WS-Security Tutorial

Applies to ReadyAPI 3.57, last modified on December 20, 2024

This tutorial explains how to add WS-Security (WSS) to your tests in ReadyAPI by using keystores and truststores. ReadyAPI manages WS-Security configurations at the project level, so these configurations can be used in different places of your project:

  • For outgoing requests and their responses.

  • For incoming requests to virtual APIs and for the responses sent by these APIs.

  • For monitored requests and responses in the SOAP Monitor.

Basic configuration

  1. Switch to the APIs node and select Auth & Security > WSS Config on the toolbar.

    The WSS Configuration button

    Click the image to enlarge it.

  2. In the subsequent dialog, switch to the Keystore tab, click , and select the keystore file.

    The Add Keystore button

    Click the image to enlarge it.

  3. Enter the keystore password.

    Entering the keystore password
  4. Make sure the Status is OK. If it is not, make sure you have specified the correct keystore and password.

    The keystore status

    Click the image to enlarge it.

  5. Switch to the Outgoing WS-Security Configurations tab and click .

    The Add Outgoing Configuration button

    Click the image to enlarge it.

  6. Enter the name of the outgoing configuration and click OK.

    Naming the outgoing configuration
  7. Create a new WSS entry in the editor below.

    Adding the outgoing entry

    Click the image to enlarge it.

  8. Select Encryption from the drop-down menu and click OK.

    Creating the encryption entry
  9. Select the keystore and key alias to use and enter the password for that alias and click OK.

    Configuring the encryption entry

    Click the image to enlarge it.

  10. Open the SOAP request you want to apply the encryption to and expand the Auth panel.

  11. Click Add Authorization Profile and add a Basic authorization.

    Adding authorization profile

    Click the image to enlarge it.

  12. In the Outgoing WSS drop-down list, select the WS-Security you have added.

    Adding the outgoing configuration to the request

    Click the image to enlarge it.

  13. Finally, execute the SOAP request and click the Raw tab to verify that the encryption is added to the outgoing request.

    The raw request

    Click the image to enlarge it.

Alternative: Adding an outgoing configuration explicitly

As an alternative to using the Auth tab, you can right-click in the XML editor and select Outgoing WSS in the drop-down list. This will generate an outgoing WSS and add it to the current XML message.

Applying the outgoing WSS

When you receive a message with an associated WSS configuration, the results are shown in the WSS inspector. The inspector shows a list of processing results and the occurred errors:

The WSS inspector

Click the image to enlarge it.

Alternative: adding an outgoing configuration to all the requests sent to an endpoint

You can add an outgoing WSS configuration to an endpoint so that all the requests to the endpoint use it. To do it, create a WSS configuration and use environments:

  1. Open a request with the desired endpoint and copy the endpoint.

  2. On the toolbar, open the environments drop-down menu and select Configure Environments:

    Copy the endpoint

    Click the image to enlarge it.

  3. Create an environment, select it from the list, and click  to add an endpoint to it. Paste the endpoint value into the Endpoint field:

    Create an endpoint in the environment

    Click the image to enlarge it.

  4. Switch to the Authorization tab.

    • In the WSS-Type drop-down menu, select the appropriate WSS-Type.

    • In the Outgoing WSS drop-down menu, select your WSS configuration.

    • Click Save.

      Select WSS configuration
  5. Again, open the request you want to apply WSS to and select the newly created environment from the environment drop-down menu.

    Select the environment

    Click the image to enlarge it.

Now, all the requests to this endpoint will use the WSS configuration that you have indicated in the environment settings.

See Also

About WS-Security
WS-Security Properties

Highlight search results