Web Services Testing SAP NetWeaver Application Server, Java EE 5


News: Web Services Testing SAP NetWeaver Application Server, Java EE 5

  1. One of more exciting parts of Java EE 5 specification is a heavy support for annotations that enable developers to cleanly expose already developed Java code as web services through meta data without modifying code for classes or methods. SAP NetWeaver Application Server Java EE 5 Edition is one of the first application servers in the market to achieve Java EE 5 compatibility (along with Glassfish and Tmaxsoft's JEUS). The preview release of its new Java EE 5 based Application Server and its first to market strategy in adopting developer friendly specifications shows SAP's desire to appeal to a broader base of developers. In this article, we share our experience in building a simple HelloWorld web service using NetWeaver and testing its characteristics using our web services testing tool - SOAPSonar Enterprise Edition. SOAPSonar is a web services testing product that provides comprehensive Web Services Testing across complex, dependent and distributed deployments. The test results and conclusions are provided below. We encourage you to download and try SAP NetWeaver Application Server, Java EE 5 Edition. For full download, installation, and test setup instruction details, please see:
    http://www.crosschecknet.com/web_services_testing_tools_sap_netweaver.php Functional Regression Testing ensures that the web service operations function as advertised over time and that if the underlying code has changed in NetWeaver than such changes are identified and addressed. In our simple web services, the operation sayHello() behaved as expected and return a string value. SOAPSonar provides the ability to set base-line tests for sayHello() and schedule regression test to ensure that all desired pass/fail test conditions are met. Performance Testing ensures that the web service operations perform as expected once latency and scalability characteristics are identified. Since the NetWeaver Application Server is a trial version, we did not expect it to perform under any significant load. After 10 concurrent connections, we started to see transfer errors indicating that the trial version is restricted for non commercial use and limited traffic. Even with 10 concurrent virtual clients, NetWeaver Application Server performed respectably well with greater than 170 Transactions per Second (TPS) with average of 47 ms response time. Disclaimer: Our intention in sharing this information is not to provide real life production performance benchmarks of NetWeaver Application Server. Our intent is to share methods and techniques available to you in testing target servers using SOAPSonar as a comprehensive web services testing tool. Your performance mileage may vary based on a variety of factors such as network topology, host hardware and optimization effort! Interoperability Evaluation ensures that the published web service operations interoperate across various platforms. The WSDL endpoint published by NetWeaver Application Server, Java EE 5 Edition is readily consumed by SOAPSonar a .Net-based web services client. SOAPSonar provides additional WS-I Basic Profile 1.1 design-time and run-time test to check for interoperability issues. The design-time interoperability tests passed with flying colors with No Failed Assertions Detected. This means that the WSDL generated by NetWeaver can be readily consumed by any WS-I Basic Profile compliant client regardless of application platform such as .NET, Java or LAMP. SOAPSonar also provides the ability to execute stringent run-time test by sending auto generate edge case tests. The mutated tests are generated to check whether the endpoint is indeed honoring WS-I Basic Profiles even though the WSDL itself is WS-I compliant. SOAPSonar detected a number of violations where NetWeaver Application Server was accepting non-compliant SOAP requested generated by SOAPSonar. Vulnerability Assessment ensures that the web service published operations are tested for edge cases and are not vulnerable to information leaks, Denial of Service, or other web services attacks. With such assessments, vulnerabilities introduced by poor application coding practices, such as lack of exception handling are quickly determined and remediation actions can be taken. The simple HelloWorldBean described in this article is poorly coded with and lacks exception handling try-catch type constructs. This resulted in a overall Risk Score of 26 with a few Medium Severity issues identified because of stack traces-based information leaks in the response messages. Conclusions Developing web services in NetWeaver DeveloperStudio is straight forward and intuitive. The biggest challenge that we faced was overcoming installation hurdles - SDN Forums came to the rescue. The WSDL generated by NetWeaver was interoperable with .NET-based SOAPSonar and we were sending SOAP messages between SOAPSonar and NetWeaver Application Sever seamlessly. The overall Functional, Performance, Interoperability and Vulnerability profiles for our HelloWorld web service were positive with the not-so-stellar run time interoperability results being the only surprise. We recommend that SAP tighten up its SOAP handling stack in NetWeaver to actively enforce WS-I Basic Profile 1.1 compliance. Also, we expect that edge case or boundary-breaking "Mutant" SOAP messages should be handled elegantly to prevent information probing or inadvertent information leak holes left behind by sloppy developers. We think SAP NetWeaver Application Server, Java EE 5 Edition is a step in the right direction and provides competitive web services functionality for sophisticated SOA deployments. Give it a try. Mamoon Yunus is an Advisor for the Crosscheck Networks, CTO of Forum Systems and a pioneer of SOA Gateways & Firewalls. Prior to Forum, Mr. Yunus was at webMethods where he developed XML-based techology. Mamoon holds two Graduate Degrees in Engineering from MIT. Editor's note: it bears repeating that Mr. Yunus has an association with Crosscheck Networks, who publishes SOAPSonar.
  2. Another Application Server[ Go to top ]

    ...which is great news, IMHO. I don't know anything about the product history. For all I know they've been in the market for a long time. Or, they could just be entering the app server market. It may be a great app server, it may be a horrible app server, or it may be a middle of the road app server with an extended feature set to better fit some niche. Doesn't matter. What matters is that here we have another application server in the "dead", "dying" JEE server market. Here we have Yet Another company, that was lured in to the back rooms of the JEE Great Conspiracy, bludgeoned in to submission and then sent out in a zombie-like trance to implement another JEE compliant application server. This is the power of the JEE platform, IMHO. This diversity of implementations all based on a set of standards that is simply getting better with time, even tho it's also evolving and learning from its mistakes. Glad to see them here in the market, hope things work out for them.
  3. The elevator speech version: Ummm, SAP is one of the worlds leading ERP/Accounting-Software providers. SAP Netweaver is their development platform, consisting of a JEE-Server, an ABAP-Server (their proprietary development stack preserved for backwards-compatibility), an Eclipse-based development environment and lots of interfaces to the modules of their enterprise software. Their back-end usually incorporates an Oracle-database, but can also be used with SAP DB, which has been donated to MySQL and is now called MySQL MaxDB. They provide everything from basic accounting (Modules: FI and CO), human resource planning (HR), Business Intelligence (BI) and lots more. You can't exactly say that they've been brainwashed into supporting JEE, nor do they try to sell an JEE-Application Server like BEA or IBM. It's part of their platform strategy. Their biggest competitor is Oracle/Peoplesoft btw.
  4. SAP was one of the first (so far I know THE first...) provider of an Java-based Application Server and has many experiences in this areas and has provided and involved this experiences in many Standards. In my personally opinion, is the SAP NetWeaver Application Server not a solution, which gives me the impression to be a single-solution - destinated primary to particular, independently Applications or Services. But, maybe is this a Impression, which depends also from the financial perceptions of each individual ... In my personally opinion, is the SAP NetWeaver Application Server and their associated Tools destinated to the SAP World – which future is associated with SAPs Strategy of their own Service-oriented Definitions and Solutions: ESA (Enterprise Service-oriented Architecture), SAP NetWeaver and furthermore mySAP. Therefore, more interested would for me personally, informations over real integration cases and how are those solved by SAP NetWeaver Solutions, e.g. SAP XI ( SAP Exchange Infrastructure ) and their possibilities of interfacing with the Business Processes of the SAP World. Very interested should be in this context, the comparison with other knowing Integration Solutions and associated informations, over how can solve such solutions the previously described integration-cases ... Roland SOA Kompetenznetzwerk Information & Collaboration Portal New Look & Feel and advanced Information- & Collaboration Strategy are upcoming, soon ...