Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering SoapUI

You're reading from   Mastering SoapUI Experience SOA Test and Test Automation from an expert view

Arrow left icon
Product type Paperback
Published in Aug 2016
Publisher Packt
ISBN-13 9781783980802
Length 240 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Toc

Table of Contents (12) Chapters Close

Preface 1. Introduction to SOA Testing 2. Functional Testing In Detail FREE CHAPTER 3. Performance Testing of SOA Applications in Detail 4. Security Testing in Detail 5. Test Automation in SOA World 6. Multilayer Test Automation Using SoapUI and Selenium 7. SoapUI Integration with Jenkins and HP QC 8. End-to-End Test Automation 9. Service Mocking 10. Best Practices in SOA Test Automation Index

Test approaches in SOA testing

Approaches to test SOA architecture are usually based on the scope of the project and requirements to test. Let's look at an example.

Following is a diagram of a three-tier architecture based on SOA architecture:

Test approaches in SOA testing
  • Validation1 or V1: Validation of integration between Presentation Layer to the Services Layer
  • Validation2 or V2: Validation of integration between Services Layer to the Service Catalogue Layer
  • Validation3 or V3: Validation of integration between Product catalogue layer and the database or backend Layer

So we have three integration points which makes us understand that we need integration testing also with functional, performance and security testing. So let's sum up the types of testing that are required to test end-to-end Greenfield projects.

  • Functional testing
  • Integration testing
  • Performance testing
  • Security testing
  • Automation testing

Functional testing

A web service may expose single or multiple functionalities via operations and sometimes we need to test a business flow which requires calling multiple services in sequence which is known as orchestration testing in which we validate that a particular business flow meets the requirement.

Let's see how to configure a SOAP service in SoapUI for functional testing

  1. Open SoapUI by clicking on the launch icon.
  2. Click on File in upper-left corner of the top navigation bar.
    Let's see how to configure a SOAP service in SoapUI for functional testing
  3. Click on New SOAP Project heading in the File menu.
    Let's see how to configure a SOAP service in SoapUI for functional testing
  4. Verify that a popup opens up which asks for the WSDL or WADL details. There are two ways you can pass a URL to the web location of the WSDL, or you can pass a link to the downloaded WSDL on your local system.
    Let's see how to configure a SOAP service in SoapUI for functional testing
  5. Enter the project name details and the WSDL location which can either be on your local machine or be called from a URL, then click on OK. You may verify that the WSDL is successfully loaded in SoapUI with all the operations.
    Let's see how to configure a SOAP service in SoapUI for functional testing
  6. Now you can see that service is successfully loaded in the workspace of SoapUI.
    Let's see how to configure a SOAP service in SoapUI for functional testing
  7. Now, the first step toward an organized test suite is to create a test suite and relevant test cases. To achieve this, click on the operation request:
    Let's see how to configure a SOAP service in SoapUI for functional testing
  8. When you click on Add to TestCase you are asked for the test suite name and then a test case name and finally you will be presented with the following popup:
    Let's see how to configure a SOAP service in SoapUI for functional testing

    Here you can create a TestCase and add validations to it at run time.

  9. After clicking OK you are ready to start your functional and integration testing:
    Let's see how to configure a SOAP service in SoapUI for functional testing

Let's take an example of how to test a simple web service functionally.

Test case: Validate that Search Customer searches for the customer from the system database using an MSISDN (Telecom Service).

Note

Please note MSISDN is a unique identifier for a user to be searched in the database and is a mandatory parameter.

API to be tested, Search Customer:

  • Request body:
    <v11:SearchCustomerRequest>
        <v11:username>TEST_Agent1</v11:username>
         <v11:orgID>COM01</v11:orgID>
         <v11:MSISDN>447830735969</v11:MSISDN>

So to test it we pass the mandatory parameters and verify the response which should get us the response parameters expected to be fetched.

By this we validate that searching for the customer using some Search criteria is successful or not, similarly, in order to test this service from a business point of view we need to validate this service with multiple scenarios. Following is a list of a few of them.

Considering it's a telecom application search customer service:

  • Verify that a prepay customer is successfully searched for using Search customer
  • Verify that a post-pay customer is successfully searched for using Search customer
  • Verify that agents are successfully searched for using search customer
  • Verify that the results retrieved in response have the right data
  • Verify that all the mandatory parameters are presenting the response of the service

Here is how the response looks:

Response Search Customer

<TBD>

Previous are some examples of Priority1 scenarios that you will require to test this service we will give it a deeper look in the following chapters.

Performance testing

So is it really possible to perform performance testing in SoapUI?

The answer is yes, if you just want to do a very simple test on your service itself, not on the orchestration.

SoapUI does have limitations when it comes to performance testing but it does provide you a functionality to generate load on your web service with different strategies.

So to start with, once you have created your SoapUI project for a service operation, you can just convert the same to a simple load test. Here is how:

  1. Right-click on the Load Test option available:
    Performance testing
  2. Now select the name of the load test; a more relevant one will help you in future runs.
    Performance testing
  3. You will now see that the load test popup appears and the load test is created:
    Performance testing
  4. There are several strategies to generate load in SoapUI. The strategies are as follows:
    • Simple
    • Burst
    • Thread
    • Variance
    Performance testing

We will learn more about performance testing using SoapUI in the following chapters.

Security testing

API and web services are highly vulnerable to security attacks and we need to be absolutely sure about the security of the exposed web service depending on the architecture of the web service and the nature of its use.

Some of the common attacks types include the following:

  • Boundary attack
  • Cross-site scripting
  • XPath injection
  • SQL injection
  • Malformed XML
  • XML bomb
  • Malicious attachment

SoapUI's security testing functionality provides scans for every attack type and also, if you want to try a custom attack on the service by writing a custom script.

So the scans provided by SoapUI are as follows:

  • Boundary scan
  • Cross-site scripting scan
  • XPath injection scan
  • SQL injection scan
  • Malformed XML scan
  • XML bomb scan
  • Malicious attachment scan
  • Fuzzing scan
  • Custom script

Following are the steps for how we configure a security test in SoapUI:

  1. You can see an option for Security Tests just below Load Tests in SoapUI.
    Security testing
  2. To add a test, right-click on the Security Tests and select New SecurityTest:
    Security testing
  3. Now select New SecurityTest and verify that a popup asking the name of the security test opens:
    Security testing
  4. Select the name of the security test and click on OK.
  5. After that, you should see the security test configuration window opened on the screen. For the service operation of your test case, in case of multiple operation in the same test case, you can configure for multiple operations in a single security test as well.
    Security testing

    For this pane you can select and configure scans on your service operations.

  6. To add a scan, click on the selected icon in the following screenshot:
    Security testing
  7. After selecting the icon, you can now select the scan you want to generate on your operation:
    Security testing
  8. After that you can configure your scan for the relevant parameter by configuring the XPath of the parameter in the request.
    Security testing
  9. After that you can select Assertions and Strategy tabs from the below options:
    Security testing
  10. You are now ready to run you security test with Boundary Scan:
    Security testing

Now we have learnt how to configure a simple security test in SoapUI, we will learn more about it in detail in the coming chapters.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image