Invoking webmethods service from XML spy

In the process fo testing a web service from XML spy, i genrated the WSDL for that service in webMethods. With that WSDL, i created a soap request in xml spy and send that request (option is there in xml spy). I have assigned a specific ACL to that service.
I am getting the following error message</webM:className>
<webM:message xml:lang=“”>[ISS.0084.9004] Access Denied</webM:message>
But when i assign the anonymous ACL to that service it runs fine. I wonder why its not asking the user-id & password while sending the soap request or i may be missing some basic settings…



I did not see any way to do this and the XML Spy help file was silent on the topic of setting authentication credentials on an outbound soap request.

You can always use PocketSoap TCPTrace and past the soap request that you created in XML Spy.


Hi Mark,
I have downloaded PocketSoap & TCSTrace and the soap request generated from xml Spy is also ready. But not able to find it out where to put this request. I started the TCPTrace and have put the server parameters.
I looked into the directory where i loaded the PocketSoap, there is only documentation exists, no excutable to creat soap client.



I apologize. I thought I remembered TCPTrace having the option to let you paste a soap message into a window or read one from the file system.

I think I was think of the Apache Axis TCPMonitor utility that was included with older versions of the Axis.jar.

Download a copy of Apache axis, place the axis.jar in your class path and type something like the following:

java -classpath [I]axis_home\[/i]axis.jar org.apache.axis.utils.tcpmon 3333 localhost 5555

Replace axis_home with the path to your axis.jar, replace the “3333” with the port ilistening on and replace “localhost” with the hostname of the IS server.

After you capture the first request, you can modify and send requests or paste new requests into the request window.


I’ve done the same exact thing using XML Spy. When my ACL is set to Anonymous the service works fine. When I set the ACL to “Default” and attempt to send the SOAP Request I’m prompted to enter credentials. Once I enter the credentials the SOAP Request is sent. I’m not sure why you’re experiencing different behavior.


I believe you will need to create an access-controlled custom soap processor and set its service to require some ACL. The soap processor can simply invoke the default soap processor.

Doing this will cause IS to return and HTTP authentication challenge that will cause XML Spy to display a login dialog box.

I do not think either the default (soap-msg) or rpc soap processors do this.


Hi All,
Just to add points to mark’s view above…
I created a access controlled soap processor, registered it with Integrations erver and sets its services to the require ACL group. When i make the soap request with this custom processor from XML spy, it does asks for the user-id and password.
The reason behind is that the Integration Server’s SOAP RPC and default processors do not authenticate a client’s user ID and password when they receive a SOAP request. Instead, they authenticate a client just before invoking the target service. So i just created a service and inside that called the build-in service processRPCMessage (pub.soap.procesor), assigne this service the Execute ACL and then registered this service as SOAP processor
(directive= newRpc). So the new soap requesturl becomes [url]http://localhost:5555/soap/newRpc[/url].
When i make any soap request from xml spy it ask for user-id and password.