Generic service client call details

In the generic service client, service calls contain the content and the transport information for the call. The contents are made of the SOAP envelope. The transport information refers to the information that is required to send and receive and answer depending on the selected protocol.

Message

This page shows the XML content of the request and provides access to data correlation. The same content is presented in three different ways.

Form
This view provides a simplified view of the message that focuses on editing the values of the XML content. Use the Schema menu to enable assistance with editing XML content so that the XML is valid and complies with the XSD specification.

In the Form view, add the XML headers that are required for standard web service calls. On the Header bar, click Add (Add button) to create the default XML header structure for WS-Addressing, WS-ReliableMessaging or WS-Coordination requests, or click More for other standards. You can enable or disable XML header elements and specify the correct values for each XML element. Checks are performed to ensure that the XML content is valid.

Note: To add XML headers to calls in IBM® Security AppScan®, add a Static XML Headers algorithm on the Request Stack tab of the request.
Tree

This view provides a hierarchical view of the XML structure of the message, including elements, namespaces, and the associated values. You can use Add, Insert, Remove, Up, and Down to edit the XML elements and namespaces in the tree.

Use Skip if Empty column to select the empty XML elements that you want to skip. This column is visible only if you selected the Display the 'Skip if Empty' column in XML tree viewer check box in Window > Preferences > Test > Test editor > Service test.

Click Filter to hide or show namespace, attribute, or text nodes, depending on your requirements.

Click Allow only valid modifications to enable smart editing, based on a specified XML schema document (XSD). To specify a set of XSD documents for the workbench, in the test navigator, right-click the project and select Properties and Schema Catalog. Disable Allow only valid modifications if you do not have an XSD or if you want to bypass the schema.

You can right-click an XML element to convert it to an XML fragment. This enables you to perform data correlation (use datapools and create references) on the entire XML fragment instead of only on the value.

Source
This view displays the source XML content of the message or plain text content. To format XML content, click Format XML text. To wrap XML content into a single line, click Pack XML text to single line. Similar controls are available for JSON content.
Important: In the Source view, do not edit the tags that start with SoaTag. If you delete or change these tags, any references and substitutions in the test will be broken. You cannot recreate these tags after you delete them.

Attachments

This page lists the MIME or DIME attachments that are attached to the request. The contents of this view conform to the Multipurpose Internet Mail Extensions (MIME) or Direct Internet Message Encapsulation (DIME) specification. You can use this page to add workbench resources as MIME or DIME attachments and change properties.

The Content ID is the identifier that the request uses to refer to the attachments. The method for using this identifier depends on your server requirements.
MIME or DIME
Select whether the attachment conforms to the Multipurpose Internet Mail Extensions (MIME) or Direct Internet Message Encapsulation (DIME) specification
Use MTOM transmission mechanism
By default, the request uses SOAP Messages with Attachments (SwA) to handle attachments. Select this option to handle attachments with the SOAP Message Transmission Optimization Mechanism (MTOM).

Transport

This page covers the transport settings used to send the request. The transport protocol settings apply to a transport configuration, which can be either HTTP, Java™ Message Service (JMS), WebSphere® MQ, or Microsoft .NET. You can create several configurations for each protocol so that you can easily switch protocols or variants of protocols.
Note: If you are using IBM Security AppScan,only the HTTP transport protocol is available.
HTTP
Select HTTP to use the HTTP transport for the request. At the request level, you can update a URL or SOAP action and the reference to the global configuration of a test.
Protocol configuration
Click Change to specify a predefined transport configuration or to create a configuration. HTTP transport configurations contain proxy and authentication settings that can be reused.
URL
Specify the URL end point of the service request.
Rest mode
Use this check box to split the REST URL so that it is easy to understand the different parts of REST URL. When you use this option, the main section of URL is placed in the URL field, the resource part is placed in the Resource field, and the parameters are placed in the Parameters field. Use the Add button to manually add more parameters.
Method
Specify the HTTP method to be used to invoke the service request.
Headers
Specify the names and values of any custom HTTP headers that are required by the service. Click Add, Edit or Remove to modify the headers list.
Cookies
Specify the names and values of any cookies that are required by the service. Click Add, Edit or Remove to modify the cookies list.
JMS

Select JMS to use the Java Messaging Service transport for the request. This page enables you to add string properties that are attached to the request for a JMS configuration. These will be sent as message properties through JMS.

Protocol configuration
Click Change to specify a predefined transport configuration or to create a configuration. JMS transport configurations contain generic end point, reception point, and adapter settings that can be reused.
Properties
Specify the names and values of any string properties that are required by the request for the current JMS transport configuration. These are sent as message properties through JMS. Click Add, Edit or Remove to modify the properties list.
WebSphere MQ
Select MQ to use the IBM WebSphere MQ transport for the request. This page enables you to specify the SOAP action and override the settings for the WebSphere MQ configuration selected at the test level.
Protocol configuration
Click Change to specify a predefined transport configuration or to create a configuration. WebSphere MQ transport configurations contain generic queue, header, and SSL settings that can be reused.
SOAP Action
Specifies the SOAP action to be used to invoke the WebSphere MQ request.
Override MQ protocol configuration values
Select this option to configure the fields of the WebSphere MQ message. You can replace a subset of an MQ message descriptor with a custom format for use with other server types, specifically when using an XML message request.
Customize message header
Select this option to specify custom headers for the transport for the SOAP over MQ feature that is provided by WebSphere MQ. This feature uses a predetermined MQ message format (RFH2), therefore, when selected, other Message Descriptor options are disabled.
Message descriptor
These settings replace the message descriptor and header settings of the MQ protocol configuration. Refer to WebSphere MQ documentation for information about message descriptors.
Microsoft .NET
Select Microsoft .NET to use the Microsoft .NET Framework transport for requests based on Windows Communication Foundation (WCF). This page enables you to override the settings for the Microsoft .NET configuration selected at the test level.
Item
Click Add to specify the name and value of the WCF actions that are required by the service. This table is automatically generated when you import a Microsoft .NET WSDL file. Refer to the Microsoft .NET WCF documentation for more information.

Request Stack

Use this page to specify the stack that applies security and addressing parameters and algorithms to service requests before they are sent. Stacks are a set of algorithms that are executed in a given order. Use the WSDL security editor to define a stack for each WSDL. The stack will be applied to all requests that use the WSDL.
Override stack
By default, you edit a stack which attached to a specific WSDL file in the WSDL security editor. Select this option to specify a different security algorithm stack only for the current service request.
Show response stack
The Request Stack page contains algorithms that are applied only to outgoing service requests. Select Show response stack to add a Response Stack page. The Response Stack page allows you to edit security and addressing parameters and algorithms that are applied to incoming responses.
Security Algorithm Details
Click Add, Insert, or Remove to add or remove security algorithms in the stack. Click Up and Down to change the order of a selected algorithm in the security stack. The following security algorithms can be added to the security stack:
Static XML Headers

Use this algorithm to add the XML headers that are required for web service standard calls. On the Header bar, click Add (Add button) to create the default XML header structure for WS-Addressing, WS-ReliableMessaging or WS-Coordination requests, or click More for other standards.

You can enable or disable XML elements in the Header section and specify the correct values for each XML element. Checks are performed to ensure that the XML headers are valid.

Note: The Static XML Headers algorithm is available only in IBM Security AppScan. To add static XML headers to calls in other products, expand the Headers section on the Message tab of the request.
Time Stamp
The time stamp security algorithm adds time stamp information to the XML document in the response. For details on security algorithms, refer to the web service security specification.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Expiration delay
Specify the delay after which the time stamp expires.
Millisecond precision
Select this option to produce a time stamp that uses millisecond precision instead of the default (1/100th second).
User name token
The user name token security algorithm adds a user name token to the XML document in the message. For details on security algorithms, refer to the web service security specification.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Name
Type the name of the user.
Password
Type the password of the user.
Password type
Specify the password type for the security algorithm as defined in the Web Services Security UsernameToken profile.
Use nonce
Select this check box to add the Nonce element to the User Name Token XML code. In most cases, the Nonce ID is required.
Use created
Select this check box to add current timestamp to the Created XML element in the User Name Token XML.
XML Encryption
The XML encryption security algorithm specifies how the XML document is encrypted. For details on security algorithms, refer to the web service security specification.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Identifier type
Select the type of key identifier to be used for the encryption. The following key identifiers are available, as defined in the Web Services Security (WSS) specification X509 profile and the OASIS WSS 1.1 specification:
  • ISSUER_SERIAL
  • BST_DIRECT_REFERENCE
  • X509_KEY_IDENTIFIER
  • SKI_KEY_IDENTIFIER
  • EMBEDDED_KEYNAME
  • THUMBPRINT_IDENTIFIER
  • ENCRYPTED_KEY_SHA1_IDENTIFIER
User XPath part selection
This enables you to specify an XPath query that describes parts of the XML document that can be subjects of the algorithm. By default, the body is the subject.
Key
Select the key used for the encryption. The details of each key vary.
  • x509 key: This specifies the name and password of the x509 key and the keystore where it is located.
  • Raw key: This specifies the name and the byte value of your SecretKey in hexadecimal.
  • Encrypted key: This specifies a reference to an encrypted key that was previously defined in the security stack. Click Insert a new encrypted key to create a new encrypted key definition block.
Encoding Algorithm Name
Specify the encryption method to be used as defined in the XML Encryption Syntax and Processing specification.
Key Encoding Algorithm
Specify the standard algorithm for encoding the key as defined in the XML Encryption Syntax and Processing specification.
XML Signature
The XML signature security algorithm specifies how the XML document is signed. For details on security algorithms, refer to the web service security specification.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Security token
Select the type of key identifier to be used for the signature. The following key identifiers are available, as defined in the the Web Service Security (WSS) specification X509 profile and OASIS WSS 1.1 specification:
  • ISSUER_SERIAL
  • BST_DIRECT_REFERENCE
  • X509_KEY_IDENTIFIER
  • SKI_KEY_IDENTIFIER
  • KEY_VALUE
  • USER_NAME_TOKEN
  • CUSTOM_SYMM_SIGNATURE
In addition, the following identifiers are available when the signature is based on a UsernameToken profile:
  • USER_NAME_TOKEN
  • CUSTOM_SYMM_SIGNATURE
User XPath part selection
Specify an XPath query that describes parts of the XML document that can be the subjects of the algorithm. By default, the body is the subject. Click the XPath Helper button to build the Xpath expression.
Key
Select the key used for the encryption. The details of each key vary.
  • x509 key: This key specifies the name and password of the x509 key and the keystore where it is located.
  • User name token key: This specifies a user name and password for the signature.
  • Encrypted key: This specifies a reference to an encrypted key that was previously defined in the security stack. Click Insert a new encrypted key to create a new encrypted key definition block.
Signature algorithm name
Specify the signature method algorithm as described in the XML Signature Syntax and Processing specification.
Canonicalization
Specify the canonicalization method to be used as described in the XML Signature Syntax and Processing specification.
Digest algorithm method
Specify which digest method to be used based on the algorithm method used on the server side.
Inclusive namespaces
Specify whether the canonicalization is exclusive as described in the Exclusive XML Canonicalization specification.
Encrypted Key
This block defines an encrypted key that can be used in an XML signature or XML encryption block. The encrypted key block must be before a block that uses the encrypted key.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Key name
Specify the name of the encrypted key.
Identifier type
Select the type of key identifier to be used for the key. The following key identifiers are available, as defined in the the Web Service Security (WSS) specification X509 profile and OASIS WSS 1.1 specification:
  • ISSUER_SERIAL
  • BST_DIRECT_REFERENCE
  • X509_KEY_IDENTIFIER
  • THUMBPRINT_IDENTIFIER
  • SKI_KEY_IDENTIFIER
Key size
Specify the size of the key in bits.
Key encoding algorithm name
Specify the algorithm to be used for encoding the key.
Keystore
Select a keystore or click Edit Security to define a new keystore or to manage the existing keystores.
Name
Select a key contained in the specified keystore.
Password
Type the password for the selected key name.
Custom Security Algorithm
If you want to use a Java class as a custom security algorithm, then use this stack element to apply the custom algorithm to the service.
Java Project
If you have not implemented a custom Java class, select Java Project, type a name for the new project, and click Generate to create a new Java class with the default structure for custom security implementations.
Note: If you are using IBM Security AppScan, this field is not available.
Implementation class
Specify the name of the class that implements the custom security algorithm. Click Browse Class to select an existing Java class from the workspace.
Properties
Use this table to send any specific properties and associated values to the custom security algorithm.
WS-Addressing Algorithm
Use this block if your service uses either WS-Addressing 2004/08 or the WS-Addressing 1.0 Core standard.
Namespace
Specify the namespace for either WS-Addressing 2004/08 or WS-Addressing 1.0 Core.
Action if request uses WS-Addressing
Select the action to complete if WS-Addressing is already in the request.
Replace anonymous address in Reply-to with:
Select this option to generate the specified address in the Reply-to header instead of an anonymous address.
Remove WS-Addressing from response
Select this option to strip any WS-Addressing headers from the response.
WS-Policy Algorithm
Use this block if your service requires a security policy file compliant with the WS-Policy specification.
Use policy included in WSDL (WS-PolicyAttachment)
Select this option to use the security policy configuration that is attached to the WSDL as in the WS-PolicyAttachment specification.
Policy
If you are not using the WS-PolicyAttachment specification, specify the XML policy file. Click Browse to add a policy file from the workspace or to import a policy file.
Signature configuration
Select this option to specify a keystore for any signature that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
Encryption configuration
Select this option to specify a keystore for any encryption that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
Decryption configuration
Select this option to specify a keystore for any decryption that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
Retrieve token from security token server (WS-Trust and WS-SecureConversation)
Select this option, and click Configure to specify a Security Token Server (STS) to use with the policy.
Additional properties
Use this table to specify settings for the advanced properties or specific implementations of the WS-Security specification. Click Add to add a property name and to set a value.

Response Stack

Use this page to specify the stack that applies security and addressing parameters to responses after they are received. Stacks are a set of algorithms that are executed in a given order. Use the WSDL security editor to define a stack for each WSDL. The stack will be applied to all requests that use the WSDL.
Override stack
By default, you edit the security algorithm stack attached to a specific WSDL file in the WSDL Security Editor. Select this option to specify a different security algorithm stack only for the current response.
Show response stack
Clear the Show response stack option to hide the Response Stack page.
Security Algorithm Details
Click Add, Insert, or Remove to add or remove security algorithms in the stack. Click Up and Down to change the order of a selected algorithm in the security stack. The following security algorithms can be added to the security stack:
XML Encryption
The XML encryption security algorithm specifies how the XML document is encrypted. For details on security algorithms, refer to the web service security specification.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Identifier type
Select the type of key identifier to be used for the encryption. The following key identifiers are available, as defined in the Web Services Security (WSS) specification X509 profile and the OASIS WSS 1.1 specification:
  • ISSUER_SERIAL
  • BST_DIRECT_REFERENCE
  • X509_KEY_IDENTIFIER
  • SKI_KEY_IDENTIFIER
  • EMBEDDED_KEYNAME
  • THUMBPRINT_IDENTIFIER
  • ENCRYPTED_KEY_SHA1_IDENTIFIER
User XPath part selection
This enables you to specify an XPath query that describes parts of the XML document that can be subjects of the algorithm. By default, the body is the subject.
Key
Select the key used for the encryption. The details of each key vary.
  • x509 key: This specifies the name and password of the x509 key and the keystore where it is located.
  • Raw key: This specifies the name and the byte value of your SecretKey in hexadecimal.
  • Encrypted key: This specifies a reference to an encrypted key that was previously defined in the security stack. Click Insert a new encrypted key to create a new encrypted key definition block.
Encoding Algorithm Name
Specify the encryption method to be used as defined in the XML Encryption Syntax and Processing specification.
Key Encoding Algorithm
Specify the standard algorithm for encoding the key as defined in the XML Encryption Syntax and Processing specification.
Encrypted Key
This block defines an encrypted key that can be used in an XML signature or XML encryption block. The encrypted key block must be before a block that uses the encrypted key.
Actor / Role name
Specify the name of the recipient of the algorithm header element, if required.
Must understand
Select whether it is mandatory that the algorithm header is processed by the recipient, if required. The recipient is either the Actor name or the server.
Key name
Specify the name of the encrypted key.
Identifier type
Select the type of key identifier to be used for the key. The following key identifiers are available, as defined in the the Web Service Security (WSS) specification X509 profile and OASIS WSS 1.1 specification:
  • ISSUER_SERIAL
  • BST_DIRECT_REFERENCE
  • X509_KEY_IDENTIFIER
  • THUMBPRINT_IDENTIFIER
  • SKI_KEY_IDENTIFIER
Key size
Specify the size of the key in bits.
Key encoding algorithm name
Specify the algorithm to be used for encoding the key.
Keystore
Select a keystore or click Edit Security to define a new keystore or to manage the existing keystores.
Name
Select a key contained in the specified keystore.
Password
Type the password for the selected key name.
Custom Security Algorithm
If you want to use a Java class as a custom security algorithm, then use this stack element to apply the custom algorithm to the service.
Java Project
If you have not implemented a custom Java class, select Java Project, type a name for the new project, and click Generate to create a new Java class with the default structure for custom security implementations.
Note: If you are using IBM Security AppScan, this field is not available.
Implementation class
Specify the name of the class that implements the custom security algorithm. Click Browse Class to select an existing Java class from the workspace.
Properties
Use this table to send any specific properties and associated values to the custom security algorithm.
Feedback