Thursday, 20 August 2015

Authorized REST request to MCS with SoapUI

In my former post I explained how to do a REST request to a Mobile Cloud Service API using an Unauthorized access. To do so you need to add an HTTP Header property using a Base64 encoded key. But how to do that for authorized access. Using Postman you should be able to add HTTP  Basic authentication, provide the access details and update the request. In SoapUI, it's more or less the same trick: just provide the HTTP Basic Authentication details, and SoapUI does the encoding for you:
Now if you run this and open up the SoapUI Log: you'll see log entries with the message that is send over the line to MCS.
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "GET /mobile/custom/incidentreport_M10/incidents/?contact=Lynn HTTP/1.1[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "oracle-mobile-backend-id: 01d3b3a2-7a6b-42c8-b314-d6e8c8f3e898[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "Host: unit23585.oracleads.com:7201[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "Authorization: Basic am9lX20xMDpuNlApIXBOdTQkMA==[\r][\n]"
Thu Aug 20 15:19:59 CEST 2015:DEBUG:>> "[\r][\n]"

Here You see in the last line that SoapUI encoded the username/password details into the Authorization header property. Below you'll see the response:
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "HTTP/1.1 200 OK[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "Connection: keep-alive[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "Date: Thu, 20 Aug 2015 13:20:00 GMT[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "Content-Length: 486[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "Content-Type: text/html; charset=utf-8[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "Set-Cookie: JSESSIONID=3W1cVVJQTgGmGZMXQy2G3pVG0QvWByQWtmJr212Mh5nQ9hB0yy4b!-920535662; path=/; HttpOnly[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "oracle-mobile-runtime-version: 15.3.3-201507070814[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "X-ORACLE-DMS-ECID: 5a67a51e479fa73b:43dd1c99:14f4a5d80d0:-8000-000000000000729a[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "X-Powered-By: Servlet/2.5 JSP/2.1[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "X-Powered-By: Express[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "[\r][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "{[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "  "Body" : {[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "    "GetIncidentsByCustomerResponse" : {[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "      "Incident" : [ {[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "Date" : "2015-07-22 17:02:14 GMT",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "Id" : 10,[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "ImageLink" : "storage/collections/2e029813-d1a9-4957-a69a-fbd0d7431d77/objects/6cdaa3a8-097e-49f7-9bd2-88966c45668f?user=lynn1014",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "Priority" : "Medium",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "Status" : "InProgress",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "TechnicianAssigned" : "joe@fixit.com",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "Title" : "Leaking Water Heater",[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "        "UserName" : "Lynn"[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "      } ][\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "    }[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "  }[\n]"
Thu Aug 20 15:20:00 CEST 2015:DEBUG:<< "}"

Now, currently MCS supports basic authentication, but I've learned that in the next release OAuth will be supported.

Monday, 17 August 2015

Test MCS Custom API using SoapUI

I'm at the OPN Summercamps 2015 in Lisbon on the Mobile Cloud Services workshop, doning the FixIt Fast tutorial. Now, one of the steps is to test the API imported from a RAML document and confgured it. Then in step 3 you're going to test it using the build in test console of MCS. But since I have SoapUI installed I found it neat to be able to test it from there. Since then you can create Test Suites/Cases to do automatic tests.


What I did was to create a new SOAP UI Rest project based on the endpoint of the API:

Then I added a  paramter named contact with value 'lynn'.
But there are two HTTP-Header properties needed:
Propertyvalue
AuthorizationBasic TUFOVElT...(rest of very long string)
oracle-mobile-backend-id01d3b3a2-7a6b-42c8-b314-d6e8c8f3e898


Both values can be found on the settings tab of the Mobile Backend:
The 'oracle-mobile-backend-id' is found here literally. But the 'Authorization' is found under 'Anonymous Key', where initially it gives a link 'Show'. Clicking it will show a long string. Copy and paste it and prefix it with the word 'Basic' and a single space:

And then you're good to go....

Tuesday, 21 July 2015

Password properties in SoapUI

By accident I encountered the following behaviour of SoapUI. I wanted to register a username/password combination in SoapUI.
Normally in SoapUI property values are shown as plain text.  Here I miss-typed the property for password on purpose:
But see what happens if I correctly type the word "Password":
Apparently if the property contains the word  "Password", prefixed with something indicative, it will consider the property as a password field. Cool!

By the way: the phrase "Password" should be the last in the name. For example, if you post-fix the property with "-Dev", like "ContentServerPassword-Dev", the content becomes visible again. In those case, you should phrase it like "ContentServer-Dev-Password".

Wednesday, 15 July 2015

Disable Wrap Data Types

Just  a moment ago I stumbled on a blog entry of Eric Elsinga about the wrapping of datatypes in Weblogic Datasources, related to the DB-Adapter.

Weblogic wraps objects returned by the database-driver to provide functionality related to debugging, connection utilization tracking and transparent transaction support.
However for some native database objects like BLOBS, CLOBS, ARRAYS etc. this wrapping can affect the performance significantly. When this wrapping is disabled, the application (in our case the DB-Adapter) can work directly on the native objects provided by the Database driver.
To disable the object wrapping do the following:
  1. In the Domain Structure tree, expand Services, then select Data Sources.
  2. On the Summary of Data Sources page, click the data source name.
  3. Select the Configuration: Connection Pool tab.
  4. Scroll down and click Advanced to show the advanced connection pool options.
  5. In Wrap Data Types, deselect the checkbox to disable wrapping.
  6. Click Save.
Of course on a production-mode server you need to Lock&Edit upfront and Activate Changes afterwards.
See also:

Wednesday, 8 July 2015

OpenSSL and KeyTool commands

Earlier I wrote an article about message transport security in Oracle B2B. It collects a few usefull Java Keytool and OpenSSL commands to convert and import Certificates.

Today I learned another (from co-worker Joris, thanks).

This is how to get a certificate from an external server.
openssl x509 -in <(openssl s_client -connect {remote-host}:443 -prexit 2>/dev/null) -out /tmp/certificate.crt 

This is usefull, because in some cases the remote host, maybe a virtual one, where by means of Server Name Indication the specific virtual-host's certificate is to be 'asked', while the actual certificate of the physical host is presented by default. Note that Weblogic (and other JEE Appserver as JBoss, Websphere, Glassfish, etc.) does not support SNI.

I think I should create a blog-entry to collect these usefull commands in one page. However I've found these:


Thursday, 2 July 2015

OSB & MTOM: When to use Include Binary Data by Reference or Value

As can be seen in my blogs of these days, I've been busy with implementing a service using MTOM in OSB. When enabling XOP/MTOM Support you'll have to choose between:
  • Include Binary Data by Reference
  • Include Binary Data by Value

I used the first because I want to process the content in another service on another WLS-Domain. However, in my first service catching the initial request I want to do an XSD validation. And although the rest of the message is valid, the Validate activity raises an exception with the message: 'Element not allowed: binary-content@http://www.bea.com/wli/sb/context in element Bestandsdata....'.

Looking into this problem I came up with this section in the doc,  which states that you use 'Include Binary Data by Value' when you want to:
  • transfer your data to a service that does not support MTOM
  • validate your message
Now, what does this other option? OSB then parses the root of the Inbound MIME message in search for  xop:Include-tags. When found, it will Base64 encode the binary-content and replaces the tags with the Base64-string.

Now, although I want exactly that in the end, I don't want that at this point of the service. I want to transform my message, without the Base64-strings. And I want to encode the data only on my other domain.

So I just want to ignore messages that start with the 'Element not allowed: binary-content@...' messages. To do so I came up with the next expression:
fn:count($fault/ctx:details/con:ValidationFailureDetail/con:message[not(fn:starts-with(text(),'Element not allowed: binary-content@http://www.bea.com/wli/sb/context in element Bestandsdata'))])>0 
Add an If-Then-Else activity to your Error Handler Stage with this expression. Add the following Namespace:
  • Prefix: con
  • Namespace:  http://www.bea.com/wli/sb/stages/transform/config

If the expression evaluates to true, then you have in fact an invalid XML-message. In the else branch you can add a Resume to ignore the exception.

This expression might come in handy in other situations as well.

Set environment properties in SoapUI (freeware)

Ever used SoapUI to test services on multiple environments? Then you probably ran in to the job of ever changing the endpoints to the hosts of the particular environment; development, test, acceptance, production (although I expect you wouldn't use SoapUI against a prod-env). This is not that hard if you have only one service endpoint in the project. But what if you want to test against multiple services or have to call a service on one system with the result of the other during a testcase. You can even have testcases that mock services called by your (BPEL/BPM) process and call back the process to have it process to a further stage. And then you can end up having multiple endpoints per environment.

You can set multiple endpoints on a request and toggle between them. But you'll have to do that for every request.

SoapUI however, supports the use of properties in the endpoints. So you can setup different host-properties and URI properties on the project:
In this case you see that I have one property for the Service URI, the part of the URL after the host:port, and several ...Host properties for each seperate environment, and one actual.

As said, you can have a property based endpoint like this:
So I have one single endpoint defined based on:
http://${#Project#CSServiceHost}/${#Project#CSServiceURI}
Here you see that the endpoint is based on two properties: ${#Project#CSServiceHost} and ${#Project#CSServiceURI}. In those properties '#Project#' refers to the level in SoapUI the properties are defined. You can also refer to #TestSuite#, #TestCase#, etc.

Now you could manually copy and paste the host of the particular environment to the actual host property, but that can be error prone when dealing with multiple endpoints.
What I did was to create a seperate TestSuite called 'ProjectSettings'. In there I created a testcase per environment: 'SetLocalHosts', SsetDevHosts', etc. In there I created a PropertyTransfer that transfers the particular env-host-property to the actual host-property:

You can create a property transfer for each applicable host in your environment. You can enhance the testcase with particular groovyscripts to determine the properties on run-time. You could even call a generic TestCase from there.

Running the particular testcase before your tests will setup your SoapUI project for the target environment in one go.

Maybe I'll enhance this further in my projects, but for now I find this neat. However, it would have been nice if SoapUI would support different environments with hostnames/urls applicable for that environment. And that you could select a target-environment on project level using a poplist.
Also it would be nice to have custom scripts (like macro's) on project level, that could be coupled to a button in the button bar, in stead of how I do it above.