SOA or Service Oriented Architecture is a software development framework employed for building a business application by using a number of small independent services. So, with this context, what is a service? A service is a component of an application that performs one particular task. For example, a payment service is used for online payments, and an authentication service is used for securely logging users into their application. For a real-life situation, an online shopping application may integrate different third-party payment services for credit cards, debit card and online banking payments. They buy these services from third-party vendors, then integrate them with their application. Taking this route is not only cost effective, but also easier to manage and organize, and it is made possible through SOA architecture. Many companies around the world choose to adopt such architectures, instead of building their own complex legacy systems.
The SOA Principle
In SOA, the application sends a request through the service provider’s server via an API gateway, which in turn returns a response. It’s as simple as that. So following a request, the service provider gives access through this API gateway so now the users can access the service through the same gateway. An illustration is given below:
As a further example, you might use an online food ordering app that offers discounts on auspicious occasions and they have announced plans to offer weather discounts, ie. you get more discounts if it’s a rainy or misty day. How will they do this? The application is able to make use of any third-party weather services that can give live weather reports. Based on this service, the developers can now design the app ito be able to give away weather discounts to the users.
The Service Oriented Architecture Testing Process
Service oriented architecture testing is not dissimilar to any other testing strategy but one key point to remember is that both functional and non-functional aspects of the services need to be tested. Since the integration of different services through an API gateway is crucial to successful functioning, equal emphasis needs to be given to both service and integration level testing. In effect, the functionality, performance and security of the services need to be tested independently to ensure that the SOA architecture binds together in order to cater for the business needs it is being built for.
Different testing methods are described below:
Web services testing
We have mentioned that the application talks to different services through different API gateways, so the first thing is to test the APIs or web services involved. This testing can be performed using API testing tools such as SoapUI. Here, you can send the request to the server using the testing tool and verify that the correct response returns from the server. Varying requests can be sent for different scenarios and test data. This is one of the most crucial testing methods in SOA testing.
Here, the functionality of each service will be tested independently. For example, if you have a login service, you should be testing this service independently to make sure that the services works as expected (i.e, the service successfully logs you in for the valid credentials you provide. Similarly, it shouldn’t log you in if invalid credentials are given). This testing can be grouped with the web services testing above, as both follow a similar testing process.
Once the functionality has been satisfactorily tested, don’t forget to move on to testing the performance of the services. Performance testing can be done using any performance or load testing tools such as Jmeter or Gatling.
The main concern when integrating different services with an application will always be security. How secure will your application be, especially when integrated with several third party services? For example, when using Authentication or Payment services, you need to take great care of users’ confidential data so will need to make sure that proper data encryption is used. Also, assessing and handling vulnerabilities such as SQL injection, and cross-site scripting are also very important in service oriented architecture testing. As you can see, testing security is very important.
Key Points in SOA Testing
- The main focus should be on testing the business side of things.
- Because multiple services are often integrated together, it is not uncommon for one or more upgrades or changes to be made to a service that can have an effect on how the end product functions (for example, a service vendor may update one of their service endpoints). To be alert to these potential problems, there should always be an element of regression testing to make sure the system doesn’t collapse as a result of what might be just a minor change with one of the services.
- Since testing uses different tools for API, Performance, and Security testing, different testing tools and expert resources will be needed for testing.