Following is a diagram of a three-tier architecture based on SOA architecture:
So we have three integration points which makes us understand that we need integration testing also with functional, performance and security testing. So let's sum up the types of testing that are required to test end-to-end Greenfield projects.
A web service may expose single or multiple functionalities via operations and sometimes we need to test a business flow which requires calling multiple services in sequence which is known as orchestration testing in which we validate that a particular business flow meets the requirement.
Click on File in upper-left corner of the top navigation bar.
Verify that a popup opens up which asks for the WSDL or WADL details. There are two ways you can pass a URL to the web location of the WSDL, or you can pass a link to the downloaded WSDL on your local system.
Enter the project name details and the WSDL location which can either be on your local machine or be called from a URL, then click on OK. You may verify that the WSDL is successfully loaded in SoapUI with all the operations.
Now you can see that service is successfully loaded in the workspace of SoapUI.
When you click on Add to TestCase you are asked for the test suite name and then a test case name and finally you will be presented with the following popup:
Here you can create a TestCase and add validations to it at run time.
Please note MSISDN is a unique identifier for a user to be searched in the database and is a mandatory parameter.
API to be tested, Search Customer:
<v11:SearchCustomerRequest> <v11:username>TEST_Agent1</v11:username> <v11:orgID>COM01</v11:orgID> <v11:MSISDN>447830735969</v11:MSISDN>
So to test it we pass the mandatory parameters and verify the response which should get us the response parameters expected to be fetched.
By this we validate that searching for the customer using some Search criteria is successful or not, similarly, in order to test this service from a business point of view we need to validate this service with multiple scenarios. Following is a list of a few of them.
Considering it's a telecom application search customer service:
Verify that a prepay customer is successfully searched for using Search customer
Verify that a post-pay customer is successfully searched for using Search customer
Verify that agents are successfully searched for using search customer
Verify that the results retrieved in response have the right data
Verify that all the mandatory parameters are presenting the response of the service
Response Search Customer
Previous are some examples of Priority1 scenarios that you will require to test this service we will give it a deeper look in the following chapters.
The answer is yes, if you just want to do a very simple test on your service itself, not on the orchestration.
SoapUI does have limitations when it comes to performance testing but it does provide you a functionality to generate load on your web service with different strategies.
So to start with, once you have created your SoapUI project for a service operation, you can just convert the same to a simple load test. Here is how:
Right-click on the Load Test option available:
You will now see that the load test popup appears and the load test is created:
We will learn more about performance testing using SoapUI in the following chapters.
API and web services are highly vulnerable to security attacks and we need to be absolutely sure about the security of the exposed web service depending on the architecture of the web service and the nature of its use.
Some of the common attacks types include the following:
SoapUI's security testing functionality provides scans for every attack type and also, if you want to try a custom attack on the service by writing a custom script.
So the scans provided by SoapUI are as follows:
Cross-site scripting scan
XPath injection scan
SQL injection scan
Malformed XML scan
XML bomb scan
Malicious attachment scan
Following are the steps for how we configure a security test in SoapUI:
You can see an option for Security Tests just below
Load Testsin SoapUI.
Now select New SecurityTest and verify that a popup asking the name of the security test opens:
Select the name of the security test and click on OK.
After that, you should see the security test configuration window opened on the screen. For the service operation of your test case, in case of multiple operation in the same test case, you can configure for multiple operations in a single security test as well.
For this pane you can select and configure scans on your service operations.
To add a scan, click on the selected icon in the following screenshot:
After that you can configure your scan for the relevant parameter by configuring the XPath of the parameter in the request.