WO2021027615A1 - Test method and device for web service interface having authentication authorization - Google Patents

Test method and device for web service interface having authentication authorization Download PDF

Info

Publication number
WO2021027615A1
WO2021027615A1 PCT/CN2020/106707 CN2020106707W WO2021027615A1 WO 2021027615 A1 WO2021027615 A1 WO 2021027615A1 CN 2020106707 W CN2020106707 W CN 2020106707W WO 2021027615 A1 WO2021027615 A1 WO 2021027615A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
under test
system under
interface
script
Prior art date
Application number
PCT/CN2020/106707
Other languages
French (fr)
Chinese (zh)
Inventor
李登宇
Original Assignee
中国建设银行股份有限公司
建信金融科技有限责任公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国建设银行股份有限公司, 建信金融科技有限责任公司 filed Critical 中国建设银行股份有限公司
Publication of WO2021027615A1 publication Critical patent/WO2021027615A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites

Definitions

  • the present invention relates to the field of computer technology, in particular to a method and device for testing web service interfaces with authentication and authorization.
  • Software testing is an important part of the software life cycle and an important process to ensure the correctness, ease of use, security, and integrity of business functions.
  • the interface test is a kind of test started in the middle and late stages of the business function development phase, and its purpose is to test the correctness of data exchange, transmission and control in the communication between system components.
  • the tester needs to use a tool to simulate a web browser to send a request to the back-end service, and to check the response message.
  • a tool to simulate a web browser to send a request to the back-end service, and to check the response message.
  • two solutions are generally used: one is to turn off the login authentication from the backend, and the other is to manually obtain a usable cookie (data stored on the user's local terminal) or token (token) each time, In subsequent access requests, bring these authentication information.
  • the first solution is not applicable to systems with permission control, because different login users may have different permissions, and some business logic requires permission verification.
  • the existing technology is not suitable for automated testing of the web service interface of the system under test with authority control. It is too intrusive to the system, requires a separate deployment of the server, and also brings unexpected errors, and has poor scalability for different systems under test. And multi-user login is not supported, and the adequacy of interface testing cannot be guaranteed.
  • the embodiments of the present invention provide a method and device for testing web service interfaces with authentication and authorization, which can be adapted to automate testing of web service interfaces of the system under test with permission control, and overcome excessive intrusiveness to the system.
  • Large defects no need to deploy servers separately, reduce errors, provide effective authentication and authorization information for automated test tools without manual configuration every time, improve automation efficiency, and ensure high scalability for different systems under test.
  • Support Multi-user and multi-role logins ensure the adequacy of interface testing, and load the login script of the newly tested system without restarting, which improves system availability.
  • a method for testing a web service interface with authentication and authorization is provided.
  • a method for testing web service interfaces with authentication and authorization includes: establishing login scripts for each system under test, and saving the association relationship between the system under test and the login script; upon receiving the interface test tool After the login request for the tested system under test is sent, the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship to simulate logging in to the tested system under test to obtain the test.
  • the method further includes: after establishing a login script for the system under test, configuring one or more sets of input parameters of the login script, and each set of input parameters is a set of login user information of the system under test.
  • the login request includes the name of the tested system under test specified by the interface test tool and the login user information
  • the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship, to
  • the step of simulating logging in to the tested system under test to obtain the authentication information provided by the tested system under test includes: searching for a login script that has a mapping relationship with the name of the tested system under test, and loading the login script ; Use the login user information specified by the interface test tool as the input parameter of the loaded login script, execute the loaded login script to simulate logging in to the tested system under test, after the login is successful, the login The script parses the authentication information from the response message returned by the tested system under test.
  • the web login process of the tested system is abstracted as a java (an object-oriented programming language) login interface, and the login script implements the java login interface according to the login logic of the tested system to complete the Simulated login of the system under test.
  • java an object-oriented programming language
  • a java class loader is used to dynamically load the login script corresponding to the tested system under test.
  • the authentication information is token or session (session control) information.
  • a device for testing a web service interface with authentication and authorization is provided.
  • a testing device for a web service interface with authentication and authorization comprising: a login script creation module, which is used to create login scripts for each tested system and save the association relationship between the tested system and the login script
  • the login script loading and execution module is used to dynamically load the login script corresponding to the tested system under test according to the association relationship after receiving the login request for the tested system under test sent by the interface test tool and Execute to simulate logging in the tested system under test to obtain the authentication information provided by the tested system under test;
  • the authentication information providing module is used to provide the authentication information to the interface test tool so that the The interface test tool adds the authentication information to the interface access request to the tested system under test, and then verifies the response data returned by the tested system in response to the interface access request.
  • an input parameter configuration module which is used to configure one or more sets of input parameters of the login script after the login script is established for the system under test, and each set of input parameters is a set of the system under test. Login user information.
  • it further includes an information receiving module, configured to receive the name of the tested system and login user information specified by the interface test tool, and the login script loading and execution module is also used to:
  • the name of the tested system under test has a login script with a mapping relationship, and the login script is loaded; using the login user information specified by the interface test tool as the input parameter of the loaded login script, the loaded login script is executed to simulate Log in to the tested system under test, and after the login is successful, the login script parses out the authentication information from the response message returned by the tested system under test.
  • the web login process of the system under test is abstracted as a java login interface, and the login script implements the java login interface according to the login logic of the system under test to complete the simulated login to the system under test .
  • the login script loading and execution module uses a java class loader to dynamically load the login script corresponding to the tested system under test.
  • an electronic device is provided.
  • An electronic device comprising: one or more processors; a memory, used to store one or more programs, and when the one or more programs are executed by the one or more processors, the one or more Multiple processors implement the method for testing web service interfaces with authentication and authorization provided by the present invention.
  • a computer-readable medium is provided.
  • An embodiment of the above-mentioned invention has the following advantages or beneficial effects: establish login scripts for each system under test, and save the association relationship between the system under test and the login script; after receiving the test data sent by the interface test tool After the login request of the tested system, the login script corresponding to the tested system is dynamically loaded and executed according to the association relationship to simulate the login test of the tested system to obtain the authentication information provided by the tested system; provide the authentication information to The interface test tool adds the authentication information to the interface access request of the tested system by the interface test tool, and then verifies the response data returned by the tested system in response to the interface access request.
  • FIG. 1 is a schematic diagram of the main steps of a method for testing a web service interface with authentication and authorization according to a first embodiment of the present invention
  • Figure 2 is a schematic diagram of a login authentication authorization process of a system under test according to a second embodiment of the present invention
  • FIG. 3 is a schematic diagram of main modules of a web service interface testing device with authentication and authorization according to a third embodiment of the present invention.
  • FIG. 4 is a schematic diagram of system interaction for testing web service interface with authentication and authorization according to a fourth embodiment of the present invention.
  • FIG. 5 is an exemplary system architecture diagram to which the embodiment of the present invention can be applied.
  • Fig. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
  • the embodiments of the present invention can be implemented as a system, device, device, method, or computer program product. Therefore, the present disclosure may be specifically implemented in the following forms, namely: complete hardware, complete software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.
  • Fig. 1 is a schematic diagram of the main steps of a method for testing a web service interface with authentication and authorization according to a first embodiment of the present invention.
  • the method for testing a web service interface with authentication and authorization in this embodiment mainly includes the following steps S101 to S103.
  • Step S101 Establish a login script for each system under test, and save the association relationship between the system under test and the login script.
  • the tested system may specifically be a web application system.
  • the embodiment of the present invention abstracts the web login process of the system under test as a java login interface, and each login script implements the java login interface according to the login logic of the associated system under test to complete the simulated login of the corresponding system under test.
  • Specific implementation logic such as: using httpClient development kit (which can be used to provide efficient, up-to-date, feature-rich client programming toolkit supporting HTTP protocol) to simulate the page to submit web login request, or htmlUnit (an open source java page) Analysis tool, after reading the page, you can effectively use htmlUnit to analyze the content on the page)
  • the development kit simulates the browser to parse the web login page to log in to the system under test. After the login is successful, the login authentication and authorization information is analyzed, and the It is encapsulated into Map (a container that associates key objects with value objects) and returns.
  • Map a container that associates key objects with value objects
  • httpClient development kit and htmlUnit development kit can also be replaced with other java development tools that can simulate sending http requests.
  • the java development tool sends a web login request to the tested system, receives and processes the response returned by the tested system Message to parse out the login authentication and authorization information and encapsulate it into a Map.
  • the login script can also be called a java login script.
  • authentication information for short, and the authentication information provided by the system under test can be obtained by executing the login script of a certain system under test.
  • the input parameters of the login script of a tested system can be in the form of a String array, which includes the user name and password information required to log in to the tested system.
  • Step S102 After receiving the login request for the tested system under test sent by the interface test tool, according to the association relationship between the tested system and the login script, dynamically load and execute the login script corresponding to the tested system under test. Log in to the system under test to simulate the authentication information provided by the system under test.
  • the login request includes the name of the tested system designated by the interface test tool and the login user information.
  • the tested system under test is the system under test currently to be executed interface test.
  • Step S102 may specifically include: searching for a login script that has a mapping relationship with the name of the tested system under test, and loading the login script; using the login user information specified by the interface test tool as the input parameter of the loaded login script, and executing the loaded login Script to simulate the system under test for login test. After the login is successful, the login script parses the authentication information from the response message returned by the system under test under test.
  • the authentication information is stored in the Map and then returned to the interface test tool.
  • the java class loader can be used to dynamically load the login script corresponding to the tested system.
  • the authentication information can be token; or session information, such as session ID (identification); or other information that can be used for authentication and authorization.
  • Step S103 Provide the authentication information to the interface testing tool, so that the interface testing tool adds the authentication information to the interface access request to the tested system under test, and then responds to the response data returned by the tested system in response to the interface access request Perform verification.
  • the interface test tool After the interface test tool adds the authentication information to the interface access request to the tested system under test, the interface access request is sent to the tested system under test, and the tested system under test responds to the interface access request and returns the response data to Interface test tool so that the interface test tool can verify the returned response data.
  • the verification of the above response data returned by the tested system is mainly to verify the check points in the response data. Checkpoints are test points for interface testing, such as certain fields in the response data. The verification can be to check whether these fields meet expectations.
  • Fig. 2 is a schematic diagram of the login authentication authorization process of the system under test according to the second embodiment of the present invention.
  • the embodiment of the present invention abstracts the web login process of the system under test as a java login interface, for example: login(String[]) login interface.
  • Establish the login script of the tested system (denoted as A system): A.class.
  • the login script implements the login(String[]) login interface according to the login logic of the A system to simulate logging in to the A system.
  • the interface test tool specifies the name of system A and login user information, such as login: A, administrator.
  • login user information such as login: A, administrator.
  • the login request includes information such as A and the administrator.
  • the administrator names the login user information. Through this naming, you can know that the user name of the specified A system is "admin" , The password is "admin”.
  • the mapping relationship Find the login script A.class that has a mapping relationship with A, and dynamically load and execute the login script A.class through ClassLoader (class loader).
  • the login script A.class implements the login(String[]) login interface to simulate login to the A system.
  • the current input parameters of the login(String[]) login interface are the username and password of the A system specified above, namely: login( "admin”,”admin”).
  • the Token is returned to the interface testing tool, and the interface testing tool adds it to the interface access request to the A system to complete the login authentication and authorization process for the A system.
  • Fig. 3 is a schematic diagram of main modules of a web service interface testing device with authentication and authorization according to a third embodiment of the present invention.
  • the web service interface testing device 300 with authentication and authorization mainly includes: a login script establishment module 301, a login script loading and execution module 302, Authentication information providing module 303.
  • the login script creation module 301 is used to create login scripts for each tested system and save the association relationship between the tested system and the login script.
  • the tested system may specifically be a web application system.
  • the embodiment of the present invention can abstract the web login process of the system under test as a java login interface, and each login script implements the java login interface according to the login logic of the associated system under test to complete the simulated login of the associated system under test.
  • the web service interface testing device 300 may also include an input parameter configuration module.
  • the input parameter configuration module can be used to configure one or more sets of input parameters of the login script.
  • the group input parameter is a group of login user information of the system under test.
  • multiple sets of login account information can be configured according to role information.
  • the login script loading and execution module 302 is used to dynamically load the tested system according to the association relationship between the tested system and the login script after receiving the login request for the tested system under test sent by the interface test tool
  • the corresponding login script is executed to simulate the system under test of the login test, and the authentication information provided by the system under test is obtained.
  • the web service interface testing device 300 may further include an information receiving module for receiving the name of the tested system and the login user information specified by the interface testing tool.
  • the login script loading and execution module 302 can be specifically used to: find a login script that has a mapping relationship with the name of the tested system under test, and load the login script; use the login user information specified by the interface test tool as the input of the loaded login script Parameters, execute the loaded login script to simulate the system under test in the login test. After the login is successful, the login script parses the authentication information from the response message returned by the tested system under test.
  • the authentication information may specifically be Token; or session information, such as session ID; or other authentication and authorization information.
  • Web application systems usually have authentication and authentication modules to ensure the security of software system data.
  • Authentication is a process in which a user enters identity information, the server performs verification, and returns the verification result, that is, whether the user is a legitimate user.
  • Authentication is the verification of whether a user has permission to access the back-end service after logging in, that is, whether a legitimate user has the right to operate.
  • the login script loading and execution module 302 may use a java class loader to dynamically load the login script corresponding to the tested system.
  • the authentication information providing module 303 is used to provide authentication information to the interface test tool, so that the interface test tool adds the authentication information to the interface access request to the tested system under test, and then responds to the interface access request to the tested system under test The returned response data is verified.
  • the web service interface testing device of the embodiment of the present invention abstracts the login interface, implements the login interface for each system under test, and completes the simulated login to the system under test in the implementation, which has high scalability and is in use.
  • the interface testing tool sends a login request to the web service interface testing device 300 of this embodiment, specifying the user name used to return the login authentication information.
  • the web service interface testing device of this embodiment uses java ClassLoader to dynamically load the The login script of the tested system can be loaded without restarting the device of this embodiment to complete the loading of the login script of the new tested system, ensuring high availability of the device.
  • Figure 4 is a schematic diagram of system interaction for web service interface testing with authentication and authorization according to a fourth embodiment of the present invention.
  • the web service interface test with authentication and authorization in the embodiment of the present invention includes three parts of interaction, namely, the web service interface testing device with authentication and authorization in the embodiment of the present invention (hereinafter referred to as web service interface).
  • the web service interface testing device with authentication and authorization can work with automated testing tools to provide effective authentication and authorization information for automated testing tools without manual configuration each time, thereby improving automation efficiency.
  • the interaction process is as follows:
  • Step S401 The web service interface testing device establishes login scripts for each system under test, and saves the association relationship between the system under test and the login script.
  • Step S402 The web service interface testing device configures input parameters of each login script, and the input parameters configured for each login script may be one or more groups.
  • Step S403 The interface testing tool sends a login request to the system under test (taking system A as an example) to the web service interface testing device.
  • Step S404 The web service interface testing device finds the login script of the A system according to the association relationship between the system under test and the login script.
  • Step S405 dynamically load and execute the found login script.
  • Step S406 Realize the simulated login to the A system.
  • Step S407 After the login is successful, the A system provides a Token to the web service interface testing device. Specifically, the Token is parsed from the response message (denoted as the first response message) returned by the A system by the login script.
  • Step S408 The web service interface testing device returns the Token to the interface testing tool.
  • Step S409 The interface test tool adds the Token to the interface access request to the A system.
  • Step S410 After receiving the interface access request, the A system runs the business logic of the A system, and some of the business logic uses the Token for permission verification.
  • Step S411 System A returns a response message (denoted as a second response message) to the interface testing tool.
  • Step S412 The interface test tool performs checkpoint verification on the second response message.
  • FIG. 5 shows an exemplary system architecture 500 for a web service interface testing method with authentication and authorization or a web service interface testing apparatus with authentication and authorization to which an embodiment of the present invention can be applied.
  • the system architecture 500 may include terminal devices 501, 502, 503, a network 504, and a server 505.
  • the network 504 is used to provide a medium for communication links between the terminal devices 501, 502, 503 and the server 505.
  • the network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables.
  • the user can use the terminal devices 501, 502, 503 to interact with the server 505 via the network 504 to receive or send messages and so on.
  • Various communication client applications such as web browser applications, search applications, instant messaging tools, email clients, social platform software, etc., may be installed on the terminal devices 501, 502, and 503 (only examples).
  • the terminal devices 501, 502, and 503 may be various electronic devices that have a display screen and support web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, and so on.
  • the server 505 may be a server that provides various services, such as a background management server (just an example) that provides support for websites browsed by users using the terminal devices 501, 502, and 503.
  • the background management server can process the received login request and other data, for example, log in to the system under test (not shown in Figure 5) according to the login request and get the response data returned by the system under test, analyze the response data, and perform processing, and The processing result (such as authentication information-just an example) is fed back to the terminal device.
  • the method for testing a web service interface with authentication and authorization provided by the embodiment of the present invention is generally executed by the server 505. Accordingly, the testing device for a web service interface with authentication and authorization is generally set in the server 505.
  • terminal devices, networks, and servers in FIG. 5 are merely illustrative. According to implementation needs, there can be any number of terminal devices, networks and servers.
  • FIG. 6 shows a schematic structural diagram of a computer system 600 suitable for implementing a terminal device or a server in the embodiments of the present application.
  • the terminal device or server shown in FIG. 6 is only an example, and should not bring any limitation to the function and use scope of the embodiments of the present application.
  • the computer system 600 includes a central processing unit (CPU) 601, which can be based on a program stored in a read-only memory (ROM) 602 or a program loaded from a storage part 608 into a random access memory (RAM) 603 And perform various appropriate actions and processing.
  • the RAM 603 also stores various programs and data required for the operation of the system 600.
  • the CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604.
  • An input/output (I/O) interface 605 is also connected to the bus 604.
  • the following components are connected to the I/O interface 605: an input part 606 including a keyboard, a mouse, etc.; an output part 607 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and speakers, etc.; a storage part 608 including a hard disk, etc. ; And a communication section 609 including a network interface card such as a LAN card, a modem, etc. The communication section 609 performs communication processing via a network such as the Internet.
  • the driver 610 is also connected to the I/O interface 605 as needed.
  • a removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is installed on the drive 610 as needed, so that the computer program read from it is installed into the storage part 608 as needed.
  • the process described above with reference to the flowchart can be implemented as a computer software program.
  • the disclosed embodiments of the present invention include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program contains program code for executing the method shown in the flowchart.
  • the computer program may be downloaded and installed from the network through the communication part 609, and/or installed from the removable medium 611.
  • the central processing unit (CPU) 601 the above-mentioned functions defined in the system of the present application are executed.
  • the computer-readable medium shown in the present invention may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the two.
  • the computer-readable storage medium may be, for example, but not limited to, an electric, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
  • the computer-readable storage medium may be any tangible medium that contains or stores a program, and the program may be used by or in combination with an instruction execution system, apparatus, or device.
  • a computer-readable signal medium may include a data signal propagated in a baseband or as a part of a carrier wave, and a computer-readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the computer-readable signal medium may also be any computer-readable medium other than the computer-readable storage medium.
  • the computer-readable medium may send, propagate, or transmit the program for use by or in combination with the instruction execution system, apparatus, or device .
  • the program code contained on the computer-readable medium can be transmitted by any suitable medium, including but not limited to: wireless, wire, optical cable, RF, etc., or any suitable combination of the above.
  • each block in the flowchart or block diagram may represent a module, program segment, or part of code, and the above-mentioned module, program segment, or part of code contains one or more for realizing the specified logical function Executable instructions.
  • the functions marked in the block may also occur in a different order from the order marked in the drawings. For example, two blocks shown in succession can actually be executed substantially in parallel, or they can sometimes be executed in the reverse order, depending on the functions involved.
  • each block in the block diagram or flowchart, and the combination of blocks in the block diagram or flowchart can be implemented by a dedicated hardware-based system that performs the specified functions or operations, or can be It is realized by a combination of dedicated hardware and computer instructions.
  • the modules involved in the described embodiments of the present invention can be implemented in software or hardware.
  • the described module may also be provided in the processor.
  • a processor includes a login script establishment module, a login script loading and execution module, and an authentication information providing module.
  • the names of these modules do not constitute a limitation on the module itself under certain circumstances.
  • the login script creation module can also be described as "used to create login scripts for each system under test, and save the system under test.
  • the module of the association relationship with the login script can be implemented in software or hardware.
  • the described module may also be provided in the processor.
  • a processor includes a login script establishment module, a login script loading and execution module, and an authentication information providing module.
  • the names of these modules do not constitute a limitation on the module itself under certain circumstances.
  • the login script creation module can also be described as "used to create login scripts for each system under test, and save the system under test.
  • the module of the association relationship with the login script can be described as "used to create login scripts for
  • the present invention also provides a computer-readable medium.
  • the computer-readable medium may be included in the device described in the foregoing embodiment; or it may exist alone without being assembled into the device.
  • the above-mentioned computer-readable medium carries one or more programs.
  • the device When the above-mentioned one or more programs are executed by a device, the device includes: establishing a login script for each system under test, and saving the system under test and The association relationship between the login scripts; after receiving the login request for the tested system under test sent by the interface testing tool, dynamically load the login script corresponding to the tested system under test according to the association relationship and execute , Log in to the tested system under test in a simulation to obtain the authentication information provided by the tested system under test; provide the authentication information to the interface test tool, so that the interface test tool can transfer the authentication information It is added to the interface access request for the tested system under test, and then the response data returned by the tested system in response to the interface access request is verified.
  • a login script is established for each system under test, and the association relationship between the system under test and the login script is saved; after receiving the login to the system under test sent by the interface test tool After the request, the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship to simulate the system under test for login test to obtain the authentication information provided by the tested system; the authentication information is provided to the interface test tool to The interface test tool adds the authentication information to the interface access request to the tested system, and then verifies the response data returned by the tested system in response to the interface access request.

Abstract

Disclosed are a test method and device for a web service interface having authentication authorization, relating to the technical field of computers. One specific embodiment of the method comprises: respectively establishing login scripts for tested systems; dynamically loading the login script corresponding to a tested system under test according to an association relationship between the tested systems and the login scripts and executing same, so as to simulate to log on the tested system under test to obtain authentication information; and supplying the authentication information to an interface test tool so as to add the authentication information to an interface access request for the tested system under test, and performing verification on response data returned by the tested system under test. The specific embodiment is suitable for automatically testing the web service interface of the tested system having authority control, avoids too large invasiveness to the system, reduces errors, does not need for manual configuration of authentication authorization information, improves automation efficiency, is high in expandability, can achieve multi-user multi-role login, guarantees interface test sufficiency, does not need for restarting, and improves system availability.

Description

一种针对带有认证授权的web服务接口测试方法和装置Method and device for testing web service interface with authentication and authorization 技术领域Technical field
本发明涉及计算机技术领域,尤其涉及一种针对带有认证授权的web服务接口测试方法和装置。The present invention relates to the field of computer technology, in particular to a method and device for testing web service interfaces with authentication and authorization.
背景技术Background technique
软件测试是软件生命周期中重要的一环,是保证软件正确性、易用性、安全性、业务功能完整性的重要过程。其中接口测试是在业务功能开发阶段的中后期开始进行的一种测试,其目的是测试系统组件间通信中数据交换、传递和控制的正确性。Software testing is an important part of the software life cycle and an important process to ensure the correctness, ease of use, security, and integrity of business functions. Among them, the interface test is a kind of test started in the middle and late stages of the business function development phase, and its purpose is to test the correctness of data exchange, transmission and control in the communication between system components.
在web应用系统的接口测试实施中,测试人员需要借助工具模拟web浏览器向后端服务发送请求,对响应报文做检查点校验。对于需要登录的系统,一般会采用两种方案:一是从后端关掉登录认证,二是每次都手动得到一个可用cookie(储存在用户本地终端上的数据)或token(令牌),在之后的访问请求中,带上这些认证信息。第一种方案对于带有权限控制的系统是不适用的,因为不同的登录用户可能拥有不同的权限,并且一些业务逻辑是需要做权限校验的,这种直接关掉权限的方式对系统侵入性太大,对于包含权限控制的业务逻辑无法测试,而且需要单独部署服务器,还会带来意想不到错误;第二种方案由于对于不同的接口,认证信息可能不同,导致对其管理复杂,此外认证信息一般会有过期时间,因此需经常更换,不适用自动化测试场景。In the implementation of the interface test of the web application system, the tester needs to use a tool to simulate a web browser to send a request to the back-end service, and to check the response message. For systems that need to log in, two solutions are generally used: one is to turn off the login authentication from the backend, and the other is to manually obtain a usable cookie (data stored on the user's local terminal) or token (token) each time, In subsequent access requests, bring these authentication information. The first solution is not applicable to systems with permission control, because different login users may have different permissions, and some business logic requires permission verification. This method of directly turning off permissions invades the system It is too flexible to test the business logic that includes permission control, and the server needs to be deployed separately, which will also bring unexpected errors; the second solution may be different for different interfaces, which may result in different authentication information, resulting in complicated management. In addition, authentication Information generally has an expiration time, so it needs to be replaced frequently. It is not suitable for automated testing scenarios.
在实现本发明过程中,发明人发现现有技术中至少存在如下问题:In the process of implementing the present invention, the inventor found that at least the following problems exist in the prior art:
现有技术不适于对带有权限控制的被测系统的web服务接口自动化测试,对系统侵入性太大,需单独部署服务器,还会带来意想不到错误,对于不同的被测系统可扩展性差,且不支持多用户登录,无法保证接口测试的充分性。The existing technology is not suitable for automated testing of the web service interface of the system under test with authority control. It is too intrusive to the system, requires a separate deployment of the server, and also brings unexpected errors, and has poor scalability for different systems under test. And multi-user login is not supported, and the adequacy of interface testing cannot be guaranteed.
发明内容Summary of the invention
有鉴于此,本发明实施例提供一种针对带有认证授权的web服务接口测试方法和装置,能够适于对带有权限控制的被测系统的web服务接口自动化测试,克服对系统侵入性太大的缺陷,无需单独部署服务器,减少错误发生,为自动化测试工具提供有效的认证授权信息而不需每次都由人工配置,提升自动化效率,保证对于不同被测系统的高可扩展性,支持多用户多角色登录,保证了接口测试的充分性,且无需重启即可完成新测试的被测系统的登录脚本加载,提升了系统可用性。In view of this, the embodiments of the present invention provide a method and device for testing web service interfaces with authentication and authorization, which can be adapted to automate testing of web service interfaces of the system under test with permission control, and overcome excessive intrusiveness to the system. Large defects, no need to deploy servers separately, reduce errors, provide effective authentication and authorization information for automated test tools without manual configuration every time, improve automation efficiency, and ensure high scalability for different systems under test. Support Multi-user and multi-role logins ensure the adequacy of interface testing, and load the login script of the newly tested system without restarting, which improves system availability.
为实现上述目的,根据本发明实施例的一个方面,提供了一种针对带有认证授权的web服务接口测试方法。To achieve the above objective, according to one aspect of the embodiments of the present invention, a method for testing a web service interface with authentication and authorization is provided.
一种针对带有认证授权的web服务接口测试方法,包括:为各被测系统分别建立登录脚本,并保存所述被测系统与所述登录脚本之间的关联关系;在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据所述关联关系动态加载所述测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息;将所述认证信息提供给所述接口测试工具,以由所述接口测试工具将所述认证信息添加到对所述测试的被测系统的接口访问请求中,进而对所述测试的被测系统响应所述接口访问请求而返回的响应数据进行校验。A method for testing web service interfaces with authentication and authorization includes: establishing login scripts for each system under test, and saving the association relationship between the system under test and the login script; upon receiving the interface test tool After the login request for the tested system under test is sent, the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship to simulate logging in to the tested system under test to obtain the test The authentication information provided by the system under test; the authentication information is provided to the interface test tool, so that the interface test tool adds the authentication information to the interface access request to the tested system under test, Furthermore, the response data returned by the tested system in response to the interface access request is verified.
可选地,还包括:为所述被测系统建立登录脚本之后,配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。Optionally, the method further includes: after establishing a login script for the system under test, configuring one or more sets of input parameters of the login script, and each set of input parameters is a set of login user information of the system under test.
可选地,所述登录请求包括所述接口测试工具指定的所述测试的被测系统的名称和登录用户信息,根据所述关联关系动态加载测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息的步骤,包括:查找与所述测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本; 以所述接口测试工具指定的登录用户信息作为加载的登录脚本的输入参数,执行所述加载的登录脚本,以模拟登录所述测试的被测系统,在所述登录成功后,所述登录脚本从所述测试的被测系统返回的响应报文中解析出所述认证信息。Optionally, the login request includes the name of the tested system under test specified by the interface test tool and the login user information, and the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship, to The step of simulating logging in to the tested system under test to obtain the authentication information provided by the tested system under test includes: searching for a login script that has a mapping relationship with the name of the tested system under test, and loading the login script ; Use the login user information specified by the interface test tool as the input parameter of the loaded login script, execute the loaded login script to simulate logging in to the tested system under test, after the login is successful, the login The script parses the authentication information from the response message returned by the tested system under test.
可选地,将所述被测系统的web登录过程抽象为java(一种面向对象编程语言)登录接口,所述登录脚本根据所述被测系统的登录逻辑实现所述java登录接口,完成对所述被测系统的模拟登录。Optionally, the web login process of the tested system is abstracted as a java (an object-oriented programming language) login interface, and the login script implements the java login interface according to the login logic of the tested system to complete the Simulated login of the system under test.
可选地,采用java类加载器动态加载所述测试的被测系统对应的登录脚本。Optionally, a java class loader is used to dynamically load the login script corresponding to the tested system under test.
可选地,所述认证信息为token或session(会话控制)信息。Optionally, the authentication information is token or session (session control) information.
根据本发明实施例的另一方面,提供了一种针对带有认证授权的web服务接口测试装置。According to another aspect of the embodiments of the present invention, a device for testing a web service interface with authentication and authorization is provided.
一种针对带有认证授权的web服务接口测试装置,包括:登录脚本建立模块,用于为各被测系统分别建立登录脚本,并保存所述被测系统与所述登录脚本之间的关联关系;登录脚本加载和执行模块,用于在收到接口测试工具发送过来的对测试的被测系统的登录请求之后时,根据所述关联关系动态加载所述测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息;认证信息提供模块,用于将所述认证信息提供给所述接口测试工具,以由所述接口测试工具将所述认证信息添加到对所述测试的被测系统的接口访问请求中,进而对所述测试的被测系统响应所述接口访问请求而返回的响应数据进行校验。A testing device for a web service interface with authentication and authorization, comprising: a login script creation module, which is used to create login scripts for each tested system and save the association relationship between the tested system and the login script The login script loading and execution module is used to dynamically load the login script corresponding to the tested system under test according to the association relationship after receiving the login request for the tested system under test sent by the interface test tool and Execute to simulate logging in the tested system under test to obtain the authentication information provided by the tested system under test; the authentication information providing module is used to provide the authentication information to the interface test tool so that the The interface test tool adds the authentication information to the interface access request to the tested system under test, and then verifies the response data returned by the tested system in response to the interface access request.
可选地,还包括输入参数配置模块,用于:为所述被测系统建立登录脚本之后,配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。Optionally, it further includes an input parameter configuration module, which is used to configure one or more sets of input parameters of the login script after the login script is established for the system under test, and each set of input parameters is a set of the system under test. Login user information.
可选地,还包括信息接收模块,用于接收所述接口测试工具指定的所述测试的被测系统的名称和登录用户信息,所述登录脚本加载和执行模块还用于:查找与所述测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本;以所述接口测试工具指定的登录用户 信息作为加载的登录脚本的输入参数,执行所述加载的登录脚本,以模拟登录所述测试的被测系统,在所述登录成功后,所述登录脚本从所述测试的被测系统返回的响应报文中解析出所述认证信息。Optionally, it further includes an information receiving module, configured to receive the name of the tested system and login user information specified by the interface test tool, and the login script loading and execution module is also used to: The name of the tested system under test has a login script with a mapping relationship, and the login script is loaded; using the login user information specified by the interface test tool as the input parameter of the loaded login script, the loaded login script is executed to simulate Log in to the tested system under test, and after the login is successful, the login script parses out the authentication information from the response message returned by the tested system under test.
可选地,将所述被测系统的web登录过程抽象为java登录接口,所述登录脚本根据所述被测系统的登录逻辑实现所述java登录接口,完成对所述被测系统的模拟登录。Optionally, the web login process of the system under test is abstracted as a java login interface, and the login script implements the java login interface according to the login logic of the system under test to complete the simulated login to the system under test .
可选地,所述登录脚本加载和执行模块采用java类加载器动态加载所述测试的被测系统对应的登录脚本。Optionally, the login script loading and execution module uses a java class loader to dynamically load the login script corresponding to the tested system under test.
根据本发明实施例的又一方面,提供了一种电子设备。According to another aspect of the embodiments of the present invention, an electronic device is provided.
一种电子设备,包括:一个或多个处理器;存储器,用于存储一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现本发明提供的针对带有认证授权的web服务接口测试方法。An electronic device, comprising: one or more processors; a memory, used to store one or more programs, and when the one or more programs are executed by the one or more processors, the one or more Multiple processors implement the method for testing web service interfaces with authentication and authorization provided by the present invention.
根据本发明实施例的又一方面,提供了一种计算机可读介质。According to still another aspect of the embodiments of the present invention, a computer-readable medium is provided.
一种计算机可读介质,其上存储有计算机程序,所述程序被处理器执行时实现本发明提供的针对带有认证授权的web服务接口测试方法。A computer-readable medium with a computer program stored thereon, and when the program is executed by a processor, the method for testing a web service interface with authentication and authorization provided by the present invention is realized.
上述发明中的一个实施例具有如下优点或有益效果:为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系;在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据关联关系动态加载测试的被测系统对应的登录脚本并执行,以模拟登录测试的被测系统,得到测试的被测系统提供的认证信息;将认证信息提供给接口测试工具,以由接口测试工具将认证信息添加到对测试的被测系统的接口访问请求中,进而对测试的被测系统响应接口访问请求而返回的响应数据进行校验。能够适于对带有权限控制的被测系统的web服务接口自动化测试,克服对系统侵入性太大的缺陷,无需单独部署服务器,减少错误发生,为自动化测试工具提供有效的 认证授权信息而不需每次都由人工配置,提升自动化效率,支持用户自定义登录脚本,抽象登录接口并对于每个被测系统都实现该登录接口,保证对于不同被测系统的高可扩展性。可配置多组登录用户信息,支持多用户多角色登录,保证了接口测试的充分性,此外,采用java类加载器动态加载测试的被测系统对应的登录脚本,从而无需重启本发明的装置即可完成新测试的被测系统的登录脚本加载,提升了系统可用性。An embodiment of the above-mentioned invention has the following advantages or beneficial effects: establish login scripts for each system under test, and save the association relationship between the system under test and the login script; after receiving the test data sent by the interface test tool After the login request of the tested system, the login script corresponding to the tested system is dynamically loaded and executed according to the association relationship to simulate the login test of the tested system to obtain the authentication information provided by the tested system; provide the authentication information to The interface test tool adds the authentication information to the interface access request of the tested system by the interface test tool, and then verifies the response data returned by the tested system in response to the interface access request. It is suitable for automated testing of the web service interface of the system under test with access control, overcoming the defect that is too intrusive to the system, without the need to deploy a server separately, reducing the occurrence of errors, and providing effective authentication and authorization information for automated testing tools. It needs to be manually configured each time to improve automation efficiency, support user-defined login scripts, abstract the login interface and implement the login interface for each system under test to ensure high scalability for different systems under test. Multiple groups of login user information can be configured to support multi-user and multi-role login, ensuring the sufficiency of interface testing. In addition, the java class loader is used to dynamically load the login script corresponding to the tested system, so there is no need to restart the device of the present invention. The login script of the tested system can be loaded for the new test, which improves the system usability.
上述的非惯用的可选方式所具有的进一步效果将在下文中结合具体实施方式加以说明。The further effects of the above non-conventional alternative methods will be described below in conjunction with specific implementations.
附图说明Description of the drawings
附图用于更好地理解本发明,不构成对本发明的不当限定。其中:The accompanying drawings are used to better understand the present invention, and do not constitute an improper limitation of the present invention. among them:
图1是根据本发明第一实施例的针对带有认证授权的web服务接口测试方法的主要步骤示意图;FIG. 1 is a schematic diagram of the main steps of a method for testing a web service interface with authentication and authorization according to a first embodiment of the present invention;
图2是根据本发明第二实施例的被测系统的登录认证授权流程示意图;Figure 2 is a schematic diagram of a login authentication authorization process of a system under test according to a second embodiment of the present invention;
图3是根据本发明第三实施例的针对带有认证授权的web服务接口测试装置的主要模块示意图;3 is a schematic diagram of main modules of a web service interface testing device with authentication and authorization according to a third embodiment of the present invention;
图4是根据本发明第四实施例的针对带有认证授权的web服务接口测试的系统交互示意图;4 is a schematic diagram of system interaction for testing web service interface with authentication and authorization according to a fourth embodiment of the present invention;
图5是本发明实施例可以应用于其中的示例性系统架构图;FIG. 5 is an exemplary system architecture diagram to which the embodiment of the present invention can be applied;
图6是适于用来实现本发明实施例的终端设备或服务器的计算机系统的结构示意图。Fig. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
具体实施方式detailed description
以下结合附图对本发明的示范性实施例做出说明,其中包括本发明实施例的各种细节以助于理解,应当将它们认为仅仅是示范性的。因此,本领域普通技术人员应当认识到,可以对这里描述的实施例做出各种改变和修改,而不会背离本发明的范围和精神。同样,为了清 楚和简明,以下的描述中省略了对公知功能和结构的描述。The following describes exemplary embodiments of the present invention with reference to the accompanying drawings, which include various details of the embodiments of the present invention to facilitate understanding, and should be regarded as merely exemplary. Therefore, those of ordinary skill in the art should realize that various changes and modifications can be made to the embodiments described herein without departing from the scope and spirit of the present invention. Also, for clarity and conciseness, descriptions of well-known functions and structures are omitted in the following description.
本领域技术技术人员知道,本发明的实施方式可以实现为一种系统、装置、设备、方法或计算机程序产品。因此,本公开可以具体实现为以下形式,即:完全的硬件、完全的软件(包括固件、驻留软件、微代码等),或者硬件和软件结合的形式。Those skilled in the art know that the embodiments of the present invention can be implemented as a system, device, device, method, or computer program product. Therefore, the present disclosure may be specifically implemented in the following forms, namely: complete hardware, complete software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.
图1是根据本发明第一实施例的针对带有认证授权的web服务接口测试方法的主要步骤示意图。Fig. 1 is a schematic diagram of the main steps of a method for testing a web service interface with authentication and authorization according to a first embodiment of the present invention.
如图1所示,本实施例的针对带有认证授权的web服务接口测试方法主要包括如下的步骤S101至步骤S103。As shown in FIG. 1, the method for testing a web service interface with authentication and authorization in this embodiment mainly includes the following steps S101 to S103.
步骤S101:为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系。Step S101: Establish a login script for each system under test, and save the association relationship between the system under test and the login script.
被测系统具体可以为web应用系统。The tested system may specifically be a web application system.
本发明实施例将被测系统的web登录过程抽象为java登录接口,每个登录脚本都根据所关联的被测系统的登录逻辑实现该java登录接口,完成对相应被测系统的模拟登录。具体的实现逻辑例如:采用httpClient开发包(可以用来提供高效的、最新的、功能丰富的支持HTTP协议的客户端编程工具包)模拟页面提交web登录请求,或者htmlUnit(一款开源的java页面分析工具,读取页面后,可以有效的使用htmlUnit分析页面上的内容)开发包模拟浏览器解析web登录页面,以登录被测系统,在登录成功后,解析出登录的认证授权信息,并将其封装成Map(一种把键对象和值对象进行关联的容器)返回。从而,对于每个被测系统都可以实现各自的登录脚本。The embodiment of the present invention abstracts the web login process of the system under test as a java login interface, and each login script implements the java login interface according to the login logic of the associated system under test to complete the simulated login of the corresponding system under test. Specific implementation logic such as: using httpClient development kit (which can be used to provide efficient, up-to-date, feature-rich client programming toolkit supporting HTTP protocol) to simulate the page to submit web login request, or htmlUnit (an open source java page) Analysis tool, after reading the page, you can effectively use htmlUnit to analyze the content on the page) The development kit simulates the browser to parse the web login page to log in to the system under test. After the login is successful, the login authentication and authorization information is analyzed, and the It is encapsulated into Map (a container that associates key objects with value objects) and returns. Thus, each system under test can implement its own login script.
需要说明的是,上述httpClient开发包、htmlUnit开发包也可以替换为其他能够模拟发送http请求的java开发工具,该java开发工具向被测系统发送web登录请求,接收并处理被测系统返回的响应报文, 以解析出登录的认证授权信息,并将其封装成Map。登录脚本也可以称为java登录脚本。It should be noted that the above httpClient development kit and htmlUnit development kit can also be replaced with other java development tools that can simulate sending http requests. The java development tool sends a web login request to the tested system, receives and processes the response returned by the tested system Message to parse out the login authentication and authorization information and encapsulate it into a Map. The login script can also be called a java login script.
上述解析出的认证授权信息可简称为认证信息,执行某个被测系统的登录脚本即可以得到该被测系统提供的认证信息。The authentication and authorization information parsed above can be referred to as authentication information for short, and the authentication information provided by the system under test can be obtained by executing the login script of a certain system under test.
为一个被测系统建立登录脚本之后,还包括:配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。After establishing a login script for a tested system, it also includes: configuring one or more sets of input parameters of the login script, and each set of input parameters is a set of login user information of the tested system.
一个被测系统的登录脚本的输入参数,即该登录脚本实现的java登录接口的输入参数,具体可以为String数组的形式,其中包括登录该被测系统需要的用户名、密码信息。The input parameters of the login script of a tested system, that is, the input parameters of the java login interface implemented by the login script, can be in the form of a String array, which includes the user name and password information required to log in to the tested system.
步骤S102:在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据被测系统与登录脚本之间的关联关系,动态加载测试的被测系统对应的登录脚本并执行,以模拟登录测试的被测系统,得到测试的被测系统提供的认证信息。Step S102: After receiving the login request for the tested system under test sent by the interface test tool, according to the association relationship between the tested system and the login script, dynamically load and execute the login script corresponding to the tested system under test. Log in to the system under test to simulate the authentication information provided by the system under test.
所述登录请求包括接口测试工具指定的测试的被测系统的名称和登录用户信息。测试的被测系统即当前要被执行接口测试的被测系统。The login request includes the name of the tested system designated by the interface test tool and the login user information. The tested system under test is the system under test currently to be executed interface test.
步骤S102具体可以包括:查找与测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本;以接口测试工具指定的登录用户信息作为加载的登录脚本的输入参数,执行加载的登录脚本,以模拟登录测试的被测系统,在登录成功后,登录脚本从测试的被测系统返回的响应报文中解析出认证信息。Step S102 may specifically include: searching for a login script that has a mapping relationship with the name of the tested system under test, and loading the login script; using the login user information specified by the interface test tool as the input parameter of the loaded login script, and executing the loaded login Script to simulate the system under test for login test. After the login is successful, the login script parses the authentication information from the response message returned by the system under test under test.
解析出认证信息之后,认证信息被存放到Map中,然后将其返回给接口测试工具。After parsing out the authentication information, the authentication information is stored in the Map and then returned to the interface test tool.
其中,可以采用java类加载器动态加载测试的被测系统对应的登录脚本。Among them, the java class loader can be used to dynamically load the login script corresponding to the tested system.
认证信息可以为token;或者session信息,例如session ID(标识);或者其他可用于认证授权的信息。The authentication information can be token; or session information, such as session ID (identification); or other information that can be used for authentication and authorization.
步骤S103:将认证信息提供给接口测试工具,以由接口测试工具将认证信息添加到对测试的被测系统的接口访问请求中,进而对测试的被测系统响应接口访问请求而返回的响应数据进行校验。Step S103: Provide the authentication information to the interface testing tool, so that the interface testing tool adds the authentication information to the interface access request to the tested system under test, and then responds to the response data returned by the tested system in response to the interface access request Perform verification.
接口测试工具将认证信息添加到对测试的被测系统的接口访问请求中之后,将该接口访问请求发送给测试的被测系统,测试的被测系统响应该接口访问请求,将响应数据返回给接口测试工具,以便接口测试工具对该返回的响应数据进行校验。对测试的被测系统返回的上述响应数据进行校验,主要是对响应数据中的检查点进行校验。检查点即接口测试的测试点,例如响应数据中的某些字段,校验可以是检查这些字段是否符合预期。After the interface test tool adds the authentication information to the interface access request to the tested system under test, the interface access request is sent to the tested system under test, and the tested system under test responds to the interface access request and returns the response data to Interface test tool so that the interface test tool can verify the returned response data. The verification of the above response data returned by the tested system is mainly to verify the check points in the response data. Checkpoints are test points for interface testing, such as certain fields in the response data. The verification can be to check whether these fields meet expectations.
图2是根据本发明第二实施例的被测系统的登录认证授权流程示意图。Fig. 2 is a schematic diagram of the login authentication authorization process of the system under test according to the second embodiment of the present invention.
如图2所示,本发明实施例将被测系统的web登录过程抽象为java登录接口,例如:login(String[])登录接口。建立被测系统(记作A系统)的登录脚本:A.class,该登录脚本根据A系统的登录逻辑实现该login(String[])登录接口,以模拟登录A系统。As shown in Figure 2, the embodiment of the present invention abstracts the web login process of the system under test as a java login interface, for example: login(String[]) login interface. Establish the login script of the tested system (denoted as A system): A.class. The login script implements the login(String[]) login interface according to the login logic of the A system to simulate logging in to the A system.
对被测系统进行登录管理,可以在UI界面(用户界面)上创建新被测系统,例如上述的A系统,然后上传建立好的登录脚本A.class,以建立A系统与登录脚本A.class之间的关联关系,例如,建立A系统的名称与登录脚本A.class之间的如下映射关系:
Figure PCTCN2020106707-appb-000001
保存该映射关系。配置多组登录用户信息,每组登录用户信息为登录脚本A.class实现的该login(String[])登录接口的一组输入参数。例如: For login management of the system under test, you can create a new system under test on the UI interface (user interface), such as the A system mentioned above, and upload the established login script A.class to establish the A system and the login script A.class For example, establish the following mapping relationship between the name of the A system and the login script A.class:
Figure PCTCN2020106707-appb-000001
Save the mapping relationship. Configure multiple groups of login user information, each group of login user information is a set of input parameters of the login(String[]) login interface implemented by the login script A.class. E.g:
管理员:login("admin","admin")Administrator: login("admin","admin")
审批员:login("verify","verify")Approver: login("verify","verify")
对于每个被测系统,均可以根据其后端服务中不同的角色信息(例如管理员、审批员等角色),按照上述方法配置多组登录用户信息,并为每组登录用户信息命名,例如“管理员”。For each system under test, you can configure multiple sets of login user information according to the above method according to different role information in its back-end services (such as administrator, approver, etc.), and name each set of login user information, for example "administrator".
以A系统的登录认证授权为例,接口测试工具指定A系统的名称和登录用户信息,例如登录:A,管理员。此外,还指定要访问的A系统的接口,例如接口:B111。接收接口测试工具发送过来的对A系统的登录请求,登录请求中包括A、管理员等信息,管理员为对登录用户信息的命名,通过该命名可以获知指定A系统的用户名为"admin",密码为"admin"。根据映射关系:
Figure PCTCN2020106707-appb-000002
查找到与A存在映射关系的登录脚本A.class,通过ClassLoader(类加载器)动态加载该登录脚本A.class并执行。登录脚本A.class实现该login(String[])登录接口,以模拟登录A系统,login(String[])登录接口当前的输入参数即为上述指定的A系统的用户名和密码,即:login("admin","admin")。 Take the login authentication and authorization of system A as an example, the interface test tool specifies the name of system A and login user information, such as login: A, administrator. In addition, specify the interface of system A to be accessed, for example, interface: B111. Receive the login request to the A system sent by the interface test tool. The login request includes information such as A and the administrator. The administrator names the login user information. Through this naming, you can know that the user name of the specified A system is "admin" , The password is "admin". According to the mapping relationship:
Figure PCTCN2020106707-appb-000002
Find the login script A.class that has a mapping relationship with A, and dynamically load and execute the login script A.class through ClassLoader (class loader). The login script A.class implements the login(String[]) login interface to simulate login to the A system. The current input parameters of the login(String[]) login interface are the username and password of the A system specified above, namely: login( "admin","admin").
通过执行登录脚本A.class得到认证信息Token=111,该Token是执行登录脚本A.class模拟登录A系统,并在登录成功后A系统所提供的。将该Token返回给接口测试工具,由接口测试工具将其添加到对A系统的接口访问请求中,即可完成对A系统的登录认证授权过程。The authentication information Token=111 is obtained by executing the login script A.class, which is provided by the A system after the login script A.class is executed to simulate logging in to the A system. The Token is returned to the interface testing tool, and the interface testing tool adds it to the interface access request to the A system to complete the login authentication and authorization process for the A system.
图3是根据本发明第三实施例的针对带有认证授权的web服务接口测试装置的主要模块示意图。Fig. 3 is a schematic diagram of main modules of a web service interface testing device with authentication and authorization according to a third embodiment of the present invention.
如图3所示,本发明实施例的针对带有认证授权的web服务接口测试装置300,以下简称web服务接口测试装置300,主要包括:登录脚本建立模块301、登录脚本加载和执行模块302、认证信息提供模块303。As shown in FIG. 3, the web service interface testing device 300 with authentication and authorization according to the embodiment of the present invention, hereinafter referred to as the web service interface testing device 300, mainly includes: a login script establishment module 301, a login script loading and execution module 302, Authentication information providing module 303.
登录脚本建立模块301,用于为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系。The login script creation module 301 is used to create login scripts for each tested system and save the association relationship between the tested system and the login script.
被测系统具体可以为web应用系统。The tested system may specifically be a web application system.
本发明实施例可将被测系统的web登录过程抽象为java登录接口,各登录脚本根据所关联的被测系统的登录逻辑实现该java登录接口,完成对所关联的被测系统的模拟登录。The embodiment of the present invention can abstract the web login process of the system under test as a java login interface, and each login script implements the java login interface according to the login logic of the associated system under test to complete the simulated login of the associated system under test.
web服务接口测试装置300还可以包括输入参数配置模块,在登录脚本建立模块301为被测系统建立登录脚本之后,该输入参数配置模块可用于配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。在web服务接口测试装置300内,对于每个被测系统都可根据角色信息配置多组登录账户信息。The web service interface testing device 300 may also include an input parameter configuration module. After the login script creation module 301 creates a login script for the system under test, the input parameter configuration module can be used to configure one or more sets of input parameters of the login script. The group input parameter is a group of login user information of the system under test. In the web service interface testing device 300, for each system under test, multiple sets of login account information can be configured according to role information.
登录脚本加载和执行模块302,用于在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据被测系统与登录脚本之间的关联关系,动态加载测试的被测系统对应的登录脚本并执行,以模拟登录测试的被测系统,得到测试的被测系统提供的认证信息。The login script loading and execution module 302 is used to dynamically load the tested system according to the association relationship between the tested system and the login script after receiving the login request for the tested system under test sent by the interface test tool The corresponding login script is executed to simulate the system under test of the login test, and the authentication information provided by the system under test is obtained.
web服务接口测试装置300还可以包括信息接收模块,用于接收接口测试工具指定的测试的被测系统的名称和登录用户信息。The web service interface testing device 300 may further include an information receiving module for receiving the name of the tested system and the login user information specified by the interface testing tool.
登录脚本加载和执行模块302具体可以用于:查找与测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本;以接口测试工具指定的登录用户信息作为加载的登录脚本的输入参数,执行加载的登录脚本,以模拟登录测试的被测系统,在登录成功后,登录脚本从测试的被测系统返回的响应报文中解析出认证信息。The login script loading and execution module 302 can be specifically used to: find a login script that has a mapping relationship with the name of the tested system under test, and load the login script; use the login user information specified by the interface test tool as the input of the loaded login script Parameters, execute the loaded login script to simulate the system under test in the login test. After the login is successful, the login script parses the authentication information from the response message returned by the tested system under test.
认证信息具体可以为Token;或者session信息,例如session ID;或者其他认证授权信息。web应用系统通常都带有认证鉴权模块,以保证软件系统数据安全,认证是用户输入身份信息,服务器进行校验,并返回校验结果的过程,即校验用户是不是合法用户。鉴权是用户经过登录后,访问后端服务是否有权限的校验,即校验合法用户是不是有权操作。The authentication information may specifically be Token; or session information, such as session ID; or other authentication and authorization information. Web application systems usually have authentication and authentication modules to ensure the security of software system data. Authentication is a process in which a user enters identity information, the server performs verification, and returns the verification result, that is, whether the user is a legitimate user. Authentication is the verification of whether a user has permission to access the back-end service after logging in, that is, whether a legitimate user has the right to operate.
登录脚本加载和执行模块302可以采用java类加载器动态加载测试的被测系统对应的登录脚本。The login script loading and execution module 302 may use a java class loader to dynamically load the login script corresponding to the tested system.
认证信息提供模块303,用于将认证信息提供给接口测试工具,以由接口测试工具将认证信息添加到对测试的被测系统的接口访问请求中,进而对测试的被测系统响应接口访问请求而返回的响应数据进行校验。The authentication information providing module 303 is used to provide authentication information to the interface test tool, so that the interface test tool adds the authentication information to the interface access request to the tested system under test, and then responds to the interface access request to the tested system under test The returned response data is verified.
本发明实施例的web服务接口测试装置抽象登录接口,对每个被测系统都实现该登录接口,并在实现中完成对被测系统的模拟登录,具有高扩展行性,并且,在使用时,接口测试工具向本实施例的web服务接口测试装置300发送登录请求,指明使用的用户名即可返回登录后的认证信息,此外,本实施例的web服务接口测试装置采用java ClassLoader动态加载被测系统的登录脚本,无需重启本实施例的装置即可完成新被测系统的登录脚本加载,保证本装置的高可用性。The web service interface testing device of the embodiment of the present invention abstracts the login interface, implements the login interface for each system under test, and completes the simulated login to the system under test in the implementation, which has high scalability and is in use. , The interface testing tool sends a login request to the web service interface testing device 300 of this embodiment, specifying the user name used to return the login authentication information. In addition, the web service interface testing device of this embodiment uses java ClassLoader to dynamically load the The login script of the tested system can be loaded without restarting the device of this embodiment to complete the loading of the login script of the new tested system, ensuring high availability of the device.
图4是根据本发明第四实施例的针对带有认证授权的web服务接口测试的系统交互示意图。Figure 4 is a schematic diagram of system interaction for web service interface testing with authentication and authorization according to a fourth embodiment of the present invention.
如图4所示,本发明实施例的针对带有认证授权的web服务接口测试包括三部分的交互,即本发明实施例的针对带有认证授权的web服务接口测试装置(以下简称web服务接口测试装置)、接口测试工具、被测系统之间的交互。针对带有认证授权的web服务接口测试装置可配合自动化测试工具工作,为自动化测试工具提供有效的认证授权信息而不需要每次都人工配置,从而提升自动化效率。As shown in FIG. 4, the web service interface test with authentication and authorization in the embodiment of the present invention includes three parts of interaction, namely, the web service interface testing device with authentication and authorization in the embodiment of the present invention (hereinafter referred to as web service interface). The interaction between the test device), the interface test tool, and the system under test. The web service interface testing device with authentication and authorization can work with automated testing tools to provide effective authentication and authorization information for automated testing tools without manual configuration each time, thereby improving automation efficiency.
交互流程具体如下:The interaction process is as follows:
步骤S401:web服务接口测试装置为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系。Step S401: The web service interface testing device establishes login scripts for each system under test, and saves the association relationship between the system under test and the login script.
步骤S402:web服务接口测试装置配置各登录脚本的输入参数, 每个登录脚本配置的输入参数可以为一组或多组。Step S402: The web service interface testing device configures input parameters of each login script, and the input parameters configured for each login script may be one or more groups.
步骤S403:接口测试工具向web服务接口测试装置发送对被测系统(以A系统为例)的登录请求。Step S403: The interface testing tool sends a login request to the system under test (taking system A as an example) to the web service interface testing device.
步骤S404:web服务接口测试装置根据被测系统与登录脚本之间的关联关系,查找到A系统的登录脚本。Step S404: The web service interface testing device finds the login script of the A system according to the association relationship between the system under test and the login script.
步骤S405:动态加载查找到的登录脚本并执行。Step S405: dynamically load and execute the found login script.
步骤S406:实现模拟登录A系统。Step S406: Realize the simulated login to the A system.
步骤S407:登录成功后,A系统向web服务接口测试装置提供Token,具体地,该Token是登录脚本从A系统返回的响应报文(记作第一响应报文)中解析出来的。Step S407: After the login is successful, the A system provides a Token to the web service interface testing device. Specifically, the Token is parsed from the response message (denoted as the first response message) returned by the A system by the login script.
步骤S408:web服务接口测试装置将Token返回给接口测试工具。Step S408: The web service interface testing device returns the Token to the interface testing tool.
步骤S409:接口测试工具将Token添加到对A系统的接口访问请求中。Step S409: The interface test tool adds the Token to the interface access request to the A system.
步骤S410:A系统在收到接口访问请求之后,运行A系统的业务逻辑,其中一些业务逻辑利用该Token做权限校验。Step S410: After receiving the interface access request, the A system runs the business logic of the A system, and some of the business logic uses the Token for permission verification.
步骤S411:A系统向接口测试工具返回响应报文(记作第二响应报文)。Step S411: System A returns a response message (denoted as a second response message) to the interface testing tool.
步骤S412:接口测试工具对第二响应报文做检查点校验。Step S412: The interface test tool performs checkpoint verification on the second response message.
另外,在本发明实施例中所述针对带有认证授权的web服务接口测试装置的具体实施内容,在上面所述针对带有认证授权的web服务接口测试方法中已经详细说明了,故在此重复内容不再说明。In addition, the specific implementation content of the web service interface testing device with authentication and authorization described in the embodiment of the present invention has been described in detail in the above-mentioned web service interface testing method with authentication and authorization, so here The repeated content will not be explained again.
图5示出了可以应用本发明实施例的针对带有认证授权的web服务接口测试方法或针对带有认证授权的web服务接口测试装置的示例性系统架构500。FIG. 5 shows an exemplary system architecture 500 for a web service interface testing method with authentication and authorization or a web service interface testing apparatus with authentication and authorization to which an embodiment of the present invention can be applied.
如图5所示,系统架构500可以包括终端设备501、502、503,网络504和服务器505。网络504用以在终端设备501、502、503和服务器505之间提供通信链路的介质。网络504可以包括各种连接类型, 例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 5, the system architecture 500 may include terminal devices 501, 502, 503, a network 504, and a server 505. The network 504 is used to provide a medium for communication links between the terminal devices 501, 502, 503 and the server 505. The network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables.
用户可以使用终端设备501、502、503通过网络504与服务器505交互,以接收或发送消息等。终端设备501、502、503上可以安装有各种通讯客户端应用,例如网页浏览器应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等(仅为示例)。The user can use the terminal devices 501, 502, 503 to interact with the server 505 via the network 504 to receive or send messages and so on. Various communication client applications, such as web browser applications, search applications, instant messaging tools, email clients, social platform software, etc., may be installed on the terminal devices 501, 502, and 503 (only examples).
终端设备501、502、503可以是具有显示屏并且支持网页浏览的各种电子设备,包括但不限于智能手机、平板电脑、膝上型便携计算机和台式计算机等等。The terminal devices 501, 502, and 503 may be various electronic devices that have a display screen and support web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, and so on.
服务器505可以是提供各种服务的服务器,例如对用户利用终端设备501、502、503所浏览的网站提供支持的后台管理服务器(仅为示例)。后台管理服务器可以对接收到的登录请求等数据进行处理,例如根据登录请求登录被测系统(图5中未示出)并得到被测系统返回的响应数据,对响应数据进行解析等处理,并将处理结果(例如认证信息--仅为示例)反馈给终端设备。The server 505 may be a server that provides various services, such as a background management server (just an example) that provides support for websites browsed by users using the terminal devices 501, 502, and 503. The background management server can process the received login request and other data, for example, log in to the system under test (not shown in Figure 5) according to the login request and get the response data returned by the system under test, analyze the response data, and perform processing, and The processing result (such as authentication information-just an example) is fed back to the terminal device.
需要说明的是,本发明实施例所提供的针对带有认证授权的web服务接口测试方法一般由服务器505执行,相应地,针对带有认证授权的web服务接口测试装置一般设置于服务器505中。It should be noted that the method for testing a web service interface with authentication and authorization provided by the embodiment of the present invention is generally executed by the server 505. Accordingly, the testing device for a web service interface with authentication and authorization is generally set in the server 505.
应该理解,图5中的终端设备、网络和服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络和服务器。It should be understood that the numbers of terminal devices, networks, and servers in FIG. 5 are merely illustrative. According to implementation needs, there can be any number of terminal devices, networks and servers.
下面参考图6,其示出了适于用来实现本申请实施例的终端设备或服务器的计算机系统600的结构示意图。图6示出的终端设备或服务器仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。Reference is now made to FIG. 6, which shows a schematic structural diagram of a computer system 600 suitable for implementing a terminal device or a server in the embodiments of the present application. The terminal device or server shown in FIG. 6 is only an example, and should not bring any limitation to the function and use scope of the embodiments of the present application.
如图6所示,计算机系统600包括中央处理单元(CPU)601,其可以根据存储在只读存储器(ROM)602中的程序或者从存储部分608加载到随机访问存储器(RAM)603中的程序而执行各种适当的动作和处理。在RAM 603中,还存储有系统600操作所需的各种程序和数据。CPU 601、ROM 602以及RAM 603通过总线604彼此相连。输入/输出(I/O)接口605也连接至总线604。As shown in FIG. 6, the computer system 600 includes a central processing unit (CPU) 601, which can be based on a program stored in a read-only memory (ROM) 602 or a program loaded from a storage part 608 into a random access memory (RAM) 603 And perform various appropriate actions and processing. The RAM 603 also stores various programs and data required for the operation of the system 600. The CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to the bus 604.
以下部件连接至I/O接口605:包括键盘、鼠标等的输入部分606;包括诸如阴极射线管(CRT)、液晶显示器(LCD)等以及扬声器等的输出部分607;包括硬盘等的存储部分608;以及包括诸如LAN卡、调制解调器等的网络接口卡的通信部分609。通信部分609经由诸如因特网的网络执行通信处理。驱动器610也根据需要连接至I/O接口605。可拆卸介质611,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器610上,以便于从其上读出的计算机程序根据需要被安装入存储部分608。The following components are connected to the I/O interface 605: an input part 606 including a keyboard, a mouse, etc.; an output part 607 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and speakers, etc.; a storage part 608 including a hard disk, etc. ; And a communication section 609 including a network interface card such as a LAN card, a modem, etc. The communication section 609 performs communication processing via a network such as the Internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is installed on the drive 610 as needed, so that the computer program read from it is installed into the storage part 608 as needed.
特别地,根据本发明公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本发明公开的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信部分609从网络上被下载和安装,和/或从可拆卸介质611被安装。在该计算机程序被中央处理单元(CPU)601执行时,执行本申请的系统中限定的上述功能。In particular, according to the disclosed embodiments of the present invention, the process described above with reference to the flowchart can be implemented as a computer software program. For example, the disclosed embodiments of the present invention include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program contains program code for executing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from the network through the communication part 609, and/or installed from the removable medium 611. When the computer program is executed by the central processing unit (CPU) 601, the above-mentioned functions defined in the system of the present application are executed.
需要说明的是,本发明所示的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、 只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本申请中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本申请中,计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:无线、电线、光缆、RF等等,或者上述的任意合适的组合。It should be noted that the computer-readable medium shown in the present invention may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the two. The computer-readable storage medium may be, for example, but not limited to, an electric, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In this application, the computer-readable storage medium may be any tangible medium that contains or stores a program, and the program may be used by or in combination with an instruction execution system, apparatus, or device. In this application, a computer-readable signal medium may include a data signal propagated in a baseband or as a part of a carrier wave, and a computer-readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. The computer-readable signal medium may also be any computer-readable medium other than the computer-readable storage medium. The computer-readable medium may send, propagate, or transmit the program for use by or in combination with the instruction execution system, apparatus, or device . The program code contained on the computer-readable medium can be transmitted by any suitable medium, including but not limited to: wireless, wire, optical cable, RF, etc., or any suitable combination of the above.
附图中的流程图和框图,图示了按照本申请各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,上述模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图或流程图中的每个方框、以及框图或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the accompanying drawings illustrate the possible implementation of the system architecture, functions, and operations of the system, method, and computer program product according to various embodiments of the present application. In this regard, each block in the flowchart or block diagram may represent a module, program segment, or part of code, and the above-mentioned module, program segment, or part of code contains one or more for realizing the specified logical function Executable instructions. It should also be noted that, in some alternative implementations, the functions marked in the block may also occur in a different order from the order marked in the drawings. For example, two blocks shown in succession can actually be executed substantially in parallel, or they can sometimes be executed in the reverse order, depending on the functions involved. It should also be noted that each block in the block diagram or flowchart, and the combination of blocks in the block diagram or flowchart, can be implemented by a dedicated hardware-based system that performs the specified functions or operations, or can be It is realized by a combination of dedicated hardware and computer instructions.
描述于本发明实施例中所涉及到的模块可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的模块也可以设置在处理器中,例如,可以描述为:一种处理器包括登录脚本建立模块、登录脚本加载和执行模块、认证信息提供模块。其中,这些模块的名称在 某种情况下并不构成对该模块本身的限定,例如,登录脚本建立模块还可以被描述为“用于为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系的模块”。The modules involved in the described embodiments of the present invention can be implemented in software or hardware. The described module may also be provided in the processor. For example, it may be described as: a processor includes a login script establishment module, a login script loading and execution module, and an authentication information providing module. Among them, the names of these modules do not constitute a limitation on the module itself under certain circumstances. For example, the login script creation module can also be described as "used to create login scripts for each system under test, and save the system under test. The module of the association relationship with the login script".
作为另一方面,本发明还提供了一种计算机可读介质,该计算机可读介质可以是上述实施例中描述的设备中所包含的;也可以是单独存在,而未装配入该设备中。上述计算机可读介质承载有一个或者多个程序,当上述一个或者多个程序被一个该设备执行时,使得该设备包括:为各被测系统分别建立登录脚本,并保存所述被测系统与所述登录脚本之间的关联关系;在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据所述关联关系动态加载所述测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息;将所述认证信息提供给所述接口测试工具,以由所述接口测试工具将所述认证信息添加到对所述测试的被测系统的接口访问请求中,进而对所述测试的被测系统响应所述接口访问请求而返回的响应数据进行校验。As another aspect, the present invention also provides a computer-readable medium. The computer-readable medium may be included in the device described in the foregoing embodiment; or it may exist alone without being assembled into the device. The above-mentioned computer-readable medium carries one or more programs. When the above-mentioned one or more programs are executed by a device, the device includes: establishing a login script for each system under test, and saving the system under test and The association relationship between the login scripts; after receiving the login request for the tested system under test sent by the interface testing tool, dynamically load the login script corresponding to the tested system under test according to the association relationship and execute , Log in to the tested system under test in a simulation to obtain the authentication information provided by the tested system under test; provide the authentication information to the interface test tool, so that the interface test tool can transfer the authentication information It is added to the interface access request for the tested system under test, and then the response data returned by the tested system in response to the interface access request is verified.
根据本发明实施例的技术方案,为各被测系统分别建立登录脚本,并保存被测系统与登录脚本之间的关联关系;在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据关联关系动态加载测试的被测系统对应的登录脚本并执行,以模拟登录测试的被测系统,得到测试的被测系统提供的认证信息;将认证信息提供给接口测试工具,以由接口测试工具将认证信息添加到对测试的被测系统的接口访问请求中,进而对测试的被测系统响应接口访问请求而返回的响应数据进行校验。能够适于对带有权限控制的被测系统的web服务接口自动化测试,克服对系统侵入性太大的缺陷,无需单独部署服务器,减少错误发生,为自动化测试工具提供有效的认证授权信息而不需每次都由人工配置,提升自动化效率,支持用户自定义登录脚本,抽象登录接口并对于每个被测系统都实现该登录接口,保证对于不同被测系统的高可扩展性。可配置多组登录用户信息,支持多用户多角色登录, 保证了接口测试的充分性,此外,采用java类加载器动态加载测试的被测系统对应的登录脚本,从而无需重启本发明的装置即可完成新测试的被测系统的登录脚本加载,提升了系统可用性。According to the technical solution of the embodiment of the present invention, a login script is established for each system under test, and the association relationship between the system under test and the login script is saved; after receiving the login to the system under test sent by the interface test tool After the request, the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship to simulate the system under test for login test to obtain the authentication information provided by the tested system; the authentication information is provided to the interface test tool to The interface test tool adds the authentication information to the interface access request to the tested system, and then verifies the response data returned by the tested system in response to the interface access request. It is suitable for automated testing of the web service interface of the system under test with access control, overcoming the defect that is too intrusive to the system, without the need to deploy a server separately, reducing the occurrence of errors, and providing effective authentication and authorization information for automated testing tools. It needs to be manually configured each time to improve automation efficiency, support user-defined login scripts, abstract the login interface and implement the login interface for each system under test to ensure high scalability for different systems under test. Multiple groups of login user information can be configured to support multi-user and multi-role login, which ensures the adequacy of interface testing. In addition, the java class loader is used to dynamically load the login scripts corresponding to the tested system, so there is no need to restart the device of the present invention. The login script of the tested system can be loaded for the new test, which improves the system usability.
上述具体实施方式,并不构成对本发明保护范围的限制。本领域技术人员应该明白的是,取决于设计要求和其他因素,可以发生各种各样的修改、组合、子组合和替代。任何在本发明的精神和原则之内所作的修改、等同替换和改进等,均应包含在本发明保护范围之内。The foregoing specific implementations do not constitute a limitation on the protection scope of the present invention. Those skilled in the art should understand that, depending on design requirements and other factors, various modifications, combinations, sub-combinations, and substitutions can occur. Any modification, equivalent replacement and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (13)

  1. 一种针对带有认证授权的web服务接口测试方法,包括:A testing method for web service interfaces with authentication and authorization includes:
    为各被测系统分别建立登录脚本,并保存所述被测系统与所述登录脚本之间的关联关系;Create a login script for each tested system, and save the association relationship between the tested system and the login script;
    在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据所述关联关系动态加载所述测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息;After receiving the login request for the tested system under test sent by the interface test tool, the login script corresponding to the tested system under test is dynamically loaded and executed according to the association relationship, so as to simulate the login script of the tested system under test. System to obtain the authentication information provided by the tested system under test;
    将所述认证信息提供给所述接口测试工具,以由所述接口测试工具将所述认证信息添加到对所述测试的被测系统的接口访问请求中,进而对所述测试的被测系统响应所述接口访问请求而返回的响应数据进行校验。The authentication information is provided to the interface test tool, so that the interface test tool adds the authentication information to the interface access request to the tested system under test, and then the test system under test The response data returned in response to the interface access request is verified.
  2. 根据权利要求1所述的方法,还包括:为所述被测系统建立登录脚本之后,配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。The method according to claim 1, further comprising: after establishing a login script for the system under test, configuring one or more sets of input parameters of the login script, each set of input parameters being a set of login users of the system under test information.
  3. 根据权利要求2所述的方法,其中,所述登录请求包括所述接口测试工具指定的所述测试的被测系统的名称和登录用户信息,The method according to claim 2, wherein the login request includes the name of the tested system under test specified by the interface test tool and login user information,
    根据所述关联关系动态加载测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息的步骤,包括:The step of dynamically loading and executing the login script corresponding to the tested system under test according to the association relationship to simulate logging in to the tested system under test, and obtaining the authentication information provided by the tested system under test includes:
    查找与所述测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本;Find a login script that has a mapping relationship with the name of the tested system under test, and load the login script;
    以所述接口测试工具指定的登录用户信息作为加载的登录脚本的输入参数,执行所述加载的登录脚本,以模拟登录所述测试的被测系统,在所述登录成功后,所述登录脚本从所述测试的被测系统返回的响应报文中解析出所述认证信息。The login user information specified by the interface test tool is used as the input parameter of the loaded login script, and the loaded login script is executed to simulate logging in to the tested system under test. After the login is successful, the login script The authentication information is parsed from the response message returned by the tested system under test.
  4. 根据权利要求1所述的方法,其中,将所述被测系统的web登录过程抽象为java登录接口,所述登录脚本根据所述被测系统的登录逻辑实现所述java登录接口,完成对所述被测系统的模拟登录。The method according to claim 1, wherein the web login process of the system under test is abstracted as a java login interface, and the login script implements the java login interface according to the login logic of the system under test to complete the Describe the simulated login of the system under test.
  5. 根据权利要求1所述的方法,其中,采用java类加载器动态加载所述测试的被测系统对应的登录脚本。The method according to claim 1, wherein a java class loader is used to dynamically load the login script corresponding to the tested system under test.
  6. 根据权利要求1所述的方法,其中,所述认证信息为token或session信息。The method according to claim 1, wherein the authentication information is token or session information.
  7. 一种针对带有认证授权的web服务接口测试装置,所述装置包括:A testing device for a web service interface with authentication and authorization, the device comprising:
    登录脚本建立模块,用于为各被测系统分别建立登录脚本,并保存所述被测系统与所述登录脚本之间的关联关系;The login script creation module is used to create login scripts for each system under test, and save the association relationship between the system under test and the login script;
    登录脚本加载和执行模块,用于在收到接口测试工具发送过来的对测试的被测系统的登录请求之后,根据所述关联关系动态加载所述测试的被测系统对应的登录脚本并执行,以模拟登录所述测试的被测系统,得到所述测试的被测系统提供的认证信息;The login script loading and execution module is used to dynamically load and execute the login script corresponding to the tested system under test according to the association relationship after receiving the login request for the tested system under test sent by the interface test tool, Log in to the tested system under test by simulation to obtain the authentication information provided by the tested system under test;
    认证信息提供模块,用于将所述认证信息提供给所述接口测试工具,以由所述接口测试工具将所述认证信息添加到对所述测试的被测系统的接口访问请求中,进而对所述测试的被测系统响应所述接口访问请求而返回的响应数据进行校验。The authentication information providing module is configured to provide the authentication information to the interface testing tool, so that the interface testing tool adds the authentication information to the interface access request to the tested system under test, and then The response data returned by the tested system in response to the interface access request is verified.
  8. 根据权利要求7所述的装置,还包括输入参数配置模块,用于:为所述被测系统建立登录脚本之后,配置该登录脚本的一组或多组输入参数,每组输入参数为该被测系统的一组登录用户信息。The device according to claim 7, further comprising an input parameter configuration module, configured to: after establishing a login script for the system under test, configure one or more sets of input parameters of the login script, and each set of input parameters is the A group of logged-in user information of the test system.
  9. 根据权利要求8所述的装置,还包括信息接收模块,用于接收所述接口测试工具指定的所述测试的被测系统的名称和登录用户信 息,The device according to claim 8, further comprising an information receiving module, configured to receive the name of the tested system under test specified by the interface test tool and the login user information,
    所述登录脚本加载和执行模块还用于:The login script loading and execution module is also used for:
    查找与所述测试的被测系统的名称存在映射关系的登录脚本,并加载该登录脚本;Find a login script that has a mapping relationship with the name of the tested system under test, and load the login script;
    以所述接口测试工具指定的登录用户信息作为加载的登录脚本的输入参数,执行所述加载的登录脚本,以模拟登录所述测试的被测系统,在所述登录成功后,所述登录脚本从所述测试的被测系统返回的响应报文中解析出所述认证信息。The login user information specified by the interface test tool is used as the input parameter of the loaded login script, and the loaded login script is executed to simulate logging in to the tested system under test. After the login is successful, the login script The authentication information is parsed from the response message returned by the tested system under test.
  10. 根据权利要求7所述的装置,其中,将所述被测系统的web登录过程抽象为java登录接口,所述登录脚本根据所述被测系统的登录逻辑实现所述java登录接口,完成对所述被测系统的模拟登录。The device according to claim 7, wherein the web login process of the system under test is abstracted as a java login interface, and the login script implements the java login interface according to the login logic of the system under test, and completes the Describe the simulated login of the system under test.
  11. 根据权利要求7所述的装置,其中,所述登录脚本加载和执行模块采用java类加载器动态加载所述测试的被测系统对应的登录脚本。8. The device according to claim 7, wherein the login script loading and execution module uses a java class loader to dynamically load the login script corresponding to the tested system under test.
  12. 一种电子设备,包括:An electronic device including:
    一个或多个处理器;One or more processors;
    存储器,用于存储一个或多个程序,Memory, used to store one or more programs,
    当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现如权利要求1-6中任一所述的方法。When the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the method according to any one of claims 1-6.
  13. 一种计算机可读介质,其上存储有计算机程序,所述程序被处理器执行时实现如权利要求1-6中任一所述的方法。A computer readable medium with a computer program stored thereon, which when executed by a processor implements the method according to any one of claims 1-6.
PCT/CN2020/106707 2019-08-09 2020-08-04 Test method and device for web service interface having authentication authorization WO2021027615A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910734440.2 2019-08-09
CN201910734440.2A CN110442524B (en) 2019-08-09 2019-08-09 Method and device for testing web service interface with authentication authorization

Publications (1)

Publication Number Publication Date
WO2021027615A1 true WO2021027615A1 (en) 2021-02-18

Family

ID=68434360

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/106707 WO2021027615A1 (en) 2019-08-09 2020-08-04 Test method and device for web service interface having authentication authorization

Country Status (2)

Country Link
CN (1) CN110442524B (en)
WO (1) WO2021027615A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442524B (en) * 2019-08-09 2021-03-30 中国建设银行股份有限公司 Method and device for testing web service interface with authentication authorization
CN111104675A (en) * 2019-11-15 2020-05-05 泰康保险集团股份有限公司 Method and device for detecting system security vulnerability
CN111159000B (en) * 2019-12-30 2021-03-02 北京明朝万达科技股份有限公司 Server performance test method, device, equipment and storage medium
CN112433933A (en) * 2020-04-09 2021-03-02 上海哔哩哔哩科技有限公司 Method and equipment for automatically testing interface
CN113704080A (en) * 2020-05-22 2021-11-26 北京沃东天骏信息技术有限公司 Automatic testing method and device
CN112817811B (en) * 2020-12-31 2022-09-06 深圳市联影高端医疗装备创新研究院 Method, device, equipment and storage medium for predicting scanning failure rate
CN113225223B (en) * 2021-04-21 2022-08-02 武汉思普崚技术有限公司 Automatic testing method for WEB authentication process of PC terminal
CN113535574B (en) * 2021-07-26 2022-07-19 工银科技有限公司 Automatic generation method, device, equipment and medium for test user data
CN113938886B (en) * 2021-11-30 2024-04-05 上海派拉软件股份有限公司 Identity authentication platform testing method, device, equipment and storage medium
CN114301892B (en) * 2021-12-28 2023-08-15 苏州浪潮智能科技有限公司 Method, device and system for simulating Web application to realize example function
CN115277210B (en) * 2022-07-28 2024-02-27 中国工商银行股份有限公司 Token acquisition method, device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833777A (en) * 2012-08-23 2012-12-19 北京傲天动联技术有限公司 Method for testing PORTAL performance of access controller
CN107678962A (en) * 2017-09-26 2018-02-09 郑州云海信息技术有限公司 The automated testing method and device of a kind of cli interface
US20190026214A1 (en) * 2017-07-24 2019-01-24 Microsoft Technology Licensing, Llc Using a pre-installation environment to debug a server without a functioning operating system
CN110442524A (en) * 2019-08-09 2019-11-12 中国建设银行股份有限公司 It is a kind of for have Certificate Authority web service interface test method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11132287B2 (en) * 2016-05-18 2021-09-28 Dynatrace Llc Synthetic test recorder installed inline with a web portal
CN107122297B (en) * 2017-04-18 2020-10-27 上海雷腾软件股份有限公司 Method and equipment for generating request message of test interface
CN109032956B (en) * 2018-09-11 2022-03-22 郑州云海信息技术有限公司 Interface testing method and device
CN109376021A (en) * 2018-09-26 2019-02-22 深圳壹账通智能科技有限公司 The response method and server that interface calls
CN109446093B (en) * 2018-11-05 2022-02-22 郑州云海信息技术有限公司 Method and device for testing expansion platform interface
CN109831360A (en) * 2019-02-27 2019-05-31 深圳市吉祥腾达科技有限公司 Automated testing method and test macro for multi-user concurrent web authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833777A (en) * 2012-08-23 2012-12-19 北京傲天动联技术有限公司 Method for testing PORTAL performance of access controller
US20190026214A1 (en) * 2017-07-24 2019-01-24 Microsoft Technology Licensing, Llc Using a pre-installation environment to debug a server without a functioning operating system
CN107678962A (en) * 2017-09-26 2018-02-09 郑州云海信息技术有限公司 The automated testing method and device of a kind of cli interface
CN110442524A (en) * 2019-08-09 2019-11-12 中国建设银行股份有限公司 It is a kind of for have Certificate Authority web service interface test method and device

Also Published As

Publication number Publication date
CN110442524A (en) 2019-11-12
CN110442524B (en) 2021-03-30

Similar Documents

Publication Publication Date Title
WO2021027615A1 (en) Test method and device for web service interface having authentication authorization
US11010191B1 (en) Platform-independent interface for generating virtualized multi-service hardware systems and infrastructure
US20200250074A1 (en) Test Orchestration Platform
US20240064058A1 (en) Implementation of compliance settings by a mobile device for compliance with a configuration scenario
US11843674B2 (en) Virtual workspace experience visualization and optimization
US20200233786A1 (en) Default mock implementations at a server
US20190199803A1 (en) Managing remote support
CN111258627A (en) Interface document generation method and device
US11722481B2 (en) Multiple identity provider authentication system
CN107247661B (en) Method and system for supporting automatic verification of installation package of application
US11188346B2 (en) Obtaining environment information in a computing environment
CN112131095B (en) Pressure testing method and device
CN109271310B (en) Development testing method and device for network function of mobile application program
CN112433938A (en) Method and device for testing application of mobile terminal
CN113158146A (en) Script management method, script management platform, computing device and medium
Karki et al. Performance Comparison of SSH Libraries
CN113760727A (en) Interface regression testing method and device
US20230071504A1 (en) Multi-client orchestrated automated testing platform
US20230388296A1 (en) System and method for providing rdp client based rdp services through a zero trust cloud environment
US20240031358A1 (en) System and method for providing a web based rdp service through a zero trust cloud environment
CN116701158A (en) Test method and device
CN113849407A (en) Automatic testing web method and system based on Django with permission verification
CN114500485A (en) Data processing method and device
CN115878234A (en) Application login method and related device
CN117520286A (en) Data synchronous processing method, system, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20853239

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20853239

Country of ref document: EP

Kind code of ref document: A1