Web Services Testing

What are Web Services?

A web service is defined as “a software system designed to support interoperable machine-to-machine interaction over a network”. It has an interface described in a machine-process able format. A web service contains defined functions and methods which can be used by sending XML requests to it using WSDL, Which can be called as interface of a web service. WSDL stands for Web Services Description Language. It is a document written in XML. This document describes a Web service. It specifies the location of the service and the operations (or methods) the service exposes.

Why Web Services?

Advantages of web services:

• Reusable application-components: Web services can offer application-components like: currency conversion, weather reports, or even language translation as services

• Interoperability:Web-applications are simple applications that run on the web. These are built around the Web browser standards and can be used by any browser on any platform

How the Web Services work?

Web services are published in a service registryfrom where all the service customers can identify the services.UDDI (Universal Description,

Discovery and Integration) is a repository where Web services are published.

Service customers register and search for the required web services in UDDI and send a request to the corresponding web services. The response will be send to customer. Both request and responses are in SOAP messages.

Continued…

SOAP is a simple XML-based protocol to let applications exchange information over HTTP. It stands for Simple Object Access Protocol.

Or simply SOAP is a protocol to access web services.

SOAP provides a way to communicate between applications running on different operating systems, with different technologies and programming languages.

The web services architecture is also known as Service Oriented Architecture (SOA).

What is SOA?

The diagram shows a architecture of two services integrated by ESB (Enterprise Service Bus). Here the application A has to call a method in application B. But the XML formats of request/response messages are different for both the applications, A sends a request to ESB which makes a XSLT conversion to the request so that application B understands it. Again the response from B is converted to understandable format for A.

Services can be integrated with out ESB also, If the XSLTs of the request/response messages match.

Continued..

What to test in Web Services?

The four areas to test in Web Services Architecture :

• Functionality• Non Functionality• Integration• Governance

• Functionality test of each layer• Test from individual points of view; from service

provider, consumer and registry• Test for happy path, exceptions and boundary

conditions• Validation of messages, transactions• Manual, script based and automated testing

Functionality testing:

• Security: authentication, authorization, non-repudiation,

data & channel security• Performance: Latency, Response time, Throughput• Interoperability: Forward and backward interoperability checks• Service Reliability, Availability

Non Functionality testing:

Integration testing:• Validation of contexts and Contracts• Validation of standards, routing rules, mediations etc.• Workflows and business rules• Service Orchestration• Testing data driven business logic

Governance testing:• Certify Quality of Service against standards and

policies, SLAs

• Compliance against W3C, WS1 standards• Standards and Compliance requirements specific to

the Industry

Integration and Governance testing

How to validate SOAP messages?

SOAP request/response contains 4 elements in it. They are,1.SOAP Envelop: An element that identifies the XML document as a SOAP message 2.SOAP Header: An element that contains header information3.SOAP Body: An element which contains request or response information4.SOAP Fault: An element which contains errors and status information

A SOAP message skeleton is shown.

When ever SOAP messages are to be validated, Header contains the type of the call (name of the request/ response)

In body element the request data and response data are to be validated given/received by interface

In fault element, the status of the response and the error information (error message) is to be validated