In the generic service client, service calls contain the
content and the transport information for the call. The contents are
made of the SOAP envelope. The transport information refers to the
information that is required to send and receive and answer depending
on the selected protocol.
Message
This page shows the
XML content of the request and provides access to data correlation.
The same content is presented in three different ways.
- Form
- This view provides a simplified view of the message that focuses
on editing the values of the XML content. Use the Schema menu to enable assistance with editing XML content so that the XML
is valid and complies with the XSD specification.
In the Form view, add the XML headers that are required for standard
web service calls. On the Header bar, click Add (
) to create the default
XML header structure for WS-Addressing, WS-ReliableMessaging or WS-Coordination
requests, or click More for other standards.
You can enable or disable XML header elements and specify the correct
values for each XML element. Checks are performed to ensure that the
XML content is valid.
Note: To add XML headers to calls in IBM® Security AppScan®, add a Static XML Headers algorithm
on the Request Stack tab of the request.
- Tree
This view provides a hierarchical view of the XML structure
of the message, including elements, namespaces, and the associated
values. You can use Add, Insert, Remove, Up, and Down to edit the XML elements and namespaces in the tree.
Click Filter to hide or show namespace,
attribute, or text nodes, depending on your requirements.
Click Allow only valid modifications to enable smart editing,
based on a specified XML schema document (XSD). To specify a set of
XSD documents for the workbench, in the test navigator, right-click
the project and select Properties and Schema Catalog. Disable Allow only valid modifications if you do not have an XSD or if you want to bypass the schema.
You can right-click an XML element to convert it to an XML fragment.
This enables you to perform data correlation (use datapools and create
references) on the entire XML fragment instead of only on the value.
- Source
- This view displays the source XML content of the message or plain
text content.
Important: In the Source view, do not edit
the tags that start with SoaTag. If you delete or
change these tags, any references and substitutions in the test will
be broken. You cannot recreate these tags after you delete them.
Attachments
This page
lists the MIME or DIME attachments that are attached to the request.
The contents of this view conform to the Multipurpose Internet Mail
Extensions (MIME) or Direct Internet Message Encapsulation (DIME)
specification. You can use this page to add workbench resources as
MIME or DIME attachments and change properties.
The
Content ID is the identifier that the request uses to
refer to the attachments. The method for using this identifier depends
on your server requirements.
- MIME or DIME
- Select whether the attachment conforms to the Multipurpose Internet
Mail Extensions (MIME) or Direct Internet Message Encapsulation (DIME)
specification
- Use MTOM transmission mechanism
- By default, the request uses SOAP Messages with Attachments (SwA)
to handle attachments. Select this option to handle attachments with
the SOAP Message Transmission Optimization Mechanism (MTOM).
Transport
This page
covers the transport settings used to send the request. The transport
protocol settings apply to a transport configuration, which can be
either HTTP, Java™ Message Service
(JMS), WebSphere® MQ, or
Microsoft .NET. You can create several configurations for each protocol
so that you can easily switch protocols or variants of protocols.
Note: If you are using IBM Security AppScan,only the HTTP transport protocol is available.
- HTTP
- Select HTTP to use the HTTP transport for
the request. At the request level, you can update a URL or SOAP action
and the reference to the global configuration of a test.
- Protocol configuration
- Click Change to specify a predefined transport
configuration or to create a configuration. HTTP transport configurations
contain proxy and authentication settings that can be reused.
- URL
- Specify the URL end point of the service request.
- Method and Version
- Specify the HTTP method and version to be used to invoke the service
request.
- Headers
- Specify the names and values of any custom HTTP headers that are
required by the service. Click Add, Edit or Remove to modify the headers
list.
- Cookies
- Specify the names and values of any cookies that are required
by the service. Click Add, Edit or Remove to modify the cookies list.
- JMS
Select JMS to use the Java Messaging Service transport for the request.
This page enables you to add string properties that are attached to
the request for a JMS configuration. These will be sent as message
properties through JMS.
- Protocol configuration
- Click Change to specify a predefined transport
configuration or to create a configuration. JMS transport configurations
contain generic end point, reception point, and adapter settings that
can be reused.
- Properties
- Specify the names and values of any string properties that are
required by the request for the current JMS transport configuration.
These are sent as message properties through JMS. Click Add, Edit or Remove to modify the properties list.
- WebSphere MQ
- Select MQ to use the IBM WebSphere MQ transport for the request. This page enables you to specify the
SOAP action and override the settings for the WebSphere MQ configuration selected at
the test level.
- Protocol configuration
- Click Change to specify a predefined transport
configuration or to create a configuration. WebSphere MQ transport configurations contain
generic queue, header, and SSL settings that can be reused.
- SOAP Action
- Specifies the SOAP action to be used to invoke the WebSphere MQ request.
- Override MQ protocol configuration values
- Select this option to configure the fields of the WebSphere MQ message. You can replace a
subset of an MQ message descriptor with a custom format for use with
other server types, specifically when using an XML message request.
- Customize message header
- Select this option to specify custom headers for the transport
for the SOAP over MQ feature that is provided by WebSphere MQ. This feature uses a predetermined
MQ message format (RFH2), therefore, when selected, other Message Descriptor options are disabled.
- Message descriptor
- These settings replace the message descriptor and header settings
of the MQ protocol configuration. Refer to WebSphere MQ documentation for information
about message descriptors.
- Microsoft .NET
- Select Microsoft .NET to use the Microsoft
.NET Framework transport for requests based on Windows Communication Foundation (WCF). This
page enables you to override the settings for the Microsoft .NET configuration selected at
the test level.
- Item
- Click Add to specify the name and value
of the WCF actions that are required by the service. This table is
automatically generated when you import a Microsoft .NET WSDL file.
Refer to the Microsoft .NET
WCF documentation for more information.
Request Stack
Use
this page to specify the stack that applies security and addressing
parameters and algorithms to service requests before they are sent.
Stacks are a set of algorithms that are executed in a given order.
Use the WSDL security editor to define a stack for each WSDL. The
stack will be applied to all requests that use the WSDL.
- Override stack
- By default, you edit a stack which attached to a specific WSDL
file in the WSDL security editor. Select this option to specify a
different security algorithm stack only for the current service request.
- Show response stack
- The Request Stack page contains algorithms
that are applied only to outgoing service requests. Select Show response stack to add a Response Stack page. The Response Stack page allows you to
edit security and addressing parameters and algorithms that are applied
to incoming responses.
- Security Algorithm Details
- Click Add, Insert, or Remove to add or remove security algorithms
in the stack. Click Up and Down to change the order of a selected algorithm in the security stack.
The following security algorithms can be added to the security stack:
- Static XML Headers
Use this algorithm to add the XML headers that are required
for web service standard calls. On the Header bar, click Add (
) to create the default XML header structure for WS-Addressing,
WS-ReliableMessaging or WS-Coordination requests, or click More for other standards.
You can enable or disable
XML elements in the Header section and specify the correct values
for each XML element. Checks are performed to ensure that the XML
headers are valid.
Note: The Static XML Headers algorithm is available
only in IBM Security AppScan. To add static XML headers to calls in other products,
expand the Headers section on the Message tab of the request.
- Time Stamp
- The time stamp security algorithm adds time stamp information
to the XML document in the response. For details on security algorithms,
refer to the web service security specification.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Expiration delay
- Specify the delay after which the time stamp expires.
- Millisecond precision
- Select this option to produce a time stamp that uses millisecond
precision instead of the default (1/100th second).
- User name token
- The user name token security algorithm adds a user name token
to the XML document in the message. For details on security algorithms,
refer to the web service security specification.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Name
- Type the name of the user.
- Password
- Type the password of the user.
- Password type
- Specify the password type for the security algorithm as defined
in the Web Services Security UsernameToken profile.
- XML Encryption
- The XML encryption security algorithm specifies how the XML document
is encrypted. For details on security algorithms, refer to the web
service security specification.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Identifier type
- Select the type of key identifier to be used for the encryption.
The following key identifiers are available, as defined in the Web
Services Security (WSS) specification X509 profile and the OASIS WSS
1.1 specification:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- SKI_KEY_IDENTIFIER
- EMBEDDED_KEYNAME
- THUMBPRINT_IDENTIFIER
- ENCRYPTED_KEY_SHA1_IDENTIFIER
- User XPath part selection
- This enables you to specify an XPath query that describes parts
of the XML document that can be subjects of the algorithm. By default,
the body is the subject.
- Key
- Select the key used for the encryption. The details of each key
vary.
- x509 key: This specifies the name and password
of the x509 key and the keystore where it is located.
- Raw key: This specifies the name and the
byte value of your SecretKey in hexadecimal.
- Encrypted key: This specifies a reference
to an encrypted key that was previously defined in the security stack.
Click Insert a new encrypted key to create
a new encrypted key definition block.
- Encoding Algorithm Name
- Specify the encryption method to be used as defined in the XML
Encryption Syntax and Processing specification.
- Key Encoding Algorithm
- Specify the standard algorithm for encoding the key as defined
in the XML Encryption Syntax and Processing specification.
- XML Signature
- The XML signature security algorithm specifies how the XML document
is signed. For details on security algorithms, refer to the web service
security specification.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Security token
Select the type of key identifier to be used for the signature.
The following key identifiers are available, as defined in the the
Web Service Security (WSS) specification X509 profile and OASIS WSS
1.1 specification:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- SKI_KEY_IDENTIFIER
- KEY_VALUE
- USER_NAME_TOKEN
- CUSTOM_SYMM_SIGNATURE
In addition, the following identifiers are available when
the signature is based on a UsernameToken profile:
- USER_NAME_TOKEN
- CUSTOM_SYMM_SIGNATURE
- User XPath part selection
- Specify an XPath query that describes parts of the XML document
that can be subjects of the algorithm. By default, the body is the
subject. Click the XPath Helper button to build
the Xpath expression.
- Key
- Select the key used for the encryption. The details of each key
vary.
- x509 key: This specifies the name and password
of the x509 key and the keystore where it is located.
- User name token key: This specifies a user
name and password for the signature.
- Encrypted key: This specifies a reference
to an encrypted key that was previously defined in the security stack.
Click Insert a new encrypted key to create
a new encrypted key definition block.
- Signature algorithm name
- Specify the signature method algorithm as described in the XML
Signature Syntax and Processing specification.
- Canonicalization
- Specify the canonicalization method to be used as described in
the XML Signature Syntax and Processing specification.
- Inclusive namespaces
- Specify whether the canonicalization is exclusive as described
in the Exclusive XML Canonicalization specification.
- Encrypted Key
- This block defines an encrypted key that can be used in an XML
signature or XML encryption block. The encrypted key block must be
before a block that uses the encrypted key.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Key name
- Specify the name of the encrypted key.
- Identifier type
- Select the type of key identifier to be used for the key. The
following key identifiers are available, as defined in the the Web
Service Security (WSS) specification X509 profile and OASIS WSS 1.1
specification:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- THUMBPRINT_IDENTIFIER
- SKI_KEY_IDENTIFIER
- Key size
- Specify the size of the key in bits.
- Key encoding algorithm name
- Specify the algorithm to be used for encoding the key.
- Keystore
- Select a keystore or click Edit Security to define a new keystore or to manage the existing keystores.
- Name
- Select a key contained in the specified keystore.
- Password
- Type the password for the selected key name.
- Custom Security Algorithm
- If you want to use a Java class as a custom security algorithm, then use this stack element
to apply the custom algorithm to the service.
- Java Project
- If you have not implemented a custom Java class, select Java Project, type
a name for the new project, and click Generate to create a new Java class
with the default structure for custom security implementations.
Note: If you are using IBM Security AppScan, this field is not available.
- Implementation class
- Specify the name of the class that implements the custom security
algorithm. Click Browse Class to select an
existing Java class from the
workspace.
- Properties
- Use this table to send any specific properties and associated
values to the custom security algorithm.
- WS-Addressing Algorithm
- Use this block if your service uses either WS-Addressing 2004/08
or the WS-Addressing 1.0 Core standard.
- Namespace
- Specify the namespace for either WS-Addressing 2004/08 or WS-Addressing
1.0 Core.
- Action if request uses WS-Addressing
- Select the action to complete if WS-Addressing is already in the
request.
- Replace anonymous address in Reply-to with:
- Select this option to generate the specified address in the Reply-to
header instead of an anonymous address.
- Remove WS-Addressing from response
- Select this option to strip any WS-Addressing headers from the
response.
- WS-Policy Algorithm
- Use this block if your service requires a security policy file
compliant with the WS-Policy specification.
- Use policy included in WSDL (WS-PolicyAttachment)
- Select this option to use the security policy configuration that
is attached to the WSDL as in the WS-PolicyAttachment specification.
- Policy
- If you are not using the WS-PolicyAttachment specification, specify
the XML policy file. Click Browse to add a
policy file from the workspace or to import a policy file.
- Signature configuration
- Select this option to specify a keystore for any signature that
is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Encryption configuration
- Select this option to specify a keystore for any encryption that
is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Decryption configuration
- Select this option to specify a keystore for any decryption that
is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Retrieve token from security token server (WS-Trust)
- Select this option, and click Configure to specify a Security Token Server (STS) to use with the policy.
- Additional properties
- Use this table to specify settings for the advanced properties
or specific implementations of the WS-Security specification. Click Add to add a property name and to set a value.
Response Stack
Use
this page to specify the stack that applies security and addressing
parameters to responses after they are received. Stacks are a set
of algorithms that are executed in a given order. Use the WSDL security
editor to define a stack for each WSDL. The stack will be applied
to all requests that use the WSDL.
- Override stack
- By default, you edit the security algorithm stack attached to
a specific WSDL file in the WSDL Security Editor. Select this option
to specify a different security algorithm stack only for the current
response.
- Show response stack
- Clear the Show response stack option to
hide the Response Stack page.
- Security Algorithm Details
- Click Add, Insert, or Remove to add or remove security algorithms
in the stack. Click Up and Down to change the order of a selected algorithm in the security stack.
The following security algorithms can be added to the security stack:
- XML Encryption
- The XML encryption security algorithm specifies how the XML document
is encrypted. For details on security algorithms, refer to the web
service security specification.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Identifier type
- Select the type of key identifier to be used for the encryption.
The following key identifiers are available, as defined in the Web
Services Security (WSS) specification X509 profile and the OASIS WSS
1.1 specification:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- SKI_KEY_IDENTIFIER
- EMBEDDED_KEYNAME
- THUMBPRINT_IDENTIFIER
- ENCRYPTED_KEY_SHA1_IDENTIFIER
- User XPath part selection
- This enables you to specify an XPath query that describes parts
of the XML document that can be subjects of the algorithm. By default,
the body is the subject.
- Key
- Select the key used for the encryption. The details of each key
vary.
- x509 key: This specifies the name and password
of the x509 key and the keystore where it is located.
- Raw key: This specifies the name and the
byte value of your SecretKey in hexadecimal.
- Encrypted key: This specifies a reference
to an encrypted key that was previously defined in the security stack.
Click Insert a new encrypted key to create
a new encrypted key definition block.
- Encoding Algorithm Name
- Specify the encryption method to be used as defined in the XML
Encryption Syntax and Processing specification.
- Key Encoding Algorithm
- Specify the standard algorithm for encoding the key as defined
in the XML Encryption Syntax and Processing specification.
- Encrypted Key
- This block defines an encrypted key that can be used in an XML
signature or XML encryption block. The encrypted key block must be
before a block that uses the encrypted key.
- Actor / Role name
- Specify the name of the recipient of the algorithm header element,
if required.
- Must understand
- Select whether it is mandatory that the algorithm header is processed
by the recipient, if required. The recipient is either the Actor name
or the server.
- Key name
- Specify the name of the encrypted key.
- Identifier type
- Select the type of key identifier to be used for the key. The
following key identifiers are available, as defined in the the Web
Service Security (WSS) specification X509 profile and OASIS WSS 1.1
specification:
- ISSUER_SERIAL
- BST_DIRECT_REFERENCE
- X509_KEY_IDENTIFIER
- THUMBPRINT_IDENTIFIER
- SKI_KEY_IDENTIFIER
- Key size
- Specify the size of the key in bits.
- Key encoding algorithm name
- Specify the algorithm to be used for encoding the key.
- Keystore
- Select a keystore or click Edit Security to define a new keystore or to manage the existing keystores.
- Name
- Select a key contained in the specified keystore.
- Password
- Type the password for the selected key name.
- Custom Security Algorithm
- If you want to use a Java class as a custom security algorithm, then use this stack element
to apply the custom algorithm to the service.
- Java Project
- If you have not implemented a custom Java class, select Java Project, type
a name for the new project, and click Generate to create a new Java class
with the default structure for custom security implementations.
Note: If you are using IBM Security AppScan, this field is not available.
- Implementation class
- Specify the name of the class that implements the custom security
algorithm. Click Browse Class to select an
existing Java class from the
workspace.
- Properties
- Use this table to send any specific properties and associated
values to the custom security algorithm.