Implementing a custom security algorithm
You can define your own security algorithms for SOAP security profiles by implementing custom security Java™ interfaces that can be used in the WSDL security editor. With custom security algorithms, you can implement proprietary security algorithms that transform the XML before sending and after receiving message content.
Before you begin
The custom security interface and the JAR file that contains it are provided with the product in the customsecuritydefinition folder of the com.ibm.rational.ttt.common.models.core plugin. You need these interfaces to create your own algorithms. If you are using Test Performance , see Extending test execution with custom code for more information about extending test capabilities with Java™ code.
Procedure
- In the test navigator or project explorer, create a new Java™ class in your web service test project folder.
- Implement a security algorithm in Java™ using the following interface:
/** * *************************************************************** * IBM Confidential * * (c) Copyright IBM Corporation. 2008. All Rights Reserved. * * The source code for this program is not published or otherwise * divested of its trade secrets, irrespective of what has been * deposited with the U.S. Copyright Office. * *************************************************************** * */ package com.ibm.rational.test.lt.models.wscore.datamodel.security.xmlsec; import java.util.Properties; import org.w3c.dom.Document; public interface ICustomSecurityAlgorithm { /** * The following methods can be used in both case: * Execution in the workbench and execution of the test. */ /** * Called to process de Document that is sent over a transport. * @param subject */ void process(Document subject); /** * Called to un process a document that is received from a server. * @param subject */ void unProcess(Document subject); /** * Properties defined in the UI of the CustomSecurityAlgorithm. * @param map */ void setProperties(Properties map); /** * The following methods can only be used in terms of cast to test service interface, * or in terms of access to the previous XML information, when the jar containing * the custom security algorithm is deployed in the performance test project. In * this case you cannot use the algorimth directly from the workbench. */ /** * This object corresponds to the ITestExecutionService object. * This applies only to an algorithm that must link to the execution of the test. * If you plan to use this object you will need to deploy the jar containing the * implementation into your performance test project and not directly into the JRE. * * In case of a need of the previous xml document received from the execution you can * obtain the value using: * IDataArea area = ((ITestExecutionService)executionObject).findDataArea(IDataArea.VIRTUALUSER); *String previousXML = (String) area.get("PREVIOUS_XML"); //$NON-NLS-1$ * */ void setExecutionContext(Object executionObject);
The
process
method modifies the XML before it is sent to the server.The
unprocess
method modifies the XML after it is received from the server.The
setProperties
method retrieves any properties that are defined in the security editor for this custom security interface.The
setExecutionContext
method is called during test with the objectITestExecutionServices
that corresponds to the message using this custom security interface. - The custom security interface can be used either in the WSDL
security editor for web services or in XML call elements
in the Local XML security tab.
- If you are testing a WSDL-based web service, right-click the WSDL file in the test navigator or project explorer to open the WSDL security editor, select the Security Algorithms page; then, under Details of selected security algorithm stack, click .
- If you are testing an XML call, open the XML call element in the test editor, select the Local XML Security tab, and then, click
- In custom security, click Browse Class to select the class name of the custom security algorithm, for example : ICustomSecurityAlgorithm.
- Type an Algorithm name for the custom security algorithm.
- In the properties list, use Add, Remove,
or Edit to specify any properties that are
used by the
setProperties
method in your custom security algorithm.