This post originated from an RSS feed registered with Agile Buzz by Ryan Ransford. Original Post: Testing Toolbelt: Testing non-xml attributes of responses in SoapUI Feed Title: Active-Active Configuration Feed URL: http://active-active.blogspot.com/feeds/posts/default Feed Description: Active-Active Configuration is a blog about making my place in the enterprise world better. This blog is primarily focused on Java articles, but be prepared to be challenged by posts about dynamic languages, agile tools, and the lighter side of geek culture. Latest Agile Buzz Posts Latest Agile Buzz Posts by Ryan Ransford Latest Posts From Active-Active Configuration

I spend a large part of my time developing web services, therefore, I spend a lot of my time testing web services. One of the major tools I have in my toolbelt for automating web service tests is SoapUI. SoapUI does a lot of things, and even does a lot of things which I don't need, but it does the things I need very well. Today, I was trying to set up some testing for the security on the web service I'm currently developing. As I was setting up the test and pointing SoapUI at the appropriate endpoints with invalid http basic authorization credentials, I realized that there was no straight forward way to assert that the http response code was 401 (unauthorized) or 403 (forbidden). I did some digging, and found that you could create a Script Assertion (uses Groovy) in the SOAP Test Step and use the pre-defined variables, log, context, and messageExchange, to examine contents and statistics for the test step.

Asserting that a SOAP request with no credentials was responded to with a 401

Asserting that a SOAP request with invalid credentials was responded to with a 403

The context variable also has some methods in it which allow you to examine the request and response programmatically, but that's a post for another day.