#688 SoapUI with WS Security signature unable to test XXE

[Federico Dotta]

SoapUI v5.1.3 (JRE 1.8.0 rev 60, Windows 8.1) with WS Security signature resolve entities instead of send unresolved ones to the server. In this way is impossibile to execute various types of test (like Xml External Entities XXE) when WS Security Signature is added to the request.

Adding for example to the request the following DOCTYPE:
<!DOCTYPE foo
<!ENTITY language "it">>
<testLanguage>&language;</testLanguage>

Applying the signature with SoapUI, the entity is resolved and the following request is sent to the server:
<testLanguage>it</testLanguage>

There is no way to send the original request with the signature to the server using SoapUI.