Using external SOAP services Operations
SOAP (Simple Object Access Protocol) is a standardized protocol for transmitting messages between a client and a server. It is typically used in conjunction with HTTP(S), but can also work with other application layer protocols (such as SMTP and FTP). SOAP testing from the point of view of testing techniques is no fundamentally different from working with other APIs, but it requires
(in terms of protocol theory) and special testing tools. In this article, I would like to formulate a small checklist of necessary knowledge and skills, which will be equally useful both to a SOAP tester (who often has no idea what to grab hold of after setting the task) and to a manager who is forced to evaluate the knowledge of testers and develop plans for training.
Theoretical basis
The fact that SOAP is a protocol has a lot of implications for testing: you need to study the protocol itself, the "primary" standards and protocols on which it is based, and (as necessary) existing extensions.
Natasha
Reminder
Don't forget to write an article!
You can learn more about XML at w3schools or codenet (in Russian). Be sure to pay attention to the description of namespaces (a method for resolving conflicts when describing elements in XML) - their use is required in SOAP.
...
...
XSD
In your work, you may also come across various “extensions” of SOAP - standards like WS-*. One of the most common is WS-Security, which allows you to work with encryption and electronic signatures. Often, WS-Policy is used along with it, with which you can manage the rights to use your service.
Example of using WS-Security:
All these extensions are quite complex structures that are not used in every SOAP service; their detailed study at the initial stage of mastering SOAP testing is unlikely to be relevant.
As you already understand, SOAP is a serious matter; to work with it you need to know the theory and numerous standards. In practice, such complexity would lead to very significant labor costs (for example, you would have to look at the diagram in a notebook every time and send requests with curl). Therefore, tools have been created to make working with SOAP easier.
XML/XSD editors
A good tester begins testing at the stage of writing documentation, so it is convenient to use special editors to test circuits. The two most famous are Oxygen (cross-platform) and Altova (Windows only); both of them are paid. These are very powerful programs that analysts actively use when describing services.
In my practice, three editor features turned out to be useful: XSD visualization, XML generation based on XSD, and XML validation based on XSD.
1. XSD visualization needed for a visual representation of the diagram, allowing you to quickly identify the required elements and attributes, as well as existing restrictions. For example, for a CheckTextRequest, the text element is required, and all three attributes are optional (with the options attribute having a default value of zero).
Visualization is necessary when there are many types and restrictions in the diagram. If you only need this and don't want to pay for special editors, then you can consider free alternatives (for example, JDeveloper).
2. XML generation based on XSD useful when you want to see a valid example of a message. I use it to quickly experiment with possible message completions and test the nuances of how restrictions work.
3. After using the feature from point 2, it is useful to carry out XML validation against XSD– that is, check the message for correctness. Together, features 2 and 3 allow you to catch tricky defects in XSD even when the service itself is under development.
SOAP testing almost always involves using SoapUI. You can read about using this tool in various sources (,), but it will be most effective to read the official documentation. I identify 8 conditional levels of SoapUI proficiency:
Level 1 – I can send requests
Learn to create a project based on WSDL. SoapUI can generate all the necessary queries for you; All you have to do is check that they are filled out correctly and click the “Send” button. Once you have developed the skills to create valid queries, you must master the art of creating incorrect queries that cause errors.
Level 2 – I can do Test Suites and Test Cases
Start doing mini-autotests. Test kits and test cases allow you to create API testing scripts, prepare data for requests, and automatically check the response received to ensure it matches what is expected. At first, they can be used simply as collections of queries. For example, if you have created a defect and want to quickly check it after fixing it, you can allocate a separate test kit specifically for defect requests.
Level 3 – I can write Assertions
After mastering test cases, it will be useful for you to learn how to make them automatically verifiable. After this, you will no longer need to look for information about the answer with your eyes: if there is an automatic check, cases will be marked green (if the check is passed) or red (if it is not passed). SoapUI provides a large set of possible assertions, but the most convenient and simple ones are Contains and Not Contains. With their help you can check the availability specific text in the response received. These checks also support regular expression searches.
Level 4 – use XPath and/or XQuery in Assertions
For those who are a little familiar with UI using Selenium, the XPath language is a familiar thing. Roughly speaking, XPath allows you to search for elements in an XML document. XQuery is a similar technology that can use XPath internally; this language is much more powerful, it resembles SQL. Both of these languages can be used in Assertions. Checks with their help are more targeted and stable, so your cases will enjoy greater confidence.
Level 5 – I can write complex tests using special steps
Test cases can contain not only one request, but also several (for example, when you want to emulate the standard user scenario “create entity” → “export entity”). There may be other special steps between requests, for example:
Level 6 – using Groovy scripts
SoapUI allows you to write Groovy scripts in a variety of places. The simplest case is to generate data in the query itself using $(=) inserts. I use these inserts all the time:
Full-fledged scripts can be used as steps in cases and checks. At some point, you will discover that several special steps from the fifth level can be replaced with one script.
Level 7 – using MockServices
WSDL-based SoapUI can generate Mock objects. A mock object is the simplest simulation of a service. With the help of “mocks” you can start writing and debugging test cases even before the service is actually available for testing. They can also be used as “stubs” for temporarily unavailable services.
Level 8 – SoapUI God
Do you know the difference between paid and free versions SoapUI and use the SoapUI API in code. You use plugins and run cases through the command line and/or CI. Your test cases are simple and easy to maintain. In general, you "ate the dog" on this instrument. I would love to talk to someone who has mastered SoapUI at this level. If you are one, sign up in the comments!
Here's an example of what a request to the YandexSpeller API looks like, made using groovy-wslite:
import wslite.soap.*
def client = new SOAPClient("http://speller.yandex.net/services/spellservice?WSDL")
def response = client.send(SOAPAction: "http://speller.yandex.net/services/spellservice/checkText") (
body (
CheckTextRequest("lang": "ru", "xmlns":"http://speller.yandex.net/services/spellservice") (
text("error")
}
}
}
assert "error" == response.CheckTextResponse.SpellResult.error.s.text()
assert "1" == [email protected]()
As far as I know, there are no high-level frameworks (like Rest-assured) for SOAP testing yet, but an interesting tool has recently appeared - karate. With its help, you can describe cases for testing SOAP and REST in the form of scripts like Cucumber / Gherkin. For many testers, turning to karate will be an ideal solution, because such scenarios, in terms of the complexity of writing and supporting cases, will lie somewhere in the middle between using SoapUI and writing your own framework for testing SOAP.
It is unlikely that you will ever want to test SOAP just for yourself (as you might with REST). This is a heavyweight protocol that is used in serious enterprise solutions. But its heaviness is at the same time a gift to the tester: all the technologies used are standardized, there are high-quality tools for work. All that is required from the tester is the desire to learn and use them.
Let's put together the same checklist of necessary skills for a tester. So, if you are just starting to test SOAP services, you need to know and be able to use:
As you can see, the main emphasis is on learning the standards; in SoapUI it’s enough just to be able to execute queries. As you dive into SOAP testing, you will encounter tasks that will require more serious skills and knowledge, but you should not try to learn everything at once. Consistency in increasing the level of complexity of the tasks performed is much more important. By following this recommendation, one day you will realize that you have become a good specialist in this field!
Web services in 1C
This article will discuss issues of integrating 1C with existing web services and using 1C itself as a web service.
In this case, web services will be understood as systems that operate on the Internet and provide interaction with them not only via SOAP (which is precisely a web service), but also in other ways, including regular HTTP(S) requests.
The 1C81 platform introduced the implementation of web services.
But their use is fraught with risks:
The client is issued a sales document (receipt) only if the service transaction is successful. Otherwise, a situation is possible when the client receives a check and is confident that he received a service, but in fact he did not.
SOAP web services use WSDL schemas and XDTO objects to represent data.
In order to use an external service, you need to download its WSDL schema.
Sometimes the WSDL schema does not load into 1C. You can check the validity (correctness) of the schema using any WSDL schema validator, for example http://www.validwsdl.com/.
You need to upload the scheme to some http site (you can use ftp) and indicate the address of the file in which the scheme is loaded:
The peculiarity of loading WSDL in 1C is that valid schemas may not be loaded. There is no built-in validator, so you have to look for an error using destructive analysis, successively reducing the number of elements in the circuit. You can, for example, delete the web service description.
To test a working external web service, use the “Test ArbitraryWebService.epf” processing from the package for this article.
Testing can be used using the example of the Morpher service, which declines names (service address http://www.morpher.ru/WebServices/Morpher.asmx?WSDL):
In this way, you can test any service that has simple entry points containing parameters of simple types: number, date, string.
During processing, you can also specify the login and password that are required to authorize access to the web service.
For debugging, you can use the SoapUI program, which can send an arbitrary request to a web service and receive a response from it.
Unfortunately, SOAP in 1C behaves quite capriciously when working via the HTTPS protocol; practice shows that it is impossible to achieve an HTTPS connection, although the possibility is declared in the platform. The lack of diagnostic and debugging tools to find out the reasons why the connection is not established is taking its toll. Therefore, it is convenient to use SOAP via CURL.
The built-in mechanism for using HTTPS implies that all certificates must be published in a common pem file in the 1C program directory.
It is good practice to create an operation in the service that informs that the service is available. This makes life easier for integrators; it will be easier for them to check whether communication with the service is established.
For example, you can use the Hello operation without parameters, which simply returns the Boolean value True.
The procedure is well described in the documentation: file:///C:/Program%20Files/1cv81/AddDoc/RU/V8AddDoc81.htm#_Toc176167634:
The task of publishing Web services comes down to placing the *.1cws configuration files of Web services in the appropriate directory of the web server with the appropriate settings for the web server. In order to publish Web services, you should execute the menu command “Administration | Publishing Web services."
As a result of executing this command, the Web services publishing window will open.
The Web services publishing window contains the path to the web server and two lists:
Using the "Connection..." button, you should specify the web server on which you want to publish Web services.
The web server path selection window allows you to specify the path in two ways:
The selected Web service is published using the “Publish” button
To cancel publishing a Web service, use the “Delete” button.
You can publish to a local directory or via FTP. You can also publish to a remote server via a UNC path if the remote server is part of the local network.
After publication, the web service is available at the address “http://localhost/test.1cws” or “http://xxx.ru/test.1cws”, where xxx.ru is the address of the remote server and localhost is the typical address of the local server.
To access the service you need to pass authentication.
Authorization issues are well addressed here: http://www.forum.mista.ru/topic.php?id=341168 and in the documentation file:///c:/Program%20Files/1cv81/AddDoc/RU/V8AddDoc81.htm
Typically, a web service runs under one specific user (usually a specially created one). You can “attach” a 1C user using Windows authentication to the Windows user IUSR_ (disable 1C authorization for the user). Alternatively, you can clear the list of 1C users, then authorization is not required.
If several users are required, then you can create several logins for the web server, assign a Windows user to each of them and, accordingly, register access to Windows users in 1C.
In the User and Password properties of the WSProxy object, it is not the 1C login that is used, but the web server user login.
To test 1C as a web service, use the “Test ArbitraryWebService.epf” processing, as described in the “Testing a running external web service” section.
The 1cws file is a WSDL description of the 1C web service.
Typically, retail services are used to provide various services to the population - accepting payments, repaying loans, Money transfers, purchase software and so on.
In this case, a receipt is generated in 1C for the service provided, in which the transaction parameters are saved. After which this check is printed to the client with detailed information about the service provided. It is possible to print a preliminary check so that the client confirms the data entered from his words with his signature.
The service can be integrated in different ways into a retail program written in the 1C language (UT, Retail and others):
To store information about a transaction in a receipt, you need to create an additional tabular part “Complex sales” with the details:
The “Complex Sales: Parameters” directory contains a list of transaction parameters.
It is more profitable to use the tabular part than a set of details, because a transaction may have a lot of them, and in other checks not related to the service, these details will not be used and will take up extra space. In addition, such a solution is universal for any service and does not require data restructuring after the implementation of a new service.
The seller is given a separate bookmark (or a printed form, so as not to change the configuration), in which he can view the transaction details plate for the check.
Let's look at the example of the Paym conditional service for the “Retail” configuration.
If Complex Sales Line is undefined Then Product.Name = Abbreviated LP(Complex Sales Line. Value);
Using programs that integrate with 1C
XDTO is often used in web services. Here are the most important tips and recipes for using XDTO in 1C.
XDTO in the 1C platform
XDTO packages, described in the “XDTO objects” branch of the configuration, are available for creating types and objects in the global factory XDTO Factory. This is not immediately obvious.
Some types in the schema do not have a name; to get them, you need to go through the type hierarchy.
Common problems with XDTO Different XSD Schema Formats In some formats, tags are called xs:, in some xsd:, but 1C safely understands both formats. Once there was a situation where XSD was imported into 1C normally without errors, but did not create a single package. The reason was the absence of an attribute
at the tag, accordingly, 1C did not know which package to place the diagram in, but it did not generate errors.
Service support
IN last years API usage and reliance on web services has increased. Here is a list of 12 web services testing tools that will help you significantly.
Over the past few years, the popularity and use of web services or APIs has increased. A web service or API is a set of procedures or software components that help an application communicate or perform some process/transaction by forming a connection between another application or server. There are mainly two types of web service: REST and SOAP for transferring data and information through Internet Protocol.
Because these web services are available on the Internet and distributed across different networks, they are vulnerable to viruses and security threats that affect the processes that rely on them. Therefore, testing web services or APIs becomes necessary to ensure they function correctly and respond correctly to requests. Software testing is a promising area in the IT field; you can get the necessary knowledge at
There are several commercial and free testing tools in the market to test their connectivity, response and performance. These testing tools automate testing for a specific scenario such as functional testing, load testing, performance testing, etc.
Here are 12 great web service testing tools you should consider for your API or web service testing requirements:
SoapUI is an open source cross-platform testing tool. It can automate functional, regression, consistency, and load tests of both SOAP and REST services. It is easy to use and supports advanced technologies and standards for modeling and incentivizing web service behavior.
TestingWhiz is a “codeless” test automation tool that is compatible with APIs/web services. It allows you to perform functional, interoperability and load testing and work with REST and SOAP web services through a WSDL interface over HTTP and FTP.
SOAPSonar provides end-to-end web service testing for HTML, XML, SOAP, REST and JSON. It provides functional, performance, compatibility, and security testing using OASIS and W3C standards.
SOAtest is a tool for testing and validating APIs and API-driven applications. It provides robust function block support, integration, security, simulation, load testing using technologies such as REST, JSON, MQ, JMS, TIBCO, HTTP and XML.
TestMaker is an open source tool for testing and monitoring the performance of web services and SOA applications using PushtoTest. It runs on Jython (Python written in Java). TestMaker can repurpose Selenium tests, SoapUI tests, Sahi tests, or any tests written in Groovy, Java, Python, PHP, Ruby, and Perl into functional, load tests.
Postman is another API/web service testing tool that has powerful HTTP client support. It has an easy-to-use query builder that allows you to write test cases and manage response data and response times for efficient testing and management of API test cases.
VRest is a tool designed for testing, benchmarking REST APIS and web services. It also supports testing of web, mobile, and desktop applications that interact with third-party APIs or HTTP services.
HttpMaster is another exclusive tool for testing REST web services. It helps testers test the behavior of REST APIs and validate output in formats such as XML, JSON, and HTML. With its universal HTTP tool, HttpMaster also helps the developer to model client activity and API application response behavior.
Runscope is a simple tool for testing and monitoring API performance. Runscope also supports testing of APIs and backend of mobile applications.
Rapise is a robust automation tool with powerful and extensible features. It is based on an open and flexible architecture for fast functional testing of REST/SOAP web services. Rapise also provides support for testing web applications embedded in Java, .NET, Ajax, Silverlight and Flash.
WebInject is a free tool for automated functional, acceptance, and regression testing of web services. It is a command line tool and is based on Perl, which makes it easier to run tests since there is no need to spend time on the command line. Also, it doesn't have an IDE interface, which means tests are written externally user interface WebInject. It can run on platforms with a Perl interpreter.
Finally, Storm is another open source tool from CodePlex for testing web services written in Java or .NET. Currently it only supports SOAP web service.
Of course, the list does not end here, since there are a huge variety of tools for testing web services.
Sign up now or request a call with a free consultation!
Nowadays, it is rare for a modern application to function without an API. This is true both for a simple website and for highly loaded distributed systems. API testing is one of the main tasks in the quality assurance process. It is not surprising that the demand for testers who know how to test APIs is increasing day by day. In this course, you will gain an understanding of methods, tools and approaches in API testing, acquire the necessary knowledge, which will undoubtedly have a positive effect on your value as a testing specialist.
This course will be useful for students familiar with the basics of software testing who want to grow further and improve their skills.
Course program:
Lesson 1. Introductory. SOAP protocol
Lesson 2: SOAP Protocol. REST architecture
Lesson 3. Introducing SoapUI. Working with a REST project
Lesson 4. Working with REST project (XML)
Lesson 5. Working with REST project (JSON)
Lesson 6. Working with Groovy scripts
Lesson 7. Additional features