I have a project with some SOAP interfaces configured to test my backends.
To be able to transfer the credentials, I had the choice either to:
Put a soap header <soapenv:Header>...</soapenv:Header>
containing username and password
But in this case, I have to declare it in all Request and it is not dynamic as the credentials changes for the different endpoint configured (environments)
Create a Outgoing WS-Security Configurations
for all my environment and associate them in the Endpoint
configuration of each Interface
That way it will switch credentials easily and automatically whatever endpoint used.
In this configuration I can also define not to generate a nonce
, other ways it generate it automatically and the server does not accept it.
Now I have a little security problem. My SOAP-UI is in a git repository and if I just open the project xml file, I can see my passwords in clear text.
I tried to use Hashed password
but:
PasswordText
formatIs there any way to externalize the password (they can be stored in a local plaintext file) or to be encrypted in the project.xml file?
I am using SOAP-UI Open source version (not PRO) in version 5.2.0 and from the user interface and not with Maven or any other tool.
You can using global properties. To do so you need first to define a external file for example a file called soapuiProperties.txt.
Inside this file put both properties:
myProject.username=yourUserName
myProject.password=yourPassword
Then configure your WS-Security configuration setting and set ${myProject.username}
as username, and ${myProject.password}
as password (you don't see the password text because the UI field has a mask but don't worry if you put correctly the property then SOAPUI replace it for the correct value in the property file anyway).
Finally you've to pass the file to the SOAPUI, so edit SOAPUI_HOME\bin\soapui.bat
an add the follow -Dsoapui.properties=soapuiProperties.txt
to the JAVA_OPTS
:
set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx256m -Dsoapui.properties=soapuiProperties.txt
And that's all, then when you apply WSSSettings
to your request you'll see the correct values get it from the property file.
You can see more info at SOAPUI documentation here
EDIT
In new versions at least with 5.2.1 seems easier, by default SOAPUI is configured to load SOAPUI_HOME\bin\soapui.properties
by default. So create this file and add the properties here, You've to do the rest of the steps but you can avoid to edit the soapui.bat
.
Hope this helps,
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With