iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[BAEL-2735] REST-Assured Authentication article (#6753)

Browse Source 
* Added restassured test using basic auth, form auth and digest.

* Added Rest Assured Authentication - OAuth Live Test

* Add Authentication with Rest Assured for autoconfigured Form Login

* Add OAuth 1 Rest Assured scenario
This commit is contained in:
Ger Roza 2019-04-18 12:34:40 -03:00 committed by maibin
parent 01204065e5
commit 15b053c6a8
8 changed files with 360 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testing-modules/rest-assured/pom.xml
View File

@ -162,6 +162,11 @@
<artifactId>commons-collections</artifactId>
<version>${commons-collections.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Rest Assured Dependencies-->
<dependency>
@ -179,6 +184,12 @@
<artifactId>json-schema-validator</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.scribejava</groupId>
<artifactId>scribejava-apis</artifactId>
<version>${scribejava.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<properties>
@ -211,6 +222,8 @@
<rest-assured.version>3.0.1</rest-assured.version>
<rest-assured-json-schema-validator.version>3.0.1</rest-assured-json-schema-validator.version>
<scribejava.version>2.5.3</scribejava.version>
</properties>
</project>

38
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,38 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* For this Live Test we need:
* * a running instance of the service located in the spring-security-rest-basic-auth module.
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-rest-basic-auth">spring-security-rest-basic-auth module</a>
*
*/
public class BasicAuthenticationLiveTest {
private static final String USER = "user1";
private static final String PASSWORD = "user1Pass";
private static final String SVC_URL = "http://localhost:8080/spring-security-rest-basic-auth/api/foos/1";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.UNAUTHORIZED.value());
}
@Test
public void givenBasicAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
given().auth()
.basic(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value());
}
}

56
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicPreemtiveAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,56 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* For this Live Test we need:
* * a running instance of the service located in the spring-boot-admin/spring-boot-admin-server module.
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-boot-admin/spring-boot-admin-server">spring-boot-admin/spring-boot-admin-server module</a>
*
*/
public class BasicPreemtiveAuthenticationLiveTest {
private static final String USER = "admin";
private static final String PASSWORD = "admin";
private static final String SVC_URL = "http://localhost:8080/api/applications/";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("<form"), containsString("action=\"login\""));
}
@Test
public void givenNonPreemtiveBasicAuthentication_whenRequestSecuredResource_thenLoginPageRetrieved() {
given().auth()
.basic(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("<form"), containsString("action=\"login\""));
}
@Test
public void givenPreemtiveBasicAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
given().auth()
.preemptive()
.basic(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.body("size()", is(1));
}
}

40
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/DigestAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,40 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.containsString;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* For this Live Test we need:
* * a running instance of the service located in the spring-security-mvc-digest-auth module.
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-mvc-digest-auth">spring-security-mvc-digest-auth module</a>
*
*/
public class DigestAuthenticationLiveTest {
private static final String USER = "user1";
private static final String PASSWORD = "user1Pass";
private static final String SVC_URL = "http://localhost:8080/spring-security-mvc-digest-auth/homepage.html";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.UNAUTHORIZED.value());
}
@Test
public void givenFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
given().auth()
.digest(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("This is the body of the sample view"));
}
}

57
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,57 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.isEmptyString;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
import io.restassured.authentication.FormAuthConfig;
/**
* For this Live Test we need:
* * a running instance of the service located in the spring-security-mvc-login module.
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-mvc-login">spring-security-mvc-login module</a>
*
*/
public class FormAuthenticationLiveTest {
private static final String USER = "user1";
private static final String PASSWORD = "user1Pass";
private static final String SVC_URL = "http://localhost:8080/spring-security-mvc-login/secured";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenLoginFormResponse() {
get(SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("<form"), containsString("action=\"perform_login\""));
}
@Test
public void givenParsingFormAuthentication_whenRequestSecuredResource_thenLoginFormResponse() {
// Form can't be parsed correctly because the app is in servlet container, thus the form's 'action' attribute doesn't include the correct URI
given().auth()
.form(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("<form"), containsString("action=\"perform_login\""));
}
@Test
public void givenFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
given().auth()
.form(USER, PASSWORD, new FormAuthConfig("/spring-security-mvc-login/perform_login", "username", "password"))
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(isEmptyString());
}
}

42
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAutoconfAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,42 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* For this Live Test we need:
* * a running instance of the service located in the spring-boot-admin/spring-boot-admin-server module.
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-boot-admin/spring-boot-admin-server">spring-boot-admin/spring-boot-admin-server module</a>
*
*/
public class FormAutoconfAuthenticationLiveTest {
private static final String USER = "admin";
private static final String PASSWORD = "admin";
private static final String SVC_URL = "http://localhost:8080/ger1/api/applications/";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.content(containsString("<form"), containsString("action=\"login\""));
}
@Test
public void givenParsingFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
given().auth()
.form(USER, PASSWORD)
.when()
.get(SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.body("size()", is(1));
}
}

61
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuth2AuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,61 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.hasKey;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
/**
* For this Live Test we need:
* * a running instance of the authorization server located in the spring-security-oauth repo - oauth-authorization-server module.
* @see <a href="https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-authorization-server">spring-security-oauth/oauth-authorization-server module</a>
*
* * a running instance of the service located in the spring-security-oauth repo - oauth-resource-server-1 module.
* @see <a href="https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-resource-server-1">spring-security-oauth/oauth-resource-server-1 module</a>
*
*/
public class OAuth2AuthenticationLiveTest {
private static final String USER = "john";
private static final String PASSWORD = "123";
private static final String CLIENT_ID = "fooClientIdPassword";
private static final String SECRET = "secret";
private static final String AUTH_SVC_TOKEN_URL = "http://localhost:8081/spring-security-oauth-server/oauth/token";
private static final String RESOURCE_SVC_URL = "http://localhost:8082/spring-security-oauth-resource/foos/1";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(RESOURCE_SVC_URL).then()
.assertThat()
.statusCode(HttpStatus.UNAUTHORIZED.value());
}
@Test
public void givenAccessTokenAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
String accessToken = given().auth()
.basic(CLIENT_ID, SECRET)
.formParam("grant_type", "password")
.formParam("username", USER)
.formParam("password", PASSWORD)
.formParam("scope", "read foo")
.when()
.post(AUTH_SVC_TOKEN_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.extract()
.path("access_token");
given().auth()
.oauth2(accessToken)
.when()
.get(RESOURCE_SVC_URL)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.body("$", hasKey("id"))
.body("$", hasKey("name"));
}
}

53
testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuthAuthenticationLiveTest.java Normal file
View File

@ -0,0 +1,53 @@
package com.baeldung.restassured.authentication;
import static io.restassured.RestAssured.get;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.hasKey;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
import io.restassured.http.ContentType;
/**
* For this Live Test we need to obtain a valid Access Token and Token Secret:
* * start spring-mvc-simple application in debug mode
* @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-mvc-simple">spring-mvc-simple module</a>
* * calling localhost:8080/spring-mvc-simple/twitter/authorization/ using the browser
* * debug the callback function where we can obtain the fields
*/
public class OAuthAuthenticationLiveTest {
// We can obtain these two from the spring-mvc-simple / TwitterController class
private static final String OAUTH_API_KEY = "PSRszoHhRDVhyo2RIkThEbWko";
private static final String OAUTH_API_SECRET = "prpJbz03DcGRN46sb4ucdSYtVxG8unUKhcnu3an5ItXbEOuenL";
private static final String TWITTER_ENDPOINT = "https://api.twitter.com/1.1/account/settings.json";
/* We can obtain the following by:
* - starting the spring-mvc-simple application
* - calling localhost:8080/spring-mvc-simple/twitter/authorization/
* - debugging the callback function */
private static final String ACCESS_TOKEN = "...";
private static final String TOKEN_SECRET = "...";
@Test
public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
get(TWITTER_ENDPOINT).then()
.assertThat()
.statusCode(HttpStatus.BAD_REQUEST.value());
}
@Test
public void givenAccessTokenAuthentication_whenRequestSecuredResource_thenResourceIsRequested() {
given().accept(ContentType.JSON)
.auth()
.oauth(OAUTH_API_KEY, OAUTH_API_SECRET, ACCESS_TOKEN, TOKEN_SECRET)
.when()
.get(TWITTER_ENDPOINT)
.then()
.assertThat()
.statusCode(HttpStatus.OK.value())
.body("$", hasKey("geo_enabled"))
.body("$", hasKey("language"));
}
}