What is SOA & Tutorial? Learning Path – Be Productive with [Oracle]

Last updated on 09th Jul 2020, Blog, Tutorials

The pace of new business projects continues to grow—from increasing customer self-service to seamlessly connecting all your back office and in-the-field applications. At the same time, there is an urgency to mobile-enable existing applications, integrate with the cloud, and begin development on the latest trend of connecting Internet of Things (IoT) devices to your existing infrastructure. When companies address each of these new integration challenges independently, using a patchwork of niche specialty integration toolsets, the original goals of faster business integration, increased application infrastructure flexibility, and reduced costs are no longer achievable.

This is why Oracle SOA Suite 12c was developed: to simplify IT by unifying the disparate requirements of mobile, cloud, and IoT integration into one unified and standards-based platform.

Oracle SOA Suite 12c enables you to:

• Reduce time to market for new project integration
• Reduce integration cost and complexity
• Efficiently manage business and technology change
• Provide end-to-end solution monitoring with root cause analysis
• Gain increased visibility to quickly react to business events
• Ensure high availability and scalability for your business infrastructure

Oracle 

Oracle is a relational database management system. It is widely used in enterprise applications.

Our Oracle tutorial includes all topics of Oracle database such as insert record, update record, delete record, select record, create table, drop table etc. There are also given Oracle interview questions to help you better understand the Oracle database.

What is Oracle?

Oracle database is a relational database management system. It is known as Oracle database, OracleDB or simply Oracle. It is produced and marketed by Oracle Corporation.

Oracle database is the first database designed for enterprise grid computing. The enterprise grid computing provides the most flexible and cost effective way to manage information and applications.

Different editions of Oracle database

Following are the four editions of the Oracle database.

• Enterprise Edition: 

It is the most robust and secure edition. It offers all features, including superior performance and security.

• Standard Edition: 

It provides the base functionality for users that do not require Enterprise Edition’s robust package.

• Express Edition (XE): 

It is the lightweight, free and limited Windows and Linux edition.

• Oracle Lite:

 It is designed for mobile devices.

The Oracle Corporation

Oracle Corporation is the largest software company in the field of database business. Its relational database was the first to support SQL which has since become the industry standard.

Oracle database is one of the most trusted and widely used relational database engines. The biggest rival of Oracle database is Microsoft’s SQL Server.

Why to use SOA?

• SOA is widely used in market which responds quickly and makes effective changes according to market situations.
• The SOA keep secret the implementation details of the subsystems.
• It allows interaction of new channels with customers, partners and suppliers.
• It authorizes the companies to select software or hardware of their choice as it acts as platform independence.

Features

• SOA uses interfaces which solves the difficult integration problems in large systems.
• SOA communicates customers, providers and suppliers with messages by using the XML schema.
• It uses the message monitoring to improve the performance measurement and detects the security attacks.
• As it reuses the service, there will be lower software development and management costs.

Challenges in SOA testing

• Lack of interfaces for Services
• Testing process spans across multiple systems thus creating complex data needs
• The application is a collection of various components which tends to change. The need for Regression Testing is more frequent.
• Due to Multilayer architecture, it is difficult to isolate defects.
• Since the service will be used in different interfaces, it is difficult predicting load, hence making performance test planning cumbersome.
• SOA is a collection of heterogeneous technologies. Testing of an SOA application requires people with different skill sets which in turn increase the planning and execution costs.
• Since the application is an integration of multiple services, security testing has its own share of woes. Validation of authentication and authorization is pretty much difficult.

SOA service categories

The service is a kind of operation which is well defined, self contained that performs a specific task.

The following figure shows SOA service categories:

The service can be categorized into following ways:

Entity Service

The entity services include entities of customer such as purchase order, insurance policy, invoice of order, ordered date etc in which you can perform CRUD operations such as Create, Read, Delete and Update on the entities. These services provide information of the business process stored in the databases and handle the business entities.

Task Service

The task service adds the business logic to other services and due to its focus on business entity, it contains low amount of reusability. Task services provide operations on more than one entity such as customer purchase order, creating purchase order number, validating customer details etc. A service is called as task service when it needs to access the multiple entities.

Utility Service

The utility services are technology oriented services which are used to build larger and higher level services and provides other capabilities which are unrelated to the message transfer. The utility services provide reusable functions such as event logging, creating unique number and notification etc to the other functional domains. These services contain small, closely packed services which are used as building blocks in service oriented system.

Proxy Service

The proxy services contain the services which act as connection between members of the service oriented system and conflict subsystem. The device and process services lie under this type of services. Sometimes services which are defined under proxy services are called as gateway services.

Device Service

The device service is a kind of proxy service which is referred as hardware device and used to communicate between other services. The device service does not include the API which is not well suited with the service oriented system.

Process Service

The device service is also a kind of proxy service which acts as interpreter between application and service oriented system members. This service creates and arranges the application services to implement the business processes.

Business Service

Business services are also known as controller service which provides business functions for the completion of the business process and are flexible services that changes the business needs. These services develop the business applications that automate the business process such as managing the customer service, shipping the customer product etc.

SOA Testing Methods 1) Business scenario driven data based testing,

• Various business aspects related to the system should be analyzed.
• Scenarios should be developed based on the integration of
  • Various Web services of the application
  • Web services and application.
• Data set up should be done based on the above scenarios.
• Data set up should be done so as to cover end to end scenarios as well.

2) Stubs

• Dummy interfaces will be created to test services.
• Various inputs can be provided through these interfaces, and the outputs can be validated.
• When an application uses an interface to an external service, which is not under test (third party service), a stub can be created during Integration Testing.

3) Regression testing

• Regression Testing on the application should be done when there are multiple releases so as to ensure the stability and availability of the systems.
• A comprehensive regression test suite will be created covering the services which form an important part of the application.
• This test suite can be reused in multiple releases of the project.

4) Service Level Testing

Service Level Testing includes testing the component for functionality, security, performance and interoperability Each and Every Service needs to be first tested independently.

5) Functional Testing

Functional Testing should be done on each service to

• Ensure that service delivers the right response to each request.
• Right errors are received for requests with Invalid data, bad data, etc.
• Check for each request and response for each and every operation the service has to perform in run time.
• Validate the fault messages when an error occurs at the server, client or network level.
• Validate that the responses received are in the right format.
• Validate that the data received on the response corresponding to the data requested.

6) Security Testing

Security testing of the web service is an important aspect during service level testing of the SOA application; this ensures the safety of the application.

The following factors need to be covered during testing:

• Industry Standard defined by WS-Security testing should be abided by the Web Service.
• Security measures should work flawlessly.
• Encryption of data and Digital signatures on the documents
• Authentication and Authorization
• SQL Injection, Malware, XSS, CSRF, other vulnerabilities are to be tested on the XML.
• Denial of Service attacks

7) Performance Testing

Performance Testing of the service needs to be done since the services are reusable and multiple applications might be using the same service.

The following factors are considered during testing:

8) Performance and functionality of the service need to be tested under heavy load.

• The performance of the service needs to be compared while working individually and within the application, it is coupled with.
• Load testing of service should be performed
  • to verify response time
  • to check for bottlenecks
  • to verify the utilization of CPU and memory
  • to predict scalability

9) Integration level testing

• Service level testing ensures proper working of only the services individually, it does not guarantee the working of the coupled components.
• Integration Testing is done focusing mainly on the interfaces.
• This phase covers all the possible business scenarios.
• The Non-Functional testing of the application should be done one more time in this phase. Security, compliance, and Performance Testing ensure the availability and stability of the system in all aspects.
• The communication and network protocols should be tested to validate the consistency of the data communication between the services.

10) End to End testing

This phase ensures that the application confirms to the business requirements both functionally and non-functionally.

The below items are ensured to be tested during the end to end testing

• All services working as expected after integration
• Exception handling
• User Interface of the application
• Proper data flow through all the components
• Business process

Challenges in SOA testing

• Lack of interfaces for Services
• Testing process spans across multiple systems thus creating complex data needs
• The application is a collection of various components which tends to change. The need for Regression Testing is more frequent.
• Due to Multilayer architecture, it is difficult to isolate defects.
• Since the service will be used in different interfaces, it is difficult predicting load, hence making performance test planning cumbersome.
• SOA is a collection of heterogeneous technologies. Testing of an SOA application requires people with different skill sets which in turn increase the planning and execution costs.
• Since the application is an integration of multiple services, security testing has its own share of woes. Validation of authentication and authorization is pretty much difficult.

SOA User Interface

Service-oriented applications mostly focus on the interaction between machines. However, in applications, the interaction between user and machine also plays an important role. A user can act as a service provider so that he can set SOA User Interface(SOAUI) design into an overall system design where the user interaction workflow is a part of system workflow.

The SOA User Interface follows MVC (Model View Controller) architectural pattern. SOA applications provide the model layer, and User Interfaces occupy the view layer.

The environments hosting components in the SOA approach are abstracted as containers that provides infrastructure services. From a User Interface view, below are the containers for hosting client-side UI components:

• Basic Web browser.
• Web browser augmented with Java™Script and dynamic HTML.
• IBM Workplace™ Client Technology™ — teh Eclipse-rich client plus native IBM WebSphere Application Server client support.

By supporting technologies like servlets, JavaServer Pages (JSP), JSP Tags etc, the above containers can be expanded.

The user that interacts with a business process consists of initiating and awaiting the result of a process. It is important for a human to involve in a process cycle where processes rarely run completely and automatically. In such environment, WS-Human Task can fulfil this requirement.

A standardize API can be used to fill a mailbox with tasks that was defined for a workflow service. For example, during a process cycle, if input of addtional data is required, the process establishes correct actor and places the task in their mailbox through the task service. This process resumes its work in the background and the users recieve the entries in their mailbox by processing the pending tasks sequentailly.

SOA Testing Tools

There are many tools available in the market to help testers in testing SOA applications. Few of them are listed below.

1) SOAP UI

“SOAP UI” is an open source Functional testing tool for Services and API Testing.

• Desktop application
• Supports multiple protocols – SOAP, REST, HTTP, JMS, AMF, JDBC
• Web services can be developed, inspected and invoked.
• Can also use for load testing, Automation Testing, and security testing
• Stubs can be created by MockServices
• Web Service requests and tests can be generated automatically through its web service client.
• Have inbuilt reporting tools
• Developed by SmartBear

2) iTKO LISA

“LISA” is a product suite which provides a functional testing solution for distributed systems like SOA.

• Can also use for regression, integration, load and Performance Testing.
• Developed by iTKO (CA Technologies)
• Can be used to design and execute tests.

3) HP Service Test

“Service Test” is a functional testing tool, which supports both UI and shared services testing

• Both functional and performance test of services can be done by a single script.
• Integrated with HP QC.
• The massive amount of service and data can be managed.
• Supports interoperability testing by simulating JEE, AXIS, and DotNet client environments.
• Developed by HP.

4) Parasoft SOA Test

SOA Test is a testing and analysis tool suite developed for API and API applications testing.

• Supports Web Services, REST, JSON, MQ, JMS, TIBCO, HTTP, XML technologies.
• Functional, Unit, Integration, Regression, Security, Interoperability, Compliance and Performance Testing are possible.
• Stubs can be created using Parasoft Virtualize, which are intelligent than SOAP UI.
• Developed by ParaSoft

Securing SOA

Most importantly, securing Service Oriented Architecture (SOA) is necessary to make sure that the services and applications run safely. For many reasons, including service exposures and loose coupling of components, securing SOA is essential because sometimes, exposed services becomes unprotected to attacks.

SOA Attacks

There are different types of attacks to which SOA environment may become unprotected, espcially if it was implemented using web service technology. Most of the people all around the world uses both SOA and web services which are rapidly developing areas, as a result they become more complex and open to attacks. On SAO and web services, most of the attacks takes place on the application service layer since web services communicate using XML and soap messages.

Following is a list of attacks in SOA:

• Injection Attacks: 

This attack occurs when no validation on the user input is performed and no separation is done between user input and application. For example, SQL injection, XML injection etc.

• Schema Poisoning Attack: 

This attack when occurs, modifies, replaces or even damages XML schemeas that provides the structure of XML documents.

• Denial Of Service Attacks (DoS): 
• This attack when occurs, do not change the service or its behaviour but can block the use of the service.

Research Contributions

The main contributions are as follows:

• Providing an integrity for SOA that provides enough conditions for securing data integrity.
• Implementing testbed for SOA and setting environment of specification based IDS.
• Proposing intrusion detection system for SOA networks that are capable of detecting intrusions affecting behaviour of services.
• Recommending SOA testbed where SOAP messages can be monitored.

Advantages

• SOA allows reuse the service of an existing system alternately building the new system.
• It allows plugging in new services or upgrading existing services to place the new business requirements.
• It can enhance the performance, functionality of a service and easily makes the system upgrade.
• SOA has capability to adjust or modify the different external environments and large applications can be managed easily.
• The companies can develop applications without replacing the existing applications.
• It provides reliable applications in which you can test and debug the independent services easily as compared to large number of code.

Disadvantages

• SOA requires high investment cost (means large investment on technology, development and human resource).
• There is greater overhead when a service interacts with another service which increases the response time and machine load while validating the input parameters.
• SOA is not suitable for GUI (graphical user interface) applications which will become more complex when the SOA requires the heavy data exchange.

Conclusion

The Oracle Scheduler is a new job management utility introduced in Oracle Database 10g. It is far superior to its predecessor, DBMS_JOB. Using the Scheduler you can schedule both PL/SQL code units (stored procedures and anonymous blocks) and operating system executables for execution. It allows you to use an almost English-like notation to specify a calendar showing the desired times of execution. All Scheduler-related activities are available as APIs in the DBMS_SCHEDULER built-in package. In addition, Enterprise Manager in Oracle Database 10g provides a graphical user interface that may be used to manage job scheduling, making scheduling extremely easy even for those using the utility for the first time. The Scheduler allows you to define a named schedule that can be called independently to execute an action, which may be a complete executable name or a named program that references the executable. Jobs may also be subject to Oracle’s resource management framework, which may be used to control the amount of resources (e.g., CPU, parallel query servers) available to individual jobs. In summary, the Scheduler is the only job management system you will need for any jobs except those that definitely need to be de-linked from the database—for example, for starting the database itself.You created an SOA composite application using the following components:

• Oracle Mediator
• Oracle BPEL Process Manager
• Human Oracle Human Workflow (using a human task)
• Oracle Business Rules
• Oracle Messaging Service