Tài liệu Java Testing and Design- P5 pdf

What Usually Goes Wrong 179

If the browser ignores cache-defeating tags, then your best strategy is to

create dynamic Web content that users can use to tell they are viewing cached

pages. For example, if every page contains an incrementing simple integer

number, then refreshing a page should increment the serial number. A page

with the same number indicates the user is viewing a cached page. Addition￾ally, the test can check the date/time values in the HTTP response header.

Invalid Data

Browsers make GET and POST requests to the server using HTTP protocols.

The GET request includes a URL, HTTP header information, and a series of

name/value pairs. For example, imagine a Web page that offers a list of mov￾ies. Each movie name appears as a hyperlink for the user to click. When the

user clicks a link, the browser sends a GET request to the server:

GET /signin_handler?name=frank&movie=Star%20Wars HTTP/1.0

User-Agent: Mozilla 5.28

Host: examples.pushtotest.com

Accept: text/html, image/gif, image/jpeg, *;

Connection: keep-alive

While the HTTP GET command is very lightweight and universally used, it

does little to tell the server about the identity of the data. How does the server

know that there will be both a name and movie value? How does it know a

valid movie value from an invalid one? Or that the movie value is URL

encoded? The browser may construct what it thinks is a perfectly valid GET

request, but the server may disagree. Software test strategies for validating

data are essential to deploying high-quality HTTP/HTML Web applications.

To catch most problems, you should search for each of the following types

of invalid data each time you test a Web-enabled application:

• Too few or too many parameters—HTTP/HTML

environments have no defined specification of the parameters

that will be sent or received. It is up to the developer and

HTML designer to agree prior to building the application.

Testing a Web-enabled application by sending less than the

expected number of parameters will usually turn up broken

server logic and security holes.

• Wrongly ordered data—Ordering tests for the proper

sequence of the occurrence of data. For example, an ordering

PH069-Cohen.book Page 179 Monday, March 15, 2004 9:00 AM

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

180 Chapter 6 Design and Test in HTTP/HTML Environments

test would send a bank account transfer command to a server

without first issuing a GET command that identifies the back

account number in the server session. The test learns how the

server handles an out-of-order situation.

• Boundary data errors—Range tests the validity of the values.

If a name may be no longer than 15 characters, a test

determines how the server handles a 17-character-long name.

• Wrongly formatted data—There is no schema to define the

contents of data in HTTP/HTML environments. Every piece of

data is a string of characters. There is also no definition of a

character. The HTTP header values in the call may optionally

contain a definition of the encoding type (UTF-8), for example.

Let’s look at an example of wrongly formatted data in more depth. HTTP/

HTML Web applications are particularly vulnerable to invalid data problems

because of the nature of HTML. HTML mixes the instructions to lay out a

page with the content that appears in the page. Even today popular tools for

HTML editing can easily create invalid HTML codes. Special tests must be

created to see how the server responds when it receives an invalid HTML

form. For example, the following HTML is missing a closing double-quote

character in the first input tag:

<html>

<body>

<form action="signin_handler">

<input name="signin_name value="Default user">

<input name="password" type="password" value="pass">

</form>

</body>

</html>

The server receives a POST command that looks like this:

POST /signin_handler HTTP/1.1

Referrer: http://examples.pushtotest.com/...

Content-length: 178

signin_name%2Fvalue=&password=pass

Note the signin_name%2Fvalue= parameter, which is caused by the

missing double quote character. Seeing how the server responds to this kind

PH069-Cohen.book Page 180 Monday, March 15, 2004 9:00 AM

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

What Usually Goes Wrong 181

of invalid data is mandatory for a successful test strategy, especially in HTTP/

HTML Web applications.

Session Problems

The original design for HTTP/HTML environments was stateless. Each

request and response stood alone. Dynamic and personalized Web applica￾tions implement state using Cookies, Applets, ActiveX controls, and specially

coded URLs. Each time stateful information is introduced, the server needs

to record the state data in a session. Intelligent test agents are particularly

well suited to test a Web-enabled application for session problems.

Intelligent test agents implement these session tests with ease:

• Invalid session identities—Each Web-enabled application

formats session identifiers according to its own scheme. For

example, the Cookie value for the PushToTest Web site looks like

this: 38849198981. Each new user at a unique IP address bumps

up the number by 1. A test agent should try valid numbers such

as those received from the server. But it should also invent

session identifiers to see how the server handles the invalid data.

• Long sessions—Each session requires the server to use

resources to store session data. The Web-enabled application

recycles its resources as sessions end. Test agents may easily

push the server resources to maximum by continuing to use the

same session information for a long period of time.

As we have seen, many things can and do go wrong in an HTTP/HTML

Web application. Constructing and running HTTP test agents is a good tech￾nique to find and solve these problems.

Constructing HTTP Test Agents

In this section, we explore constructing HTTP test agent scripts. To get hands￾on I will present a complete test script that you can run in TestMaker. Chapter

5 first introduced TestMaker. First I describe the outline of an intelligent test

agent and show how the agent script makes requests to the server, validates

cookies, sessions, and redirection, and validates the server responses.

The central theme in intelligent test agent technology is to learn a system’s

scalability, performance, and functional characteristics before customers are

exposed to bugs, failures, and scalability problems. Intelligent test agents

PH069-Cohen.book Page 181 Monday, March 15, 2004 9:00 AM

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

182 Chapter 6 Design and Test in HTTP/HTML Environments

emulate a user archetype, as in the case of the plodding, slow, and easily dis￾tracted Wanderer agent described in the next section. Figure 6–3 shows how

the Wanderer is typical of an intelligent test agent that runs concurrently

with other agents to simulate a near real-world environment where a server

handles many users concurrently. The other concurrently running agents

emulate their own user archetypes: The Validator randomly reads and checks

the content of Web pages and the Sign-In Agent tries to sign in to a Web￾enabled application using a variety of user names and passwords.

The Wanderer is an intelligent test agent that randomly reads pages on a

test server hosted by PushToTest, the principal maintainers of TestMaker.

The Wanderer initially uses an HTTPProtocol object to get a Web page. It

then finds hyperlinks on that page and follows a random hyperlink. The Wan￾derer also keeps track of the time it takes to receive each page. Just for fun

the Wanderer pauses after every tenth-loaded Web page and gives an award

to the Web page that took the longest time to load.

TestMaker comes with everything needed to create and run the Wanderer,

Sign-In, and Validator intelligent test agents. While TestMaker’s New Agent

Wizard automatically creates intelligent test agents using an easy-to-use

graphical user interface, understanding TestMaker’s components is impor￾tant to successfully writing and running your own intelligent test agents (see

Figure 6–4).

While Chapter 5 introduced TestMaker, it is important at this point to show

how TestMaker’s components fit into one another. TestMaker defines the

TOOL to provide a common interface to an extensible set of protocol han￾dlers to communicate with servers using HTTP, HTTPS, SOAP, and XML￾RPC protocols. TestMaker comes with JDOM, a utility for working with XML

data that we will see used by the Validator agent later in this chapter.

Figure 6–3 Shows an HTTP/HTML Web-enabled application being tested by

multiple, concurrently running intelligent test agents.

Sign-In Agent

The Wanderer The Validator

HTTP/HTML

Web Service

PH069-Cohen.book Page 182 Monday, March 15, 2004 9:00 AM

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

What Usually Goes Wrong 183

The Jython scripting language is the glue between your test agent and the

TOOL objects. To assist you, TestMaker comes with a Recorder that looks at

HTML pages and writes the Jython scripts needed to test an HTTP/HTML

Web-enabled application.

TOOL implements an HTTPProtocol object you can use for HTTP and

HTTPS (secure) protocols, to issue GET and POST requests, to handle HTTP

header parameters (including Cookies), and to search the server response.

Figure 6–5 shows an overview of the HTTPProtocol object.

Figure 6–4 An architectural view of the TestMaker environment showing all the

components provided to build intelligent test agents.

Figure 6–5 TOOL’s HTTPProtocol object contains objects to connect to an

identified host over HTTP and HTTPS protocols, to pass parameters, and to search

the results.

TestMaker

Graphical environment for writing and

running intelligent test agents

Jython

Scripting, Threads, Expressions,

Functions, Variables, Conditions

TOOL

Protocol Handlers: HTTP, SOAP, etc.

Utilities

JDOM for XML parsing

Your Java Objects

HTTPProtocol

HTTPHeader

Parameters

HTTPBody

SimpleSearch

Request Parameters

ResponseLink

PH069-Cohen.book Page 183 Monday, March 15, 2004 9:00 AM

Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.