I would like to replay soap message against my server. I've recorded a few messages and i've tampered with Timestamps, soapbodies etc and now I would like to see that my SecurityAssertions lites up like xmastrees. The deployed server will use clientcertificates and servercertifivcates for authentisation, and the whole messageflow will go encrypted with ssl. But I would still like to test the implementation with http and no authentication.
How would one do to replay a soapmessage? Is there any application around that can do this easy?
You could try soapUI. It has quite a few capabilities for interacting with web services including creating tests for them in which you can replay messages.
Related
I will be happy to get advice from more experienced developers about adding Web Sockets into my HTTP-based project.
That’s the thing. I have developed the REST API based service. Everything works well enough, but… In some special cases my server needs a long time to serve client requests. It may be from 1 minute to several hours (and even days)! I implement some not-so-good algorithm to address this issue:
Client sends HTTP request
Server replies about registering request
Client starts sending HTTP requests to get necessary data (if response does not have needed information the client sends another request and so on)
That is all in a nutshell.
And it seems to be a bad scenario and I am trying to integrate web sockets for adding duplex-channels in this architecture. I hope that my API will be able to send info about updated data as soon as possible without the necessity of many requests from the client.
But I am a bit confused in choosing one of two ways to use web socket (WS).
Variant A.
The server only tells the client via WS that data is ready. And the client gets data by standard request-response HTTP method from REST API.
Variant B.
The server sends all data to the client via WS without HTTP at all.
What variant is more suitable? Or maybe some other variants?
I do not want to remove HTTP at all. I just try to implement WS for a particular kind of end-points.
Variant A would be more suitable and easy to implement. You can send message to the client after the data is ready, and he can then send request for the data. It will be like a simple chat websocket, and will serve your purpose.
I am trying to send a message from NetSuite to another system via http SOAP, but I was told that I have send a signed soap message. NetSuite only has an operation called nlapiRequestURL(url, postdata, headers); I am trying to use this method to send over a manually created SOAP message. What I am having problems with is figuring out how to add the cert to the header. Has anyone does this before?
What I have learned about signing a soap message with the certificate is that I need private key and public in the local keystore. This tutorial in java shows how to do it, but how would I do something similar in NetSuite.
https://dzone.com/articles/signing-soap-messages
One possible solution is you write your own proxy web server in Java
or any other server side language for that matter.
Below is the summary of my suggestion:
1) Send the request details from NetSuite to proxy server using a
Suitelet or scheduled script.
2) In the proxy server create the signed SOAP request and send to the
vendor API
3) Now, to respond back to NetSuite there are two options a) you
keep the connection open with NetSuite until you get the response and
send it back to NetSUite's script b)you respond back to a NetSuite
RESTlet, which makes the design asynchronous and can be good specially
if the turn around time is more than 45 seconds.
Also, I would suggest to write web server using HTTPS, with your server having a trusted CA signed certificate, so, that communication between web server and NetSuite is secure. And this way your communication would be secure (P.S. I can't answer the question that is SSL 100% secure, there are good discussion on http://security.stackexchange.com on that topic).
I am building a web application and RESTful web service.
I have been reading various articles about the best way to authenticate the requests to the web service.
The best option for me seems to be to use HTTP basic authentication. Pretty much every article ive read says that authentication should be encrypted over SSL or equivalent.
Im not totally sure what this involves. Does this mean that my whole web service will have to be on a secure server? Will this slow things down?
This really depends on how much data is being transferred and the amount of hits your service is getting. Encrypting the data will increase processing time and typically the amount of information transferred. However, if you choose basic authentication without SSL and there is a user running a packet sniffer on your network, it is almost like yelling your credentials across the room. It is possible to switch between HTTP and HTTPS by configuring your .HTACCESS if you'd like. See the link below:
Correctly switching between HTTP and HTTPS using .htaccess
I have an application that pulls data from several web services.
The application is correctly using fiddler as a proxy for all these web service requests, and everything works as it should.
I would like to simulate the web services servers being slow, so I enabled "Simulate Modem Speeds" in fiddler (without modifying the default rules file). Now most of the responses I get back are:
ReadResponse() failed: The server did not return a response for this request.
If I disable the "Simulate Modem Speeds", everything works fine again.
Is there a way to get this to work, or a better way to simulate a web services response being slow?
Uh, it certainly sounds like your webservice is configured to timeout if it doesn't get a given request within a certain period of time, suggesting that the simulation has, in fact, turned up the sort of problem you'd want to be testing for.
If you want to adjust the "slowness", edit the Rules > Customize Rules file. Search for modem to see the latencies.
I want to send an XML file to a Web Service.
The Web Service is a java application.
I know the endpoint of the Web Service.
Typically I know I have to create the request and send it as an http/https request.
What I want to know is what would I have to make to send the request - as in what development tool could I use e.g. Visual Web Developer (preffered as I am familiar with this) or Visual Studio? And what sends the request - e.g. another Web Service, a Website etc?
Where do I even begin with this?
Any comments are much appreciated.
Where do I even begin with this?
One purpose of a Webservice is loose coupling. So it depends on what you want to do. You can write a simple program in what ever language which constructs a request and sends it. You can write a Webservice on its own which uses the other Webservice to handle it's own requests.
You can handle this in a very simple or complex way. You only need to be able to generate a request (per xml) and send it.