This topic explains how SOAtest assists with runtime security policy validation by enabling execution of complex authentication, encryption, and access control test scenarios.
SOAtest includes several security tools and options that help you construct and execute complex authentication, encryption, and access control test scenarios. For example:
See JCE Prerequisite.
For a step-by-step demonstration of how to apply SOAtest for validating authentication, encryption, and access control, see WS-Security. This tutorial covers encryption/decryption, digital signature, and the addition of SOAP Headers.
For more details on how to use SOAtest’s tools to support your specific authentication, encryption, and access control validation needs, see the following sections.
|General Security Settings (Authentication, Keystores, etc.)|
|HTTPS and SSL||Configuring for Services Deployed Over HTTPS|
If your services are configured with WS-Security XML security policies, then you can configure SOAtest with the necessary settings in order to interoperate with WebLogic.
To help you configure these settings, a sample SOAtest project WebLogicWSS.tst is included under <INSTALL>/examples/tests. WebLogicWSS.tst is not an executable test; it intended to serve as a reference, allowing you to compare a working configuration that has been verified by Parasoft against your own. This example configuration has been tested to work with WebLogic 9.2 and later.
This example assumes that default sign, encrypt and UsernameToken (ut) policies are being used by your WebLogic application. It also assumes that the wss_client certificate (the client public key) has been imported to WebLogic's DemoTrust keystore.
Note the following:
If you are using the default policies or policies that are built off of the defaults, configure your test settings to match this example in terms of the options selected.
Refer to Oracle's e-docs sites for more information about WebLogic security policies.