Workflow for testing web services behind SSL authentication

This workflow illustrates the procedure for exploring web services where the WSDL file resides behind SSL authentication.

Procedure

  1. Launch GSC from the Web Services Explorer (Start > HCL AppScan Enterprise Server > Web Services Explorer).
    Note: GSC does not inherit authentication mechanisms that you set in AppScan® Enterprise Server. See the Web Services Explorer Help for details.
  2. In GSC, create a new transport configuration:
    1. Click Transport to open the Transport Configurations tab.
    2. Click Create an HTTP Configuration, and give the new HTTP configuration a name.
    3. At the bottom of the dialog box, select the SSL Connection check box and click Next.
    4. Give the SSL Connection a name, and verify that the Always Trust check box is selected.
    5. Click OK and click Calls to return to the Calls view.
  3. Click the Add WSDL file icon ( WSDL).
  4. Click Import from URL , enter the URL for the WSDL file that you want to import, and select its destination folder.
  5. Click OK to return to the main user interface where you can see a tree of the web services in the left pane.
  6. Explore the services:
    1. In the Call Library, expand the WSDL, binding, and operation, and then select the call element. An interface appears in the right pane for sending requests to the service.
    2. In the Message tab in the right pane, type in the value(s) to send.
    3. In the upper part of the right pane, click the Transport tab. (Note that this is not the same as the Transport tab.)
    4. In the Protocol Configuration area, click Change, and select the new protocol from the list.
    5. Click the Message tab to bring it to the front again, and click Invoke to send the request. The result is displayed in the main pane, and the request is added to the Call History pane at the bottom left of the screen.
    6. Repeat for additional services as required.
      Note: For each request you send to the service, you must manually change the Transport Protocol configuration to your new configuration.
  7. When you have finished, close GSC. You will be prompted to save the package which you can then upload to AppScan Enterprise Server to be included as part of a scan.

What to do next

Run the scan and view the results.