DB connection:
1) Put the OJDBC14 jar file in LISA—lib and hot deploy folder
2) Go to LISA – database and copy oracle-site property file and paste it in the LISA home directory
3) Change the file name as Site
4) Edit the below properties
lisadb.pool.common.driverClass
lisadb.pool.common.url
lisadb.pool.common.user
lisadb.pool.common.password
lisadb.internal.enabled=false
5) In LISA add a step for sql injection with the below instructions
Enter jdbc driver as oracle.jdbc.driver.Oracledriver
Enter connection string
Enter username and pw
Select “Returns results set” checkbox only for select query. Disable it for insert and update queries
Make the sql command in single line
Remove semi colon at the end of the query
6) Always declare the property in the below format - '{{ItemTag}}'
Creating WSDL
1) Click Add button in stateless transaction section
2) Change the match style as operation
3) In operation enter ( GET /”End point”) not wsdl url
4) In request data add an arguments name and value as “wsdl”
5) In request data meta data add the below details
HTTP-Method GET
HTTP-URI /”End point”
HTTP-Version HTTP/1.1
Accept image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language en-us
User-Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8)
Accept-Encoding gzip, deflate
Host localhost:8001
Connection Keep-Alive
6) In response section copy and paste the request
Enter the wsdl url for the service and copy the request and paste it in the response body section
Change the end point of the service in the request. It should be in “”
7) In Meta data section enter the below keys
Content-Type text/xml; charset=utf-8
Date {{=httpNow()}}
HTTP-Response-Code 200
HTTP-Response-Code-Text OK
Server LISA/Virtual-Environment-Server
X-Powered-By Servlet/2.5 JSP/2.1
8) Run the ITR and open IE , open the end point wsdl url. It should display the request without error
Deploying the VSM:
1) Open server console
2) Right click VSM and select create MAR info file
3) Enter the name and version and click ok
4) Now select mar info and click Build model archive
5) Save it to the project
6) In server console select deploy a new service button in the top
7) Select a model archive from your project and click deploy button
8) After deploy start the service
9) Now hit the service in the real environment
VSM Model
1) Always the respond should come from the virtual image selection
2) We can remove virtual route tracker
3) Double click https listen and enter the end point in the base path field “/end point”
Adding a filter
Select https listen
Select add filter button under filter section
Select xml filter – parse text from xml flter
Enter filter in as “lisa.vse.http.current.transaction.body”
Enter the tag which is used in the request for ex : v12:StoreID
Enter any property name
For database filter
Select databse filter – Extract result from jdbc result set
Adding an assertion
Select add xml filter ---ensure result contains the string
Adding a data set
Select common data sets and random code generator
General guidelines:
1) All the req and res pair should be in Data folder
2) Req should be in the format of –req and response should be in the format f –rsp
3) Save the service image as “SI_project name.VSI” and the vsm as “VSM_project name.vsm”
4) Save the project as BBYM_RL_service name_Ver01”
5) Enter 9090 in the port while configuring HTTPS protocol
6) Save the ITR after execution if required
7) Request match style should be signature and response should be exact
8) Enable magic string check box for the all the values which is passed through the request
9) In response all the comparison operation should be “Anything” under the arguments
10) Check for the VSM path before the execution
11) Note down all the steps added and the changes made under Documentation section
12) Check with the content type in the response
13) Check with the req/res pairs which is currently used in the application
1) Put the OJDBC14 jar file in LISA—lib and hot deploy folder
2) Go to LISA – database and copy oracle-site property file and paste it in the LISA home directory
3) Change the file name as Site
4) Edit the below properties
lisadb.pool.common.driverClass
lisadb.pool.common.url
lisadb.pool.common.user
lisadb.pool.common.password
lisadb.internal.enabled=false
5) In LISA add a step for sql injection with the below instructions
Enter jdbc driver as oracle.jdbc.driver.Oracledriver
Enter connection string
Enter username and pw
Select “Returns results set” checkbox only for select query. Disable it for insert and update queries
Make the sql command in single line
Remove semi colon at the end of the query
6) Always declare the property in the below format - '{{ItemTag}}'
Creating WSDL
1) Click Add button in stateless transaction section
2) Change the match style as operation
3) In operation enter ( GET /”End point”) not wsdl url
4) In request data add an arguments name and value as “wsdl”
5) In request data meta data add the below details
HTTP-Method GET
HTTP-URI /”End point”
HTTP-Version HTTP/1.1
Accept image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language en-us
User-Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; MS-RTC LM 8)
Accept-Encoding gzip, deflate
Host localhost:8001
Connection Keep-Alive
6) In response section copy and paste the request
Enter the wsdl url for the service and copy the request and paste it in the response body section
Change the end point of the service in the request. It should be in “
7) In Meta data section enter the below keys
Content-Type text/xml; charset=utf-8
Date {{=httpNow()}}
HTTP-Response-Code 200
HTTP-Response-Code-Text OK
Server LISA/Virtual-Environment-Server
X-Powered-By Servlet/2.5 JSP/2.1
8) Run the ITR and open IE , open the end point wsdl url. It should display the request without error
Deploying the VSM:
1) Open server console
2) Right click VSM and select create MAR info file
3) Enter the name and version and click ok
4) Now select mar info and click Build model archive
5) Save it to the project
6) In server console select deploy a new service button in the top
7) Select a model archive from your project and click deploy button
8) After deploy start the service
9) Now hit the service in the real environment
VSM Model
1) Always the respond should come from the virtual image selection
2) We can remove virtual route tracker
3) Double click https listen and enter the end point in the base path field “/end point”
Adding a filter
Select https listen
Select add filter button under filter section
Select xml filter – parse text from xml flter
Enter filter in as “lisa.vse.http.current.transaction.body”
Enter the tag which is used in the request for ex : v12:StoreID
Enter any property name
For database filter
Select databse filter – Extract result from jdbc result set
Adding an assertion
Select add xml filter ---ensure result contains the string
Adding a data set
Select common data sets and random code generator
General guidelines:
1) All the req and res pair should be in Data folder
2) Req should be in the format of –req and response should be in the format f –rsp
3) Save the service image as “SI_project name.VSI” and the vsm as “VSM_project name.vsm”
4) Save the project as BBYM_RL_service name_Ver01”
5) Enter 9090 in the port while configuring HTTPS protocol
6) Save the ITR after execution if required
7) Request match style should be signature and response should be exact
8) Enable magic string check box for the all the values which is passed through the request
9) In response all the comparison operation should be “Anything” under the arguments
10) Check for the VSM path before the execution
11) Note down all the steps added and the changes made under Documentation section
12) Check with the content type in the response
13) Check with the req/res pairs which is currently used in the application
