Testing of SOA Applications
Transcript of Testing of SOA Applications
Ananthakrishnan J
Architect, Sonata Software
Sonata Software Limitedwww.sonata-software.com
Testing of SOA Applications
Author
Prakash D
Technical White Paper
Technical White Paper www.sonata-software.com
SOA Testing White Paper 1 Sonata Software Limited
STATEMENT OF CONFIDENTIALITY
Information included in this document, in its entirety, is considered both confidential and proprietary to
Sonata Software and may not be copied or disclosed to any other party without its prior written
consent.
All logos used in this document are registered trademarks of the respective organizations.
Technical White Paper www.sonata-software.com
SOA Testing White Paper 2 Sonata Software Limited
Abstract
This White Paper delves into the reasons for the increasing popularity of Service-Oriented Architecture (SOA) applications and the importance of testing them. It also explains the methodologies and processes that must be used to test SOA applications.
About the Author
Prakash D. is working as an IT Consultant with Sonata Software. With Sonata for about four years, he has 6+ years of experience in the area of Software Testing.
Currently, Prakash is handling the Quality Team for a financial application of one of the leading banks based in the Nordic region.
If you would like to interact with the author of this White Paper, feel free to contact us.
To read more about our views on technology, do visit www.sonatablogs.com
Technical White Paper www.sonata-software.com
SOA Testing White Paper 3 Sonata Software Limited
Contents
1. The Momentum for Service-Oriented Architecture (SOA) ……………………………………………………………...4
2. Challenges in SOA Testing……………………………………………………………………………………………………………….5
3. Best Practices for SOA Testing…………………………………………………………………………………………………………6 a. Test Model…………………………………………………………………………………………………………………………………6
b. Test Approach……………………………………………………………………………………………………………………………7
4. SOA Testing: Phases………………………………………………………………………………………………………………………..9 a. Governance Testing…………………………………………………………………………………………………………………..9
b. Unit-Level Testing……………………………………………………………………………………………………………………..11
c. Service-Level Testing…………………………………………………………………………………………………………………11
d. Integration-Level Testing…………………………………………………………………………………………………………..11
e. System-Level Testing…………………………………………………………………………………………………………………11
f. Phase Activities and Deliverables………………………………………………………………………………………………14
5. Summary………………………………………………………………………………………………………………………………………..15
6. Case Study …………………………………………………………….……………………………………………………………………….16
Technical White Paper www.sonata-software.com
SOA Testing White Paper 4 Sonata Software Limited
1. The Momentum for Service-Oriented Architecture (SOA)
Given a highly competitive business landscape, it is imperative for enterprises to be agile in order to survive the rapid changes in technology and business environments, and stay ahead of competition. In practice, this translates into the ease of adding new business models, services and functionalities in response to changing market conditions, competition, etc., with minimal disruption and alterations in the existing IT implementation.
Leading companies around the world are embracing Service-Oriented Architecture (SOA) as a route to benefits in terms of component re-usage, increasing business agility, and reduction of costs and risks.
A recent survey of over 300 corporate IT executives – Enterprises and SMBs -- in North America and Europe revealed the following factors as key drivers for the adoption of SOA:
“Which of the following have been major drivers for SOA adoption?”
Figure: 1
Source: Forrester Research
85% 83%
70% 68%
11%
74% 75%
60%57%
5%
Improved application flexibility
Improved business flexibility
Lower app dev time frames, costs
Lower business costs
Other
Enterprises SMBs
Technical White Paper www.sonata-software.com
SOA Testing White Paper 5 Sonata Software Limited
A critical success factor for the adoption and deployment of SOA applications, and the realization of its intended benefits, as depicted in the figure above, is rigorous testing. With loosely coupled application components delivered as services, QA teams in organizations must focus on complete testing of business workflows across multiple technology layers of the SOA application.
This brings to sharp focus the approach adopted by companies for testing SOA implementations. This White Paper focuses on the following aspects of SOA testing:
Challenges in testing SOA applications
Description of the test model and approach
Different levels of testing in conjunction with governance best practices
2. Challenges in SOA Testing
SOA is a collection of loosely coupled services that integrate business services from multiple applications to deliver end-to-end support to business processes. Verification and validation of interfaces and services (internal / external) that bring together diverse systems and platforms, coupled with allied performance and security considerations, make the testing of SOA applications really complex.
Some of the other challenges that render conventional testing approaches ineffective while testing SOA applications are:
Figure: 2
No user interface for the services in SOA applications
Lack of visibility into loosely-coupled business level services
Dependency on availability of any internal or external services
that offer a business function to perform E2E testing
Multi-skilled test teams: domain, technology and testing knowledge
Availability of test environment which may bring together multiple applications/services
Technical White Paper www.sonata-software.com
SOA Testing White Paper 6 Sonata Software Limited
3. Best Practices for SOA Testing
SOA testing needs to be oriented toward the business process flow connecting components, services and data in order to execute end-to-end testing. The right approach should employ the appropriate test model and test methodologies, and leverage a multi-phased testing cycle covering all layers of the SOA application.
a. Test Model
The V-Model is one of the most suited test models for SOA testing as it implements testing activities such as Design, Analysis, Planning and Execution throughout the SOA project lifecycle.
Figure3: V-Model
User Requirements
Functional Specification
Technical Specification
Program Specification
Build
Unit Test Integration Test
System/Service Test
Acceptance Test
Governance Standards • WSDL Validation • Message
Validation • XML Schema
Validation • WS-I
Interpretability • Service Delivery • Service Change
Management
• Functional Test • Performance
Test • Security Test
• Unit Testing • Governance Testing • Functional Testing • Performance Testing • Security Testing
Technical White Paper www.sonata-software.com
SOA Testing White Paper 7 Sonata Software Limited
This model follows a ‘top-down’ approach for defining user requirements and a ‘bottoms-up’ approach for testing all the services individually as well as collectively and finally, for testing the entire business system.
b. Test Approach
Test planning becomes crucial for SOA solutions since many of them do not have a user interface, while the ability to test multiple types of components simultaneously to form a business process calls for the right approach.
In the ‘bottoms-up’ approach -- adopted for successful SOA testing -- the application’s architecture is broken down to its components, which are then tested, beginning with the ones in the lower layers and subsequently, moving to the ones in the higher layers. The test plan includes details of how all of the components work independently and collectively.
Figure: 4
Monitoring and event management layers
Process
Services
Data Services
Data Abstraction
Database Reg/Rep
Technical White Paper www.sonata-software.com
SOA Testing White Paper 8 Sonata Software Limited
The ‘bottoms-up’ approach of SOA testing has several benefits, such as:
Testing of each of the services of SOA architecture -- from data abstraction to data services,
monitoring and event management layers.
Testing of individual functions within a service for Governance, Functionality, Performance
and Security.
Formal peer reviews against each service to ensure that it complies with the organizational
standards as well as to identify potential interoperability, performance and security defects.
Execution of compliance testing throughout the project lifecycle to ensure enforcement of
the standards and policies.
Managing changes to the existing policies.
SOA testing approaches, in conjunction with Open Source tools, can be used to plan, manage and automate the functional and performance testing of SOA applications, as well as integrate them with Web Services-Interoperability (WS-I) standards formulated by the Web Services-Interoperability Organization.
Technical White Paper www.sonata-software.com
SOA Testing White Paper 9 Sonata Software Limited
4. SOA Testing: Phases
SOA testing can be classified into the following phases:
Governance Testing
Unit-Level Testing
Service-Level Testing
Integration-Level Testing
System Testing
a. Governance Testing
SOA governance refers to the standards and policies that govern the design, build and implementation of an SOA solution, and the policies that must be enforced during its design-time, run-time and change-time.
Figure: 5
Design-time Governance
Run-time Governance
Change-time Governance
• Verifying that a service is meeting with the Web Services interoperability (WS-I) Standards
• Verifying the Services and their interfaces meet the desired recommended standards and practices
• Checking a service against standard rules before it is deployed into production
• Securing services so that they are accessible only to authorized consumers having appropriate permissions and that data is encrypted if required.
• Validating that service operates in compliance with prescribed organizational standards at run-time
• Understanding the service relationships and dependencies.
• Determine impact changes and root cause • Managing changes to existing policies and service level
agreement
Technical White Paper www.sonata-software.com
SOA Testing White Paper 10 Sonata Software Limited
The following checklist identifies the key technical and functional requirements of an SOA governance solution, and can be used to assess the completeness of a governance implementation strategy.
Table: 1
Service Publication
WSDL (Web Service Definition Language) Validation
Validation of:
Web service endpoints
the structure of elements and attributes
namespaces
Message Validation
Validation of:
message body against its schema definition
SOAP (Service-Oriented Architecture Protocol) envelope and structure in accordance with the WSDL and SOAP schemas
the header details of SOAP messages
HTTP requests and responses
secure end-to-end points identification in messages
XML Schema Validation
Validation of:
the structure of elements and attributes
namespaces
data types in XML schema Verification of:
authorized access to services
Standard Interpretability
WS-I Interoperability
Validation of:
SOAP request
SOAP response messages
Service Delivery SLA Management
Validation of:
performance time defined in the SLA
response times under an increasing load as defined in the SLA
Service Change Management
Impact analysis to determine the implications of changing a particular service within the run-time environment
Managing changes to the existing policies and service level agreement
Technical White Paper www.sonata-software.com
SOA Testing White Paper 11 Sonata Software Limited
b. Unit-Level Testing
Unit-level testing is executed to ensure that the components and functions of a service are working as per the specifications.
In unit-level testing, the smallest piece of testable software in the application is isolated from the remainder of the code and tested to validate it against its expected behavior. All the components of the application are tested individually before integrating them into a service.
In unit testing, it is necessary to perform formal peer reviews of the code to ensure that it is in accordance with the organizational standards and to identify any functional, performance and security defects.
c. Service-Level Testing
Service-level testing is carried out with the objective of ensuring that the service meets the requirements as specified. More importantly, it should also verify if the service meets the business and operational requirements of the other processes using it.
d. Integration-Level Testing
The integration test phase focuses on evaluation of the service interfaces. The purpose of integration testing is to determine whether the interface behavior of and information sharing between the services are working as specified or not.
To ensure that all the services delivered to the test phase comply with the defined standards, format and data validation, the test phase also includes testing of the internal as well as external services of the organization.
e. System-Level Testing
System-level testing ensures that the application meets the business acceptance criteria at the overall system level.
Technical White Paper www.sonata-software.com
SOA Testing White Paper 12 Sonata Software Limited
The following table shows the various testing phases and the test types applicable in each phase:
Test Phase
Functional Performance Security Inter-
operability Backward
Compatibility Compliance
Unit-Level
Testing Yes Yes Yes Yes Yes Yes
Service-Level
Testing Yes Yes Yes - - Yes
Integration-Level Testing
Yes - Yes Yes Yes Yes
System-Level
Testing Yes Yes Yes Yes Yes Yes
Table: 2
Technical White Paper www.sonata-software.com
SOA Testing White Paper 13 Sonata Software Limited
Figure 6: End-to-End SOA Testing
Defect Management
Test Execution
Governance
Test Management
Requirement Management
Deliverables Test
Execution
Functional Testing
Performance Testing
Security Testing
Design Time Run Time Change Time
Test Strategy Test Plan Design Test Cases
Test Scripts
Test Data Traceability
Analysis Requirement Management
• Automation Approach
• Test Plan • Test Scripts • Test Reports
• Functional • Governance • Performance
Technical White Paper www.sonata-software.com
SOA Testing White Paper 14 Sonata Software Limited
f. Phase Activities and Deliverables
Testing of SOA applications is usually broken down into four activities. Under each process, certain deliverables are provided for:
Initiation: In this process, Understanding Document, Transition Plan and the Test Methodology Document are prepared.
Test Management: In this process, the Test Plan / Test Strategy and Test Cases / Test Scripts are prepared.
Test Execution: In this process, Test Reports, Web Services, Interoperability Report, Conformance Report and Performance Report are created.
Defect Management: This is the last process in the testing of SOA applications. At this stage, the Defect Summary Report is generated.
Figure 7: Deliverables
Initiation Test Management
Test Execution Defect Management
• Understanding Document
• Transition Plan • Test
Methodology Document
• Test Plan/Test Strategy
• Test Cases • Test Scripts
• Test Reports • Web Services • Interoperability
Report • Conformance
Report • Performance
Report
• Defect Summary Report
Technical White Paper www.sonata-software.com
SOA Testing White Paper 15 Sonata Software Limited
5. Summary
A highly competitive business environment, coupled with rapid technological changes, necessitates it for organizations to embrace SOA in order to stay ahead of competition. SOA is a collection of loosely coupled services that integrate business services from multiple applications to deliver end-to-end support to business processes. A critical success factor for the adoption and deployment of SOA applications by organizations is rigorous testing.
However, verification and validation of interfaces and services – both internal and external -- that bring diverse systems and platforms together, along with allied performance and security considerations, make testing of SOA applications really complex.
Moreover, there are a number of other factors that pose a challenge in testing SOA applications with conventional testing approaches.
End-to-end testing of SOA applications requires the use of the right approach – one with the appropriate test model and test methodologies, and which leverages a multi-phased testing cycle covering all layers of the application. The V-Model is one of the most suited test models for SOA testing as it implements testing activities such as Designing, Analysis, Planning and Execution throughout the SOA project lifecycle.
For successful testing of SOA applications, the ‘bottoms-up’ approach is very widely used. In this approach, the application’s architecture is broken down to its components. Initially, each component in the lower layers and subsequently, the higher layers, is tested individually. The test plan includes details of how all of the components work independently as well as collectively.
SOA testing can be classified into five phases -- Governance Testing, Unit-Level Testing, Service-Level Testing, Integration-Level Testing and System Testing -- and four activities:
Initiation
Test Management
Test Execution
Defect Management
Testing of SOA applications through these methodologies and processes not only ensures their re-usability and agility but also smooth functioning of their component services when integrated into applications.
Technical White Paper www.sonata-software.com
SOA Testing White Paper 16 Sonata Software Limited
6. Case Study
Here is a Case Study that showcases a success story where Sonata has implemented end-to-end SOA testing solutions. Sonata’s test automation framework for SOA environment reduced the total automation effort by 30%.
Client
For a leading player in the airline industry, Sonata provided a complete packing of end-to-end SOA testing solutions.
Business Scenario
The customer had developed a new Crew Management application and was part of the overall SOA architecture. The application accesses the SOA services which are shared across multiple applications and modules. The load on the SOA services was heavy as 3000 users would be using the application. Hence the client was looking at an end to end SOA testing solution.
Solution Provided
Sonata provided end to end SOA testing solution including functional, compliance, performance and security testing services which included:
Test consulting
Tool evaluation and selection (SOAP UI was selected)
Keyword driven test automation framework for functional testing
Development of automation test scripts
Providing an automated regression pack across levels and execution
Performance testing including load, stress and volume
Security testing based on OWASP Top 10 standards
Compliance testing
Benefits:
Sonata’s test automation framework for SOA environment reduced the total test automation efforts by 30%
Regression test pack helped in providing the required stability during the continuous change process
The Performance and Security bottleneck identified during the service level testing helped in reduced Time-to-Market of the application
The identification of the performance characteristics of the application, helped in improved business decisions.
Technical White Paper www.sonata-software.com
SOA Testing White Paper 17 Sonata Software Limited
CORPORATE OFFICE APS Trust Building Bull Temple Road, N. R. Colony Bangalore 560 019, India Tel: 91-80-3097 1999, Fax: 91-80-2661 0972 Email: [email protected] WORLDWIDE OFFICES Dubai Office # 507, Thurraya Tower No.1 P O Box 502818, Dubai Internet City Dubai, United Arab Emirates Tel: 971-4-375-4355, Fax: 971-4-424-0132 Email: [email protected] Germany TUI InfoTec GmbH Karl-Wiechert-Allee 4 30625 Hannover, Germany Tel: 49-511-567 5296 Email: [email protected] India 6, Richmond Road Bangalore - 560 025, India Tel: 91-80-3097 3299, Fax: 91-80-2248 4045 Email: [email protected] 193, R.V. Road, Basavanagudi, Bangalore - 560 004, India Tel: 91-80-3097 2999, Fax: 91-80-2656 7487 Email: [email protected] Sonata Towers, Global Village, Pattenegere & Mylasandra, RVCE Post, Mysore Road, Bangalore - 560 059, India Tel: +91-80-3097 1499 Email: [email protected] 1-10-176, Begumpet Main Road Opp. Hyderabad Public School Hyderabad - 500 016, India Tel: 91-40-3981 3899, Fax: 91-40-2776 4831 Email: [email protected]
Singapore 1, North Bridge Road, #19-04/05 High Street Center Singapore – 179094, Singapore Tel: 65-633-724-72, Fax: 65-633-740-70 Email: [email protected] UK 5, Churchill Court 58, Station Road, North Harrow Middlesex HA2 7SA, UK Tel: 44-20-8863 8833, Fax: 44-20-8863 5533 Email: [email protected] USA 39300 Civic Center Drive, Suite 270, Fremont, CA 94538, USA Tel: 510-791-7220, Fax: 510-791-7270 Email: [email protected] 2018 156th Ave NE, Suite 100, Building F, Bellevue, WA 98007, USA Tel: 425-372-2167, Fax: 425 484 7799 Email: [email protected] 1901 North Roselle Road, Suite 800, Schaumburg, IL 60195, USA Tel: 847-517-6310, Fax: 847-517-6313 Email: [email protected] 11330 Lakefield Drive, Bldg #2, Suite 200 Duluth, GA 30097, USA Tel: 770-814-4213, Fax: 678-623-0236 Email: [email protected] 275 Grove Street, Suite 2-400 Newton, MA 02466, USA Tel: 617-663-4866, Fax: 617-663-6127 Email: [email protected] 212, Carnegie Center, Suite 206 Princeton, NJ 08540, USA Tel: 609-919-6325, Fax: 617-663-6127 Email: [email protected]
If you have any experiences related to software security guidelines that you would like
to share with us, please write in to us on [email protected]