Executive Summary
The DataPower Gateway Interoperability Test Client (ITC) is an optional SOAP endpoint that takes XSLT and XML and returns the transformation result. The endpoint is accessed through a script provided by IBM in the Resource Kit. This is used by developers to automate a lengthy manual testing process. It also ensures that your developers are testing their XSLTs directly on the appliance.
The ITC should become a core component of your DataPower development process.
Introduction
The default process for running an XSLT for the DataPower environment involves the developers:
- Uploading the XSLT to the appliance
- Creating a Web Service Proxy or XML Firewall that references the transform
- Running a test from a Third Party Service Test Tool
This is a low value time consuming task that is re-run every time a development artifact changes. Luckily, IBM provides an option to improve this situation. The DataPower Interoperability Test Service is a helper utility that supports:
- Testing XSLT Transforms
- Testing XSLT Transforms using SOAP With Attachments (SWA)
- Validating XML against a given an XML Schema Definition (XSD) file
- Validating a SOAP request against a WSDL Contract
- Testing XPath Expressions
- Testing WebSphere Transformation Extender (WTX) Transforms
- Testing FFD Transforms (old Contivo maps that have been deprecated since firmware 3.8)
The service is an endpoint that accepts SOAP requests containing the XML and XSLT and returns the transformed document. The service does not need the developer to upload files or write custom configuration.
Download
The ITC provides as a part of the Resource Kits released with the firmware levels:
The client is found in the ‘interoperability-service/clients’ directory. It consists of a shell script for Linux and a script+jar for other platforms.
Configuring the service
To enable the ITC, start in the default domain. Expand Objects -> Device Management and click on Interoperability Test Service. This will open the configuration page.
The service is exposed over HTTP and/or HTTPS. By default there is no authentication of the connecting client. This could be a security concern. To secure the service, the AAA policy should be updated to restrict access to DataPower developers.
For HTTP, the built-in AAA object will use the HTTP Authorization Header. For HTTPS, you will need to configure the ITC to use your own custom generated key/certificate pair. The HTTPS built-in AAA can also authenticate based on the provided client certificate, but from what I could figure, the clients in the Resource Kit don’t support sending certificates. You would need to change the scripts to add this functionality to the cURL calls. All other authentication types are not supported out of the box in the Resource Kit.
The firmware strongly recommends that this service should only be enabled on a device that does not process sensitive data. Ensure that this service is only enabled on a development device.
Test Client Parameters
The IBM Knowledge Center has defined all the valid arguments to the test clients. For all the commands, basic auth is added with the -u command in the username:password format.
Validating SOAP messages with WSDL Contracts
1 |
./dp-interop-client.sh -t schema -v wsdl -x wsdlfile.wsdl -i soaprequest.xml -h dpbox.foo.com -p 9990 |
Where:
- -t is the type of the request (schema validation)
- -v is the type of validation requested (wsdl)
- -x is the WSDL file
- -i is the XML
- -h is the DataPower device hostname
- -p is the Interop Test port
Conclusion
The ITC will help reduce development time through automation and the HTTP service should be enabled, secured and used often.
Share this Post