WSO2 API Manager (and all WSO2 products) is built on top of the WSO2 Carbon kernel. Management of WSO2 Carbon is done through SOAP Web services known as admin services. All WSO2 products come with a management console UI, which communicates with these Web services underneath to facilitate administration capabilities through the UI.
However, there can be instances when you want to call these backend Web services directly. For example, in test automation, to minimize the overhead of having to change automation scripts whenever a UI change happens, developers prefer to call the underlying services in scripts (WSO2 test automation framework is built for this purpose).
These backend Web services are secured to prevent anonymous invocations. Common types of security protocols are as follows:
- HTTP basic authentication over SSL
- WS-Security username token
- Session based authentication
After being authenticated, you can invoke the admin services. The example below shows how to invoke admin services that are secured with HTTP basic authentication mechanism, using soapUI (4.5.1 or later).
By default, the WSDLs of admin services is hidden from consumers. Before consumers import it to the SOAP client, a system admin must enable it as follows in <PRODUCT_HOME>/repository/conf/carbon.xml
file and restart the server: <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
- There are many admin services such as ServiceAdmin, StatisticsAdmin, ProxyAdmin etc. We use UserAdmin in this example. Open https://localhost:9443/services/UserAdmin?wsdl in your browser and check whether it is accessible.
- Create a SOAP Web service project in the soapUI, using the above WSDL.
- We invoke the
listAllUsers
operation exposed through UserAdmin Web service. SelectlistAllUsers
operation underUserAdminSoap11Binding
interface and click on the SOAP request.