SOA testing is a testing of the SOA architectural style. In this testing, the software components are designed to communicate through communication protocols usually over a network. It is an essential aspect of service life cycle management because it enables addressing multiple aspects of service quality across multiple SOA service implementations.
It is a complex testing as a composite software has a lot of moving parts and interconnections, challenging the test. This testing authenticates the whole multi-layered architecture of a software. It tests a set of legacy applications, customized components or third-party components.
It is a way of integrating business applications and processes to meet the business demands. It imparts agility and flexibility to business processes. Any change or modification to the process or software can be directed to specific component without influencing the entire system. In SOA, software developers either develop or buy programs, known as Services.
Services is functional unit of an application or a business process. It can be reused or repeated by another application or business process. They are simple to assemble and easy to configure components. They can be considered as building blocks. They can build any type of application or software. Moreover, they can be easily added to or removed from an application or a business process. Services are largely defined by the function they perform.
Web services are independent software components, and can be published, found and used over the web. Web services communicate through the Internet.
Service Provider publishes a service or software on the Internet.
Users search for a specific web service on the Web Service Registry.
Then, URL (Uniform Resource Locator) and WSDL (Web Service Description Language) is returned. Using them, the service provider the requestor communicates through SOAP messages.
When a user calls a webs service, a HTTP connection is set up to the provider. A SOAP message is generated for instructing the provider to invoke the requested web service logic.
The provider receives a response in the form of SOAP message, which is embedded into the HTTP response. This response is the data format, which is readable and understandable by the user application.
SOA includes may technologies. SOA-built applications have different services that are loosely coupled. SOA testing emphasizes the following 3 system layers −
Services Layer − It includes services, services exposed by a system obtained from business functions. For example, a wellness application includes weight tracker, blood sugar tracker, and blood pressure tracker. This service layer is consisting of the following services that get their respective information from the database − weight tracker service, blood sugar tracker service, blood pressure tracker service, and login/signup service.
Process Layer − This layer includes processes, collection of services that are part of one functionality. The processes may be a part of UI e.g., a search engine, or of a an ETL tool. This layer mainly emphasizes UI and process. UI of the weight tracker, and the integration of UI and the database is the primary objective. We consider the following functions − adding new data, updating existing data, building new tracker, and deleting data.
Consumer Layer − This layer includes UI. Based on this level, SOA software testing is divided into the following 3 levels −
For test designing and test execution, top-down approach and bottom-up approach is respectively used.
Test Planning approach
SOA testers should completely understand the architecture of the software.
The software must be broken down into smaller independent services.
The software structure must be organized under 3 components: data, services, and front-end applications.
The components should be analysed with care, and business circumstances must be outlined.
These business circumstances must be categorized as common circumstances and application specific circumstances.
A Traceability Matrix must be created and maintained, and all the test cases must be traced to business circumstances.
Test Execution approach
Business circumstance driven data base testing
Different aspects of the business relevant to the system is analysed.
Circumstance is developed on the basis of integration of: i) web services of the software, ii) web services and software.
Data is set up based on the above circumstances.
Data must be set up in a way to cover end-to-end circumstances too.
Create dummy interfaces to test services.
Inputs are provided via these dummy interfaces, and the outputs can be authenticated.
When a software uses an interface to an external service that is not being tested, we can create a Stub during integration testing.
This testing on the software is done when there are multiple releases to provide stability and availability to the system.
An extensive regression test set is created that covers the services that form an essential part of the software.
This set can be reused in multiple releases of the process.
This testing tests the component for functionality, security, performance, and interoperability. First, each Service is tested independently.
Functional testing This testing is performed on each Service
To ensure that the Service delivers the correct response to a request.
That correct errors are received for requests along with incorrect data, bad data, etc.
Evaluate each request and response for an operation that the service needs to perform in runtime.
Whenever an error arises at the server, client or network level, authenticate the fault messages.
Check the responses and determine whether they are in the right format.
Determine whether the data received from a response corresponds to the data requested.
Security testing Security testing is an integral part of service level testing of a SOA application, as it ensures its safety. The following are covered during security testing −
Industry Standard determined by Web Services Security testing that must be followed by the Web Service.
Security measures that must function accurately.
Data encryption and digital signatures on documents.
Validation and authorization.
Vulnerabilities must be tested on XML, such as SQL Injection, Malware, XSS, CSRF, etc.
Preventing Service attacks.
Performance testing This testing of any service should be performed because services are reusable, and also many applications might be using the same service simultaneously. Performance testing considers the following factors
Service performance and functions that should be tested under extreme load.
Service performance is compared in individual work and in the application that it is integrated with.
Load testing should be done to verify response time, detect bottlenecks, verifying CPU and memory usage, and also to predict scalability.
Service level testing is performed to guarantee proper functioning of the individual services, and not that of coupled components.
Integration testing is performed emphasizing the interfaces.
This testing covers all possible business circumstances.
Non-functional testing is done again in this phase. The stability of the system is ensured and maintained by security, compliance, and performance testing.
Communication and network protocols are checked to authenticate the consistency of the data communication between Services.
End-to-end testing This testing ensures that the software meets the business needs, functionally as well as non-functionally. It considers the following −
All the services are functioning expectedly after integration.
UI of the software.
Data flow in all the components.
There is always a lack or shortage of interfaces for Services.
The testing process continues across many systems, thereby demanding complex data needs.
Application is a set of components that tends to vary. Thus, regression testing is more frequently needed.
It is very difficult to completely isolate defects because of the multilayer architecture.
It is difficult to predict load, because the service is used in various interfaces. Thus, it makes performance test planning unmanageable.
SOA is a set of diverse technologies. SOA testing needs personnel with different skills which eventually increases planning and execution expenses.
Security testing is also difficult to perform because the application is an integration of multiple services. Moreover, validation is also quite complex.
SOAP UI − This open-source tool is used for Services testing and API testing. It is a desktop application and supports many protocols, e.g., SOAP, REST, HTTP, JMS, AMF, JDBC, etc. It helps develop, inspect and invoke web services. SOAP UI is also used in Load Testing, Automation testing, and Security Testing. It comes with inbuilt reporting tools.
iTKO LISA − This product suite offers a solution for functional testing for distributed systems. It can be used for regression testing, integration testing, load testing and performance testing. It is also used to design and execute test cases.
HP Service Test − This is a functional testing tool that is compatible with UI as well as shared services testing. It enables functional as well as performance testing through a single script. It is integrated with HP QC. It can manage a large amount of service as well as data. it supports interoperability testing via simulation of JEE, AXIS, and DotNet environments.
Parasoft SOA Test − This analysis tool suite is developed for APIs and API testing. It supports Web Services, REST, MQ, JMS, TIBCO, HTTP, XML, etc. It makes possible functional, integration, regression, security, performance testing. The Stubs can be created through Parasoft Virtualize.