How to pass session id as part of Soap request?

java spring session soap soapui

17,224

Solution 1

The API documentation you reference states that the service will set a cookie on the response that needs to be set on any subsequent request. Cookies are sent via HTTP headers, not the body of of the request/response, and are commonly used to establish and maintain sessions. The underlying HTTP client library the web service framework uses is well equipped to handle this for you, but because SOAP web services are designed to be stateless, you usually have to ask the framework if you want it to maintain sessions. When you enable this functionality, it simply means the framework will send any cookies back to the server that the server sends to it, which is precisely what your SOAP API documentation is asking that you do.

To enable this functionality in jax-ws, you set BindingProvider.SESSION_MAINTAIN_PROPERTY to true on the RequestContext. This article gives an example and more details.

Solution 2

There are multiple ways you can extract the session id.

From the xml you have provided it seems the session id is in the xml response. If this is the case the you can use the method suggested by olyv and extract the session id from the xml response.
As lakshman suggest you could use groovy to parse the session id from the xml response.

The below code may be of help.

def groovyUtils = new com.eviware.soapui.support.GroovyUtils( context )
def holder = groovyUtils.getXmlHolder("Properties#response")
log.info holder.getNodeValue("//sessionId")
log.info holder['//sessionId']

This code and its explanation is available at Are you a hot cup? blog.

Another option using groovy is to extract the cookie from the header and store it in a property. The value of this property will be set in each request by creating a header property called cookie and assigning the session id to it. You'll have to verify the property name and value format by looking at the raw response/request.

try this code for example

//in script assertion
String message_size = messageExchange.responseHeaders["session-id"] /or whatever if the cookie name

def state = context.getProperty( com.eviware.soapui.model.testsuite.TestRunContext.HTTP_STATE_PROPERTY )

assert state != null : "Missing HttpState.. Try to set 'Maintain HTTP session' in test case options"

def cookies = state.cookies

Above code sample is from http://forum.soapui.org/viewtopic.php?t=3066#p10957

Lastly, there is a test case level option to maintain http session, if you select this option you wouldn't have to worry about extracting the session id. The soapUI guide on this says..

For example, soapUI uses this internally to store an HttpState object in the context when the "Maintain HTTP Session" option has been selected in the TestCase Options dialog.

link to the above line: http://www.soapui.org/Functional-Testing/testcase-execution.html

Solution 3

Yes, that is a popular mechanism.

As the API states the session key was returned in the Cookie (it is a HTTP header). What is in a response body is only a repetition of the session key (I hope so). You need to extract the cookie from HTTP headers. If you are using the JAX-WS you may enable the session awareness using BindingProvider.SESSION_MAINTAIN_PROPERTY:

Hello proxy = new HelloService().getHelloPort();
((BindingProvider)proxy).getRequestContext().put(BindingProvider.SESSION_MAINTAIN_PROPERTY,true);
String result = proxy.getMessage();
System.out.println(result);

If not, then try to find how to get and set the HTTP headers using your web services framework.

Solution 4

API description you have attached points out that all you need to do is to manage your cookies correctly.

Successful login response will have the cookie with session ID (also duplicated as a <sessionId>xxxx</sessionId> element in the response).

All you have to do is to include this cookie in all subsequent calls to this API.

Depending on your HTTP/SOAP client these things just need setting up and the client simply follows the contract of HTTP Cookie standard, so it receives cookies, stores them for as long as they are valid, and passes them with all subsequent requests made to the same URI.

If you are using SoapUI, just add session management to your test case as per the picture below:

If that is not enough and you want to pop the bonnet up and see what is what see this blog

HTH

View more solutions

17,224

blue-sky

scala :: java

Updated on September 16, 2022

Comments

blue-sky over 1 year

I invoke an authentication request in order receive a session id :

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
      <loginResponse xmlns="urn:company" xmlns:ns2="urn:company">
         <result>
            <sessionId>2342422342.dc8bizxsfapi03</sessionId>
            <msUntilPwdExpiration>2342342342342353452323</msUntilPwdExpiration>
         </result>
      </loginResponse>
   </S:Body>
</S:Envelope>

In the docs for the Soap API that I'm using it states :

A successful login will return a
session ID as an HTTP Cookie. This cookie must be passed back to all subsequent HTTP
Requests that invoke API operations in order to authenticate.

How is the session id passed to the next http reqeust as this is not described ?

I'm assuming I need to embed the session ID within an XML tag as part of the subsequesnt request but this should be detailed in the API or is there a standard mechanism I can use ?