Web服务测试技术综述

面向服务的体系结构（SOA）已成为基于Web的分布式系统的主要发展趋势。Web服务作为实现SOA的一种形式,已得到广泛的关注与应用。由于Web服务为基于开放和通用的协议与平台,其服务质量与可信等均可能存在问题,这将会阻碍Web服务的发展。Web服务进行充分测试可保证Web服务的质量,然而由于Web服务所具有的特点,传统的软件测试技术方法不再适用于Web服务的测试,所以对Web服务测试方法和技术的研究成为当务之急。本文在SOA体系结构基础上,讨论了Web服务测试的难点和Web服务测试的基本方法,分析了目前Web服务测试的研究现状。最后,展望了未来可能的研究方向。     

基于SOA的查询系统的研究与实现

面向服务的体系结构是基于“软件变服务”思想,提出了一种新的解决软件重用和软件集成的方案。本文介绍了SOA的基本思想后,并且讨论了其具体的实现技术WEB SERVICE,然后对DELPHI在构建Web服务应用系统的实现原理进行了讨论,并利用Web服务实现了一个基于SOA的省计委查询系统,给出了原型系统的开发过程。     

基于SOA架构的Web服务组合系统

应用SOA架构是构建松散耦合Web服务组合系统的一个有效途径.本文在深入研究Web服务组合系统一般工作流程的基础上,提出了一种基于SOA架构和分层协议栈机制构建Web服务组合系统的方法,给出了服务分层模型和分层协议栈,设计并实现了一个基于SOA架构的松耦合原型系统来实现Web服务组合,可为Web服务组合的研究和企业应用提供灵活的实验及应用开发平台.     

基于SOA企业应用集成框架研究与实现

通过深入分析传统的企业应用集成(EAI)优势与不足,将Web服务技术、SOA引入到EAI领域,提出了采用SOA模型的企业应用集成框架,并讨论了相关的支撑技术,给出了Web服务集成实现模型--网络通信层、消息传输层、服务描述层,服务发现层、服务保证层和服务组合层.为用户提供一个灵活;松耦合、跨平台、分布式、可扩展的基础集成服务平台.     

面向服务体系结构及其集成研究

面向服务的体系结构（SOA）是一种新兴的设计方式,文章介绍了SOA的背景和基本结构,讨论了SOA与Web服务的关系,阐述了Web服务的核心技术。在分析SOA的环境下集成所面临的任务的基础上,给出了用Web服务进行集成的实现步骤及架构。     

基于SOA的框架模型研究

面向服务的体系结构(Service-oriented architecture,SOA)是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义良好的接口和契约联系起来.针对目前面向服务架构技术研究的现状,文章阐述了SOA的定义和技术基础,分析了Web服务和面向服务架构之间的关系,给出了一个面向服务的框架模型,并对此进行了研究.     

SOA架构在Web扩展服务的探讨

本文探讨了面向服务的体系结构(SOA)架构和Web服务,SOA可以基于Web服务,也可以将Web服务的使用从简单的客户端-服务器模型扩展成任意复杂的系统,对Web服务进行扩展.最后以一家金融业公司通过SOA简化借贷业务系统来说明SOA在Web扩展服务的应用.     

基于SOA架构的构件测试平台研究

随着构件技术的快速发展,它已成为软件企业提高软件生产率和软件质量的有效途径。构件测试是保证构件质量及构件化软件质量的重要技术手段,而构件测试平台正是为提高测试效率、降低测试费用而提供的操作平台。文章介绍了面向服务体系结构(Service—oriented architecture,简称SOA)的相关概念、基本结构及其实现技术Web Services,着重阐述了如何采用SOA对构件测试平台进行整体架构,最后给出了基于SOA架构的构件测试平台的优势。     

Web服务测试研究

Web服务技术为软件测试研究带来了新的挑战。Web服务测试需要能够适应面向服务的新的分布式计算体系架构。为保证服务的质量，Web服务需要从多个层次进行验证与确认，包括基础设施、单元服务、集成服务等；测试需涵盖服务的功能、性能、可靠性、安全等各个方面。本文从web服务体系架构和应用模式出发，讨论了Web服务测试的主要问题。文章分析当前相关研究的现状，并归纳总结了SOAP协议验证、WSDL语言扩展、基于模型的服务集成验证、和测试构架等主要研究成果。本文最后讨论了当前存在的主要问题及进一步的研究方向。     

一种Web服务复杂网络的构建方法

Web服务是继SOA后的又一研究热点,存在于Internet上大量的Web服务必然会形成一个结构复杂、节点繁多,具有相互影响的复杂网络,目前国内外并没有提出完善的关于Web服务的复杂网络模型,对Web服务复杂网络特性的研究也处于发展阶段.提出以Web服务为节点,服务功能相似关系为边,构建复杂网络的模型和算法,并对构建的网络的特性展开研究.本文设计并实现了一个原型系统,利用Web服务的匹配关系构建了网络模型,并且证明该网络具有小世界特性和无标度特性.该方法的提出把对Web服务的研究从传统的SOA模型中引领到复杂网络模型中,对推动Web服务组合和发现等应用具有一定的指导意义.     

一种面向QoS的Web服务组测试方法TF

Web服务及SOA技术的出现为Web应用架构提供了一个新的范式.未来会有大量功能相同或相近的Web服务,如何从中优选出符合用户需要的Web服务已成为一个正在研究的问题.在研究了现有的Web服务组中Web服务优选方法基础上,针对其仅局限于功能优选的不足,提出了一种面向QoS的Web服务组中Web服务优选方法.在定义Web服务QoS向量特征分量、QoS向量、最大相似度、QoS测试预言、QoS向量特征分量测试预言等参数基础上,基于层次聚类思想实现QoS向量聚类,依据最大相似度控制聚类层次,之后利用QoS测试预言、QoS向量特征分量测试预言及决策树实现优选.实验结果表明该方法是有效的,克服了以前的方法仅限于功能优选的局限性.     

Improving data perturbation testing techniques for Web services

The widespread use of service-oriented architectures (SOAs) and Web services in commercial software requires the adoption of development techniques to ensure the quality of Web services. Testing techniques and tools concern quality and play a critical role in accomplishing quality of SOA based systems. Existing techniques and tools for traditional systems are not appropriate to these new systems, making the development of Web services testing techniques and tools required. This article presents new testing techniques to automatically generate a set of test cases and data for Web services. The techniques presented here explore data perturbation of Web services messages upon data types, integrity and consistency. To support these techniques, a tool (GenAutoWS) was developed and applied to real problems.     

Testing services and service-centric systems: challenges and opportunities

This paper provides users and system integrators with an overview of service-oriented architecture (SOA) testing's fundamental technical issues and solutions, focusing on Web services as a practical implementation of the SOA model. The paper discusses SOA testing across two dimensions: testing perspectives, wherein various stakeholders have different needs and raise different testing requirements; and testing level, wherein each SOA testing level poses unique challenges.     

Intelligent security and access control framework for service-oriented architecture

One of the most significant difficulties with developing Service-Oriented Architecture (SOA) involves meeting its security challenges, since the responsibilities of SOA security are based on both the service providers and the consumers. In recent years, many solutions to these challenges have been implemented, such as the Web Services Security Standards, including WS-Security and WS-Policy. However, those standards are insufficient for the new generation of Web technologies, including Web 2.0 applications. In this research, we propose an intelligent SOA security framework by introducing its two most promising services: the Authentication and Security Service (NSS), and the Authorization Service (AS). The suggested autonomic and reusable services are constructed as an extension of WS-¹ security standards, with the addition of intelligent mining techniques, in order to improve performance and effectiveness. In this research, we apply three different mining techniques: the Association Rules, which helps to predict attacks, the Online Analytical Processing (OLAP) Cube, for authorization, and clustering mining algorithms, which facilitate access control rights representation and automation. Furthermore, a case study is explored to depict the behavior of the proposed services inside an SOA business environment. We believe that this work is a significant step towards achieving dynamic SOA security that automatically controls the access to new versions of Web applications, including analyzing and dropping suspicious SOAP messages and automatically managing authorization roles.     

Web服务组合测试综述

随着面向服务技术和云计算技术的不断成熟,尤其是面向服务体系结构SOA的不断完善以及推广,使得其主要内容Web服务已经被广泛应用.为了充分利用Web服务并解决单个Web服务的功能有限的问题,业界将多个原子Web服务按照一定的规则和业务逻辑进行组合,以提供更多功能更强大的服务,实现了Web服务的增值和复用.为保证Web服务组合的质量,需要对Web服务组合进行全面、充分的测试.然而,由于Web服务组合的动态特性和分布式特点,使得其测试技术与方法和传统的软件测试有很大区别,存在很多挑战.本文针对Web服务组合测试,对近年来Web服务组合测试研究中的测试用例生成技术、回归测试技术、测试执行和度量方法进行了系统地总结和分析.此外,我们还对Web服务组合测试中有待研究的问题进行了分析和展望.     

Adaptive security architecture for protecting RESTful web services in enterprise computing environment

In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as “services.” Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named “intelligent security engine” is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority.     

基于语义的Web服务体系结构

现有的基于XML的Web服务规范或标准没有提供足够的手段来描述Web服务,以支持发现、组合以及执行Web服务的一般机制。因此,分布的、异构的和动态变化的Web服务的交互会产生很多问题。为了更有效地适应Web服务的分布的、异构的、不断变化的特点,针对现有的SOA架构健壮性不强的问题,提出了基于语义的SOA。通过增加Web服务的语义描述,并以这种具有语义的描述来发布和发现Web服务。从而使这种架构不仅支持功能的匹配,而且还能支持实现最佳质量标准的匹配。     

面向服务的企业应用集成探讨

在简单阐述了SOA和Web Service在企业集成方面的应用后,通过分析传统企业应用集成的现状,针对其所存在的安全性差、紧耦合等弊端,引入了面向服务集成(SOAI)概念,并分析了SOAI的可行性.最后,提出基于ESB模式的SOAI架构方案,并总结出实施方案.