Mastering SoapUI

By Pranai Nandan
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Free Chapter
    Introduction to SOA Testing
About this book

SoapUI is an open-source cross-platform testing application that provides complete test coverage and supports all the standard protocols and technologies. This book includes real-time examples of implementing SoapUI to achieve quality and business assurance.

Starting with the features and functionalities of SoapUI, the book will then focus on functional testing, load testing, and security testing of web services. Furthermore, you will learn how to automate your services and then design data-driven, keyword-driven, and hybrid-driven frameworks in SoapUI. Then the book will show you how to test UIs and services using SoapUI with the help of Selenium. You will also learn how to integrate SoapUI with Jenkins for CI and SoapUI test with QC with backward- and forward-compatibility. The final part of the book will show you how to virtualize a service response in SoapUI using Service Mocking.

You will finish the journey by discovering the best practices for SoapUI test automation and preparing yourself for the online certification of SoapUI.

Publication date:
August 2016


Chapter 1. Introduction to SOA Testing

With the increase in implementation of service-oriented architecture (SOA), architecture across applications leads to various technological and business advantages to the organizations implementing it.

But as it's said; There are two sides to every coin, with SOA architecture came advantages such as the following:

  • Reusability

  • Better scalability

  • Platform independency

  • Business agility

  • Enhanced security

But there are also disadvantages:

  • Increased response time

  • Service management effort is high

  • Implementation cost is high

In this chapter we will study the following topics:

  • Introduction to SOA

  • SoapUI architecture

  • Test levels in SOA testing

  • SOA testing approach

  • Introduction to functional, performance and security testing using SoapUI

  • Is SOA really advantageous?

Well, let's talk about a few of the advantages of SOA architecture:

  • Reusability: If we want to reuse the same piece of functionality exposed via a web service we should be absolutely sure that the functionality of the service is working as expected; security of the service is reliable and has no performance bottlenecks.

  • Business Agility: With more functional changes being easily adopted in a web service, we make the web service prone to functional bugs.

  • Enhanced Security: Web services are usually wrapped around systems that are being protected by several layers of security like SSL and usage of security tokens. Use of the business layer to protect the technical services to be directly exposed is usually handled by these layers. If the security of these layers is removed, the web service is highly vulnerable. Also the use of XML as a communication protocol opens the service to XML based attacks. So to mitigate risks we have SOA testing, and to help you test SOA architecture we have multiple testing tools on the market for example; SoapUI, SoapUI Pro, HP Service Test, ITKO LISA and SOA Parasoft.

But the most widely used and open source tool in the SOA testing arena is SoapUI. Following is a comparative analysis of the most famous tools in the Web service testing & test automation arena.

Comparative Analysis:






SOA Parasoft



Open source

400 $/License

Highly Costly

Highly Costly


Multilayer testing






Scripting support






Protocol support






CI support






Ease of use






Learning curve





As we can see by the preceding comparison metrics, Ease of use, Learning curve, and Cost play a major role in selection of a tool for any project. So to learn ITKO LISA or SOA Parasoft, there is very limited, or no, material available on the Internet. To get resources trained you need to go to the owners of these tools and pay extra and then pay more if you need the training a second time.

This gives additional advantages to SoapUI and SoapUI Pro to be the first choice for Test Architects and Test Managers for their projects.

Now let's talk about the closely related brothers in this subset; SoapUI & SoapUI Pro are from the same family, Eviware, which is now SmartBear. However, SoapUI Pro has an enriched functionality and GUI which have additional functionalities to help reduce the time for testing, justifying its cost as compared to SoapUI open source.

Here is a quick comparison:



SoapUI Pro


Very limited, no rich reporting

Reports are available in different formats

XPath Builder

Not Available


Data source

Not Available

Multiple options for data sources available

Data sink

Not Available


XQuery Builder

Not Available


The additional functionality that is available in SoapUI Pro can be achieved by SoapUI using Groovy script. To sum up everything that is given as UI functionality in SoapUI PRO is achievable with little effort in SoapUI which finally makes SoapUI open source the preferred choice for tool pickers.


SoapUI architecture

Before we move onto the architecture let's take a look the capabilities of SoapUI and how can we use it for the benefit of our projects.

SoapUI provides the following testing features to the test team:

  • Functional testing [manual]

  • Function test automation

  • Performance testing

  • Security testing

  • Web service interoperability testing

Apart from these, SoapUI is also capable of integration with the following:

  • LoadUI for advanced performance testing

  • Selenium for multilayer testing

  • Jenkins for continuous integration

  • HP QC for end-to-end test automation management and execution


SoapUI has a comparatively simple architecture as compared to other tools in the SOA testing world.

The following image, shows the architecture of SoapUI at an overview level:

Let's talk about the architecture in detail:

  • Test config files: Files which require power to test this includes test data, expected results, database connection variables and any other environmental or test specific details.

  • Third-party API: Third-party API helps create an optimized test automation framework example. JExcel API to help integrate with Microsoft Excel to create a data driven framework.

  • Selenium: Selenium JARs to be used for UI automation.

  • SoapUI Runner: This is used to run the SoapUI project and is a very useful utility for test automation as it allows you to run the test from the command line and acts as a trigger for test automation.

  • Groovy: This library is used to enable SoapUI to provide its users with groovy as a scripting language.

  • Properties: Test request properties to hold any dynamically generated data. We also have Test properties to configure SSL and other security configurations for test requests.

  • Test Report: SoapUI provides a Junit style report and user Jasper reporting utility for reporting of test results.


Test architecture in detail

SoapUI Architecture is composed of many key components which help provide the users of SoapUI with advanced functionality like virtualization, XPath, invoking services with JMS endpoints, logging, and debugging.

Let's discuss these key components in detail:

  • Jetty: Service virtualization/mock services

    • We can create replicas of services in cases where the service is not ready or buggy to test. In the meantime, we want to create our test cases, for that we can use service virtualization or mocking and use that service.

    • Jetty is used for hosting virtual services.

    • Provided by Eclipse, Java based web server.

    • Works for both SOAP and Rest.

  • Jasper:

    • Is used to generate reports

    • Open source reporting tool

  • Saxon XSLT and XQuery processor:

    • We can use Path and XQuery to process service results

    • The Saxon platform provides us with the option to process results using Path and XQuery

  • Log4J:

    • Used for logging

    • Provides SoapUI, error, HTTP, Jetty, and memory logs

  • JDBC driver:

    • To interact with different databases we would need the respective drivers

  • Hermes MS:

    • Is used in applications where high volume of transactions take place

    • It is used to send messages to the JMS Queue

    • Receiver results from the JMS Queue

    • We can incorporate Java JMS using Hermes JMS

  • Scripting language:

    • We can choose with Groovy or JavaScript

    • We can select language for each project

    • We can set language at project property level

  • Monitoring:

    • To check what is sent to the service and what is received from the service

  • Runners:

    • Execution can be run without using SoapUI

    • Run from the command line

    • Test runner

    • LoadTestRunner

    • SecurityTestRunner

    • MockServiceRunner

    • Can also be executed from build tools such as Jenkins


Test approaches in SOA testing

Approaches to test SOA architecture are usually based on the scope of the project and requirements to test. Let's look at an example.

Following is a diagram of a three-tier architecture based on SOA architecture:

  • Validation1 or V1: Validation of integration between Presentation Layer to the Services Layer

  • Validation2 or V2: Validation of integration between Services Layer to the Service Catalogue Layer

  • Validation3 or V3: Validation of integration between Product catalogue layer and the database or backend Layer

So we have three integration points which makes us understand that we need integration testing also with functional, performance and security testing. So let's sum up the types of testing that are required to test end-to-end Greenfield projects.

  • Functional testing

  • Integration testing

  • Performance testing

  • Security testing

  • Automation testing

Functional testing

A web service may expose single or multiple functionalities via operations and sometimes we need to test a business flow which requires calling multiple services in sequence which is known as orchestration testing in which we validate that a particular business flow meets the requirement.

Let's see how to configure a SOAP service in SoapUI for functional testing

  1. Open SoapUI by clicking on the launch icon.

  2. Click on File in upper-left corner of the top navigation bar.

  3. Click on New SOAP Project heading in the File menu.

  4. Verify that a popup opens up which asks for the WSDL or WADL details. There are two ways you can pass a URL to the web location of the WSDL, or you can pass a link to the downloaded WSDL on your local system.

  5. Enter the project name details and the WSDL location which can either be on your local machine or be called from a URL, then click on OK. You may verify that the WSDL is successfully loaded in SoapUI with all the operations.

  6. Now you can see that service is successfully loaded in the workspace of SoapUI.

  7. Now, the first step toward an organized test suite is to create a test suite and relevant test cases. To achieve this, click on the operation request:

  8. When you click on Add to TestCase you are asked for the test suite name and then a test case name and finally you will be presented with the following popup:

    Here you can create a TestCase and add validations to it at run time.

  9. After clicking OK you are ready to start your functional and integration testing:

Let's take an example of how to test a simple web service functionally.

Test case: Validate that Search Customer searches for the customer from the system database using an MSISDN (Telecom Service).


Please note MSISDN is a unique identifier for a user to be searched in the database and is a mandatory parameter.

API to be tested, Search Customer:

  • Request body:


So to test it we pass the mandatory parameters and verify the response which should get us the response parameters expected to be fetched.

By this we validate that searching for the customer using some Search criteria is successful or not, similarly, in order to test this service from a business point of view we need to validate this service with multiple scenarios. Following is a list of a few of them.

Considering it's a telecom application search customer service:

  • Verify that a prepay customer is successfully searched for using Search customer

  • Verify that a post-pay customer is successfully searched for using Search customer

  • Verify that agents are successfully searched for using search customer

  • Verify that the results retrieved in response have the right data

  • Verify that all the mandatory parameters are presenting the response of the service

Here is how the response looks:

Response Search Customer


Previous are some examples of Priority1 scenarios that you will require to test this service we will give it a deeper look in the following chapters.

Performance testing

So is it really possible to perform performance testing in SoapUI?

The answer is yes, if you just want to do a very simple test on your service itself, not on the orchestration.

SoapUI does have limitations when it comes to performance testing but it does provide you a functionality to generate load on your web service with different strategies.

So to start with, once you have created your SoapUI project for a service operation, you can just convert the same to a simple load test. Here is how:

  1. Right-click on the Load Test option available:

  2. Now select the name of the load test; a more relevant one will help you in future runs.

  3. You will now see that the load test popup appears and the load test is created:

  4. There are several strategies to generate load in SoapUI. The strategies are as follows:

    • Simple

    • Burst

    • Thread

    • Variance

We will learn more about performance testing using SoapUI in the following chapters.

Security testing

API and web services are highly vulnerable to security attacks and we need to be absolutely sure about the security of the exposed web service depending on the architecture of the web service and the nature of its use.

Some of the common attacks types include the following:

  • Boundary attack

  • Cross-site scripting

  • XPath injection

  • SQL injection

  • Malformed XML

  • XML bomb

  • Malicious attachment

SoapUI's security testing functionality provides scans for every attack type and also, if you want to try a custom attack on the service by writing a custom script.

So the scans provided by SoapUI are as follows:

  • Boundary scan

  • Cross-site scripting scan

  • XPath injection scan

  • SQL injection scan

  • Malformed XML scan

  • XML bomb scan

  • Malicious attachment scan

  • Fuzzing scan

  • Custom script

Following are the steps for how we configure a security test in SoapUI:

  1. You can see an option for Security Tests just below Load Tests in SoapUI.

  2. To add a test, right-click on the Security Tests and select New SecurityTest:

  3. Now select New SecurityTest and verify that a popup asking the name of the security test opens:

  4. Select the name of the security test and click on OK.

  5. After that, you should see the security test configuration window opened on the screen. For the service operation of your test case, in case of multiple operation in the same test case, you can configure for multiple operations in a single security test as well.

    For this pane you can select and configure scans on your service operations.

  6. To add a scan, click on the selected icon in the following screenshot:

  7. After selecting the icon, you can now select the scan you want to generate on your operation:

  8. After that you can configure your scan for the relevant parameter by configuring the XPath of the parameter in the request.

  9. After that you can select Assertions and Strategy tabs from the below options:

  10. You are now ready to run you security test with Boundary Scan:

Now we have learnt how to configure a simple security test in SoapUI, we will learn more about it in detail in the coming chapters.



So now we have been introduced to the key features of SoapUI and by the end of this chapter the readers of this chapter will now be familiar with SOA and SOA Testing. They now will have basic understanding of functional, load, and security testing in SOA using SoapUI.

In the following chapter we will be learning about how to test web services and web service orchestration in detail with real-time examples

About the Author
  • Pranai Nandan

    Pranai Nandan is a "Tester by Choice and Developer by birth" born in the small city of U.P Bareilly India he has come a long way in his life, he started his journey of his studies with Hartman college and temporarily ended it with a BTECH in Computer Science from Invertis university. Over the course of his professional careers he has worked in several geographies across the world including UK and Europe with different companies like QA Infotech, Hitachi Consulting, TIBCO Software's. Currently he works with Cognizant as a Senior Associate in Amsterdam Netherlands. His work in the Testing field has resulted in multiple Test Automation frameworks for different vertical including Retail, Telecom, Media and BFSI. Pranai Nandan is someone who is intrigued by test automation and implementing complex solutions for enterprise business applications to help them achieve their desired ROI.

    Apart from SoapUI he also has expertise on other SOA test Automation and Virtualization tools including Ready API, IBM RIT, ITKO LISA, HP Service Virtualization. His technical expertise also includes tools like Selenium web driver, JMeter, Microsoft, VSTS, HP Load Runner and Jenkins.

    His hobbies are writing poems, playing cricket, knowing about history of different culture& travelling.

    Browse publications by this author
Mastering SoapUI
Unlock this book and the full library FREE for 7 days
Start now