In my previous article, Getting Started with SoapUI, I went over the basic functionality of SoapUI and the structure of a SoapUI project. Once you’ve set up test cases for SOAP, REST, JMS, JDBC or AMF APIs, and after you’ve added some assertions to validate your tests, you might be asking yourself: “What else can this little testing tool do to make my life easier?”
Well, I’m glad you asked that rhetorical question so that I can answer it in this article!
Scheduling Your Tests
You can schedule your API tests to run periodically or as part of your continuous integration build. This ensures your services are tested every time they get built or deployed. As part of the automated run you can export results in XML or generate JUnit style reports so that your continuous integration program can parse the results and detect if tests passed or failed.
Is your boss asking you to test a service that your developers haven’t finished building? Well, in this case, SoapUI can save the day by creating a quick mock Web service that you can stand up and start developing your tests against. You can even make this mock service return dynamic responses, and you can deploy the mock service as a WAR file on your application server. I’ve seen users run with this feature and develop enterprise applications out of mock services, but before you take that leap, consider our best practices in regards to mocking.
If your API works fine for each request, raise your testing bar and throw thousands of simultaneous requests against it! You can simulate real life load on your APIs in SoapUI with load testing. Personally, I use LoadUI to run SoapUI load tests, since it lets you change the number of virtual users in the middle of your load test, distribute your load tests across multiple machines (even to the cloud), and monitor your application servers to see if you have sufficient hardware.
Securing Your API
You can check if those pesky hackers have found any vulnerabilities in your APIs with security testing. You can apply SQL Injection, XML Bomb, Fuzzing, and other scans to ensure that your web services don’t expose any potentially sensitive information. If you are looking to implement security tests, I strongly recommend watching the “Better safe than Sony” webinar, conducted by the founders of SoapUI.
Finally, if you need to: share your SoapUI tests with multiple members of a team; keep revision history of test edits; and revert tests to previous versions, you should integrate your SoapUI project into source control. This article talks in detail on how to prepare the project for source control repository and how to refresh updated projects in SoapUI.
With the above functionality you can turn a simple unit test into a suite of robust, automated tests that ensure your API is functional, stable and secure. Also this list is far from complete and I’m always pleasantly surprised by other ingenious ways our users utilize SoapUI. If you have any questions, suggestions, or other examples of advanced uses of SoapUI, do not hesitate to post them in the comments.