SOAP Request panel, select the Security > Decrypt Request menu option. You can use the Sign Message screen to configure what part of the message is signed, where to place the Signature, and what algorithms to use, along with other details about the signing process. For more details, see the topic on XML Signature Generation.

You can also insert an XML Encryption block into the message. The encrypted block (usually) replaces the original XML chunk that was encrypted. By encrypting the message, the sender can make sure that only the intended recipient of the message can read it.

You can use the Encrypt Request wizard, which is available by selecting the Security > Decrypt Request menu option, to encrypt a message that has been loaded into the SOAP Request panel.

The first step in configuring the XML Encryption Wizard is to select the certificate that contains the public key to use to encrypt the data. When the data has been encrypted with this public key, it can only be decrypted using the corresponding private key. Select the relevant certificate from the list of Certificates in the Trusted Certificate Store.

After clicking the Next button on the first screen of the wizard, the configuration options for the XML Encryption Settings screen are displayed. For more details, see the topic on XML encryption settings.

When a SOAP message containing an XML Encryption block is loaded into the SOAP Request panel, you can decrypt the encrypted block using the XML Decryption Settings screen. This is available by selecting the Security > Decrypt Request menu option.

For more information on configuring the fields on this screen, see the topic on XML decryption settings.

You can insert a SAML authentication or authorization assertion into a SOAP message by selecting the Security > Insert SAML Token menu option from the Classic Mode. There are further menu options to add a SAML authentication and/or authorization assertion.

For more information on inserting SAML tokens into the message, see the topics on Insert SAML Authentication Assertion and Insert SAML Authentication Assertion.

Finally, you can use API Gateway Explorer to insert a WS-Security UsernameToken into a SOAP message. This option is available by selecting the Security > Insert WS-Security Username menu option.

For more information on inserting a UsernameToken into a message, see the topic on Insert WS-Security Username Token.