How to Get an HTTP Cookie for Web Service Authorization in SoapUI

A web service may need credentials to allow a client to make a request call to the report server. The authorization method depends on the security settings for your report server. SoapUI is a popular web service testing tool, and testers need to send authentication information in SoapUI to the server before testing target requests.

Authorization Types

SoapUI provides a UI function to get credentials for basic authorization, NTLM authorization, and OAuth 2.0 authorization. Testers just need to select the authorization type and type their username, password and domain, then the request can pass the authorized information to the  server. But some servers need the sessionID or cookies to validate, rather than the username. In this blog post, we will discuss how to get the HTTP cookie as a credential.

Get Credentials from HTTP Cookie

Here is a sample where the user has to login to a site and then receives the cookie in the response header. Then, when the user visits the target web service request, the request will catch the cookie to pass authorization in a report server. We can accomplish this with three steps:

1. How to identify the HTTP request for authorization from browser

Get the log-in form, submit the URL using firebug or Chrome. The HTML source code is similar to:

<form data-ajax=”false” name=”loginForm” action=”/Login/cws/processlogin.htm” method=”POST”> Get the parameters for this post operation as below.

2. Create an HTTP request in SoapUI with parameters.

The endpoint URL should be https://localhost/Login/cws/processlogin.htm. The parameters should match the three fields we catches in step 1.

Choosing a Global Software Development Partner to Accelerate Your Digital Strategy

To be successful and outpace the competition, you need a software development partner that excels in exactly the type of digital projects you are now faced with accelerating, and in the most cost effective and optimized way possible.

Get the Guide

3. Pass the cookie to the next target step.

We can see the cookie is created in the headers of the login http request.

A groovy script can help fetch the sso cookie. The script is as follows:

def setCookie = testRunner.testCase.testSteps[“login”].testRequest.response.responseHeaders[“Set-Cookie”]

def re = /(SSOCookie=.*,)/

def matcher = ( setCookie =~ re )

def cookie = matcher[0][0]

def map=[:]

testRunner.testCase.testSteps[“ship”].testRequest.requestHeaders=map

def headers=testRunner.testCase.testSteps[“ship”].testRequest.requestHeaders

headers.put(“Cookie”, cookie)

testRunner.testCase.testSteps[“ship”].testRequest.requestHeaders=headers

Then the cookie has been added to the header of teststeps “Ship” and the communication with the response server can succeed.

Reference

http://www.soapui.org/