Clean up your SOAP-based Web services
The Test Center inspects five worthy tools for keeping your services squeaky clean
SOAP is the currency of the SOA marketplace – for now, anyway. Though SOAP's significance may diminish as Web services evolve, its importance for the time being is unquestionable. Therefore, a substantial portion of the QA work by Web service providers and consumers must entail verifying the accurate exchange of SOAP messages. Not surprisingly, several SOAP-focused Web service testing tools have appeared.
I had an opportunity to look a five such tools: AdventNet's QEngine, Crosscheck Networks SOAPSonar, iTKO’s LISA, Mindreef's SOAPscope Server, and Parasoft's SOAtest.Readers of my earlier reviews of open source Web service testing apps will recall that those products required a relatively technical command of XML, SOAP, and WSDL (Web Service Definition Language). That is less a requirement with these tools; virtually all provide a user-friendly means of manipulating SOAP request-and-response data in ways that insulate the user from hands-on XML work.
Fundamentally, testing a SOAP-based Web service involves three activities: constructing a SOAP request, submitting it, and evaluating the response. As easy as that sounds, it is anything but. An effective SOAP-testing tool cannot simply rely on a user-friendly mechanism for building requests. It must also enable the user to organize and arrange requests in realistic sequences, provide a means of altering request input values, and intelligently tweak requests so as to expose the Web service to a range of good and bad usage scenarios. In short, you want the tool to run the Web service through a reasonable approximation of real-world activity.
In addition, the tool must be equipped with a collection of gadgets for evaluating responses. Such gadgets should include everything from simple string matching to executing an arbitrarily complex XQuery on the SOAP payload.
All of the tools reviewed here provide variations on the preceding capabilities. All make valiant attempts to shield the user from direct exposure to XML, and some keep users entirely in a protective GUI so that coding is never necessary. Meanwhile, most of the tools supply "authorized personnel only" doorways into more advanced testing functions that involve scripting, feeding request data from databases, parsing and filtering results, and so on.
Most also provide conformance verification of the format of SOAP messages and Web service WSDL files to the growing list of Web-service related standards and specifications – primarily the profiles from the Web Services Interoperability Organization (WS-I) and the WS-* specifications from the likes of OASIS and others. Some also offer load-testing capabilities so that you can unleash a squad of virtual clients on the Web service and measure its response to the increased traffic. Some take a "holistic" approach to Web service testing, recognizing that SOAP-based Web services are not the only form of service being presented on the Web.
The offerings are complex, and each could support an entire review on its own. I've done my best to cover the distinguishing features of each tool. You should consult the associated comparison matrix for a high-level glimpse of some of the more important characteristics.