Chapter – 9 Service Oriented Architecture Testing

Certificate in Software Testing skill

Page 1 of 22
Page 2 of 22
 Confidentiality Statement

This document should not be carried outside the physical and virtual boundaries of TCS and
its client work locations. Sharing this document with any person other than a TCS associate
would tantamount to violation of confidentiality agreement signed by you while joining
TCS.

Notice
The information given in this course material is merely for reference. Certain third party
terminologies or matter that may be appearing in the course are used only for contextual
identification and explanation, without an intention to infringe.
Certificate in Software Testing Skill TCS Business Domain Academy

Contents
Chapter-9 Service Oriented Architecture Testing ........................................................... 5
9.1 Introduction to Service Oriented Architecture .......................................................6
9.2 SOA Testing, Strategy and Methods .....................................................................8
9.3 SOA Testing Challenges, Tools and Use Cases..................................................... 13
Summary ........................................................................................................................20
References ...................................................................................................................... 21

Page 4 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Chapter-9 Service Oriented Architecture Testing

Introduction
A service-oriented architecture (SOA) is an application framework that takes business
applications and breaks them down into separate business functions and processes, called
services.
It is a method of integrating business applications and processes together to meet the
business needs and in this architecture the changes to the process or application can be
directed to a specific component without touching the whole system.
Testing of service oriented architecture is called SOA testing.

Learning Objective
After reading this chapter, you will be able to understand:
• Overview
• Why SOA
• What is service
• SOA Testing
• Strategy for SOA Testing
• SOA Testing Methods
• Challenges in SOA Testing
• SOA Testing Tools
• SOA Testing Use Case

Page 5 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

9.1 Introduction to Service Oriented Architecture

9.1.1 Overview

Service oriented architecture (SOA) is a method of integrating business applications and

processes together to meet the business needs. SOA delivers agility and flexibility to
business processes. The changes to the process or application can be directed to a specific
component without touching the whole system. The software developers in SOA either
develop or buy programs called Services.

SOA is one of the software architecture among others like standalone, N-Tire, Client-
Server, distributed etc.

SOA stands for Service Oriented Architecture

• It’s an architecture
• The functionality is exposed as Services
• It follows principles of service orientation
• The services are independent to couple; open-standards based and expose a
definite public interface.
• Services communicate through messages

W3C Definition of SOA: A set of components which can be invoked, and whose interface
descriptions can be published and discovered.

Service Oriented Architecture (SOA) is an approach to implement business systems across a

loosely coupled set of technologies.

SOA is “a way of designing and implementing enterprise applications that deals with the
intercommunication of loosely coupled, coarse grained (business level), reusable artefacts
(services) that are accessed through well-defined, platform independent, interface
contracts.“ -- Steve Wilkes

An service-oriented architecture (SOA) is an application framework that takes business

applications and breaks them down into separate business functions and processes, called
services.

Page 6 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

SOA lets you to build, deploy and integrate these services independently with applications
and the computing platforms on which they run.

An SOA service component free from applications, so we can expose them to customers
and partners.

9.1.2 Why SOA

From last few decades, the complexity of IT systems has been ever increasing. The
architecture and legacy systems have evolved over the time and it’s getting increasingly
difficult for IT systems to keep-up with ever changing business needs, so IT considered it as
a bottleneck.
This creates two main concerns for any organization
• Organizational lag
• Integration nightmares

SOA helps to
• Respond to Business changes
• Address the integration issues
• Leverage the existing investments

9.1.3 What is a service

Service can be defined as a self-contained piece of processing logic which has a well-defined
and discoverable interface through which the consumers (end users) of the service can
interact with it.
In SOA, a Service has got four properties
• Service has got well defined interface which is platform independent
• Service is dynamically locatable and invokable
• Service is self-contained
• Service does not expose “How” of the functionality exposed

In the real life, we also offer and use services!

For example,
• You go to Restaurant
• Look at the Menu
• Give your order to the waiter

Page 7 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

• If the ordered item is readily available ( i.e. cold-drink) then it will be served
immediately
• Else it will be served after some time and the restaurant may have its own mandate
that they will serve in maximum n minutes and by that time item will be served to
you

Figure 1 ; client server Architecture

9.2 SOA Testing, Strategy and Methods

9.2.1 SOA Testing

Service Oriented architecture (SOA) consists of various technologies. Applications built

using SOA has various services which are loosely coupled.

SOA Testing should focus on 3 system layers.

Services layer – This layer involves of the services, services exposed by system derived from
business functions.
For example –
Consider a Wellness Website which consists of
1. Weight Tracker
2. Blood Sugar Tracker
3. Blood Pressure Tracker

Page 8 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Trackers display the respective data and date they are entered. Services layer contains the
services which gets the respective data from the Database
• Weight Tracker service
• Blood Sugar Tracker service
• Blood Pressure Tracker service
• Login Service

Process layer – Process Layer contain the processes, collection of services which are part of
a single functionality.
The processes might be a part of user interface (for ex – any search engine), a part of ETL
tool (for getting data from the database).
The key focus in this layer will be in user interfaces and process.
The user interface of the weight tracker and its integration with the database is the primary
focus.
Below functions will be of consideration
• Adding new data
• Editing existing data
• Creating new tracker
• Deleting data

Consumer layer – This layer mainly comprises of user interfaces.

Based on the layer, the testing of a service oriented architecture application is distributed
into three levels.
1. Service level
2. Interface level
3. End to End level

• Top Down approach is used for Test Designing.

• Bottom Up approach is used for Test Execution.

9.2.2 Strategy for SOA Testing

Test Planning Approach

• The complete architecture of the application should be understood by the testers.

Page 9 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

• The application needs to be broken down into independent services (Service, which
has their own request and response structure and does not depend on any other
service to form response).
• The application structure needs to be reorganized into three components – Data,
Services, and front end applications.
• All the components need to be wisely analysed, and business scenarios should be
chalked out.
• The business scenarios should be classified as common scenarios and application
specific scenarios.
• A traceability matrix should be prepared, and all test cases should be traced to
business scenarios.

Test Execution Approach

• Each service component should be tested.
• Integration testing of the service components should be done to validate the data
flow through the services and data integrity.
• System testing of the complete model should be done to validate the data flow
between front end application and database.
• Performance testing should be done for fine tuning and optimum performance.

9.2.3 SOA Testing Methods

Business scenario driven data based testing

• Various business aspects connected to the system should be analysed.
• Scenarios should be developed created on the integration of
o Various web services of the application
o Web services and application.
• Data set up should be done built on the above scenarios.
• Data set up should be done so as to cover end to end scenarios as well.

Stubs
• Mock interfaces will be created to test services.
• Several inputs can be provided through these interfaces, and the outputs can be
validated.

Page 10 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

• When an application uses an interface to an external service, which is not under test
(3rd party service), a stub can be created during integration testing.

Regression testing
• Regression testing on the application should be done when there are multiple
releases to ensure the stability and availability of the systems.
• A comprehensive regression test suite will be created covering the services which
form a vital part of the application.
• This test suite can be reclaimed in multiple releases of the project.

Service Level Testing

Service Level Testing contains testing the component for functionality, security,
performance and interoperability. Each and every Service needs to be first tested
independently.

Functional Testing
Functional Testing should be done on each and every service to
• Ensure that service delivers the right response to each request.
• Correct errors are received for requests with Invalid data, bad data, etc.
• Check for each request and response for each and every operation the service has to
perform in run time.
• Validate the fault messages when an error occurs at the server, client or network
level.
• Validate that the responses received are in the right format.
• Validate that the data received on the response correspond to the data requested.

Security Testing
Security testing of the web service is an important characteristic during service level testing
of the SOA application; it ensures safety of the application.

The following factors need to be covered during testing:

• Industry Standard defined by WS-Security testing should be abided by the Web
Service.

Page 11 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

• Security measures should work flawlessly.

• Encryption of data and Digital signatures on the documents
• Authentication and Authorization
• SQL Injection, Malware, XSS, CSRF, other vulnerabilities are to be tested on the
XML.
• Denial of Service attacks

Performance Testing
Performance testing of the service needs to be done since the services are reusable and
multiple applications may be using the same service.

The following factors are considered during testing:

• Performance and functionality of the service need to be tested under full load.
• The performance of the service needs to be compared while working independently
and within the application it is coupled with.
• Load testing of service should be performed
o to verify response time
o to check for bottle necks
o to verify utilization of CPU and memory
o to predict scalability

Integration level testing

• Service level testing ensures proper working of only the services individually, it does
not guarantee the working of the coupled components.
• Integration testing is done focusing mainly on the interfaces.
• This phase covers all the possible business scenarios.
• The Non-Functional testing of the application should be done one more time in this
phase. Security, compliance, and performance testing ensure the availability and
stability of the system in all aspects.
• The communication and network protocols should be tested to validate the
consistency of the data communication between the services.
.

Page 12 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

End to End testing

This phase ensures that the application confirm to the business requirements both
functionally and non-functionally.

The below items are ensured to be tested during end to end testing
• All services working as expected after integration
• Exception handling
• User Interface of the application
• Proper data flow through all the components
• Business process

9.3 SOA Testing Challenges, Tools and Use Cases

9.3.1 Challenges in SOA Testing

Below are challenges in Service Oriented Architecture Testing

• Lack of GUI interfaces for Services.
• Testing process extents across multiple systems thus creating complex data needs
• The application is a collection of many components which inclines to change. The
need for regression testing is more frequent.
• Due to Multilayer architecture, it is difficult to separate defects.
• External services to the organization
• Since the service will be used in different interfaces, it is difficult to predicting load,
hence making performance test planning cumbersome.
• SOA is a collection of varied technologies. Testing of an SOA application requires
people with different skill sets which in turn increase the planning and execution
costs.
• Since the application is an integration of multiple services, security testing has its
own share of griefs. Validation of authentication and authorization is pretty
considerable difficult.

9.3.2 SOA Testing Tools

There are many available tools in market which helps in testing SOA applications. Few of
them are given below.

Page 13 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

SOAP UI : This is an open source Functional testing tool for Services and API Testing.
• Desktop application
• Supports multiple protocols – SOAP, REST, HTTP, JMS, AMF, JDBC
• Web services can be developed, inspected and invoked.
• Can also use for load testing, automation testing and security testing
• Stubs can be created by MockServices
• Web Service requests and tests can be generated automatically through its web
service client.
• Have inbuilt reporting tools
• Developed by SmartBear

iTKO LISA : This is a product suite which provides a functional testing solution for
distributing systems like SOA.
• Can also use for regression, integration, load and performance testing.
• Developed by iTKO (CA Technologies)
• Can be used to design and execute tests.

HP Service Test: This is a functional testing tool, which supports both UI and shared
services testing
• Both functional and performance test of services can be done by a single script.
• Integrated with HP QC.
• The massive amount of service and data can be managed.
• Supports interoperability testing by simulating JEE, AXIS, and DotNet client
environments.
• Developed by HP.

ParaSoft SOA Test: This is a testing and analysis tool suite developed for API and API
applications testing.
• Supports Web Services, REST, JSON, MQ, JMS, TIBCO, HTTP, XML technologies.
• Functional, Unit, Integration, Regression, Security, Interoperability, Compliance
and Performance Testing are possible.
• Stubs can be created using Parasoft Virtualize, which are intelligent than SOAP UI.
• Developed by ParaSoft

Page 14 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Figure 2 : Phases vs Automation Tools

Note: In above table, the listing is not a exhaustive listing of all available tools. Selection of
tools should be done based on technology and SOA implementation.

9.3.3 SOA Testing Use case

Consider an ecommerce Website, which contains the below functions and Sub-functions

Table 1 : Website Functions

Order Processing Account Management

Create Order Check Customer Status
Cancle order Check Product Availability
Check Order Status Payment Details

Page 15 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Step 1: In this SOA Testing phase i.e. In Test Strategy Phase, the application is fragmented
into services and business functions.
Let us consider below are the services in the application
• Create an order
• Check customer Status
• Change order status
• Check Order Status
• Check Inventory
Business functions being the same as the functions of the Website.
The Test Strategy doc. would cover the list of the services and the functions which have to
be tested.

Step 2: Test cases are written for each levels

End to End level: The test cases are written for each business use case and flow.
1. Create order with active user.
2. Create order with inactive user.
3. Create order with available product with order quantity < available quantity.
4. Create order with available product with order quantity > available quantity.
5. Create order with multiple items
6. Cancel an order completely.
7. Cancel order partially.

Integration level: Test cases are written for integration of database and user interface.
Below are example test cases.
1. Create a new order with a single item. Verify that the order is created on the
database.
2. Create a new order with single item. Verify that the price calculated for the order is
correct.
3. Create a new order with single item. Verify that the quantity of the available
product is less by the order amount.
4. Verify that the status of the order displayed on the UI is same as that on the
database.
5. Cancel the order and verify that the status of the order is modified on the database.

Page 16 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

6. For first time payment, verify that the payment details entered on the UI is saved on
the database.
7. For returning payments, verify that the payment details on the database are
displayed on the UI.

Service level: Each service is tested for all the data conditions.
Below are few examples.
1. Create Order.
No. of Items = 1
Quantity on order < Quantity on database
2. Create Order.
No. of Items > 1
Quantity on Order < Quantity on database.
3. Create Order
No. of Items = 1
Quantity on Order > Quantity on database
4. Check Order status
Status on database = Active
5. Check Order status
Status on database = Shipped
6. Check Order status
Status on database = Cancelled
7. Check Order status
Order id = Invalid
8. Check product availability
Quantity of product >0
9. Check product availability
Quantity of product =0
10. Check product availability
Product id = invalid

Step 3 Test Execution

Test Execution uses bottom up approach i.e. service level testing is done first, then
Integration level and at last End to End testing.

Page 17 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Service level: Let us consider that SOAPUI tool is considered for testing the application.
The WSDL (Web services description Language) and URL are browsed into the test window
of SOAP. The request for every service will be displayed on the request window.
By modifying the data as per the service level test cases, requests are created for each test
case.

Figure 3 : Test Case

Integration Level: The integration level test cases are executed on the User interfaces and
database.
Create order with a single item
• User opens the website.
• Goes to place order.
• Selects a valid product and quantity and saves the order.
• Message saying the Order is placed successfully should be displayed.
• User opens database and checks if the details of the order are same as that entered
on the website.

Page 18 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

End to End level: The use cases are executed on the User interface.
Create order with multiple items –
• User opens website.
• Goes to place order.
• Enquires about an effective product and quantity, adds them to cart.
• Other valid products are added with valid quantities and the order is saved.
Payment is done through a new payment method and order is placed.
• Message saying "Order placed successfully" should be displayed.
• Tester should validate that the whole flow is done without skewing of data.

Page 19 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

Summary

• SOA is a method of integrating business applications and processes together to

meet the business needs.
• SOA delivers agility and flexibility to business processes.
• SOA is one of the software architecture among others like standalone, N-Tire,
Client-Server, distributed etc.
• Service Oriented Architecture is an approach to implement business systems across
a loosely coupled set of technologies.
• Service can be defined as a self-contained piece of processing logic which has a
well-defined and discoverable interface through which the consumers (end users) of
the service can interact with it.
• Service Level Testing contains testing the component for functionality, security,
performance and interoperability.
• Security testing of the web service is an important characteristic during service level
testing of the SOA application; it ensures safety of the application.
• Performance testing of the service needs to be done since the services are reusable
and multiple applications may be using the same service.
• SOAP UI is an open source Functional testing tool for Services and API Testing.
• iTKO LISA is a product suite which provides a functional testing solution for
distributing systems like SOA.
• HP Service Test is a functional testing tool, which supports both UI and shared
services testing
• ParaSoft SOA Test is a testing and analysis tool suite developed for API and API
applications testing.

Page 20 of 22
Certificate in Software Testing Skill TCS Business Domain Academy

References

• Browse below links for SOA Testing TCS offerings

http://www.tcs.com/industries/banking/Assurance/Pages/default.aspx

Page 21 of 22