You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2016/03/29 15:38:45 UTC
[Bug 59244] New: WS-Security for SOAP requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
Bug ID: 59244
Summary: WS-Security for SOAP requests
Product: JMeter
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Main
Assignee: issues@jmeter.apache.org
Reporter: mdiianni@gmail.com
Possibility to manipulate WS-Security parameters for SOAP requests.
Increasing security levels on Internet exposed services require the use of
timestamp, signing and encryption on SOAP Requests/Responses.
Such elements are not currently available on JMeter 2.13 so the only way to
implement them is adding a JSR223 Pre-Processor that reads a JKS keystore,
loads the sampler XML content, inject a timestamp, encrypt the content and sign
the message with appropriate keys before sending.
Regards,
Maurizio
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 59244] WS-Security for SOAP requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
--- Comment #2 from Arvind Kumar <ar...@fisglobal.com> ---
I was compiling the code provided here and I ran into following issue during
compilation:
C:\Program Files\Java\jdk1.7.0_67\bin>javac SOAPSecurity.java
SOAPSecurity.java:103: error: ')' expected
SOAPDocWriter pathWriter = (s, d) -> {
^
SOAPSecurity.java:103: error: ';' expected
SOAPDocWriter pathWriter = (s, d) -> {
^
SOAPSecurity.java:113: error: ')' expected
SOAPDocWriter stringWriter = (s, d) -> d.parse(new InputSource(new
StringReader(s)));
^
SOAPSecurity.java:113: error: ';' expected
SOAPDocWriter stringWriter = (s, d) -> d.parse(new InputSource(new
StringReader(s)));
^
4 errors
Any idea what is causing these errors? I need to make jar file out of the
class file after compiling and running this java bean shell code for JMeter.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 59244] WS-Security for SOAP requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
--- Comment #3 from Felix Schumacher <fe...@internetallee.de> ---
The code is using java 8 features, that is why you get those error messages.
Note, that I haven't written nor tried the code.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 59244] WS-Security for SOAP requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |p.mouawad@ubik-ingenierie.c
| |om
--- Comment #4 from Philippe Mouawad <p....@ubik-ingenierie.com> ---
There is a 3rd party plugin supporting this:
- https://github.com/tilln/jmeter-wssecurity
Should we close this ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 59244] WS-Security for SOAP requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 59244] WS-Security for SOAP requests
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59244
mdiianni <md...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mdiianni@gmail.com
--- Comment #1 from mdiianni <md...@gmail.com> ---
Created attachment 33889
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33889&action=edit
Custom Java Library for SOAP WS-Security
This library should be installed on $APACHE_HOME/lib
How it works:
On jmeter test plan
Include a Thread Group
Include a HTTP Request sampler
Include a JSR223 Preprocessor
The HTTP request contains the XML to be signed and encrypted on plain text
The XML is picked up by the custom java library, which will include the
security header with timestamp, signature and body encrypted, to be returned
back to the HTTP sampler
Finally, HTTP sampler sends the request to configured endpoint.
Requirements:
SOAPSecurity.jar (compiled java class)
Keystore containing the private keys and certificates
Example content of the JSR223 preprocessor:
import com.example.wss.SOAPSecurity;
import org.apache.jmeter.services.FileServer;
// get SOAP message from parent sampler body
String soapData = sampler.getArguments().getArgument(0).getValue();
String baseDir = FileServer.getFileServer().getBaseDir();
String pathToKeystore = baseDir + File.separator + "keystore_files" +
File.separator + vars.get("SOAP.Keystore");
String keystorePassword = vars.get("SOAP.KeystorePass");
String pathToTruststore = baseDir + File.separator + "keystore_files" +
File.separator + vars.get("SOAP.Truststore");
String trustStorePassword = vars.get("SOAP.TruststorePass");
int timeToLive = Integer.parseInt(vars.get("SOAP.TTL"));
String signingAlias = vars.get("SOAP.SigningAlias");
String encryptAlias = vars.get("SOAP.EncryptingAlias");
String secureSoap = "";
try {
secureSoap = SOAPSecurity.secureSoapMessageFromString(soapData,
pathToKeystore, keystorePassword, pathToTruststore, trustStorePassword,
timeToLive, signingAlias, encryptAlias);
}
catch (Exception ex){
log.warn("Error in script", ex);
throw ex;
}
// replace parent sampler body with secured SOAP message
sampler.getArguments().getArgument(0).setValue(secureSoap);
vars.put("SoapDataRaw", soapData);
--
You are receiving this mail because:
You are the assignee for the bug.