iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BAEL-797 Updating tests to work with csrf

This commit is contained in:
tschiman 2017-05-10 16:48:38 -06:00
parent 6d710e245a
commit be4b206478
1 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
spring-cloud/spring-cloud-bootstrap/gateway/src/test/java/com/baeldung/spring/cloud/bootstrap/gateway/LiveTest.java
View File

@ -42,9 +42,8 @@ public class LiveTest {
@Test @Test
public void whenAccessProtectedResourceAfterLogin_thenSuccess() { public void whenAccessProtectedResourceAfterLogin_thenSuccess() {
SessionData sessionData = login(); SessionData sessionData = login("user", "password");
final Response response = RestAssured.given() final Response response = RestAssured.given()
.auth().preemptive().basic("user", "password")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.get(ROOT_URI + "/rating-service/ratings?bookId=1"); .get(ROOT_URI + "/rating-service/ratings?bookId=1");
@ -54,9 +53,8 @@ public class LiveTest {
@Test @Test
public void whenAccessAdminProtectedResource_thenForbidden() { public void whenAccessAdminProtectedResource_thenForbidden() {
SessionData sessionData = login(); SessionData sessionData = login("user", "password");
final Response response = RestAssured.given() final Response response = RestAssured.given()
.auth().preemptive().basic("user", "password")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.get(ROOT_URI + "/rating-service/ratings"); .get(ROOT_URI + "/rating-service/ratings");
@ -66,9 +64,8 @@ public class LiveTest {
@Test @Test
public void whenAdminAccessProtectedResource_thenSuccess() { public void whenAdminAccessProtectedResource_thenSuccess() {
SessionData sessionData = login(); SessionData sessionData = login("admin", "admin");
final Response response = RestAssured.given() final Response response = RestAssured.given()
.auth().preemptive().basic("admin", "admin")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.get(ROOT_URI + "/rating-service/ratings"); .get(ROOT_URI + "/rating-service/ratings");
@ -78,9 +75,8 @@ public class LiveTest {
@Test @Test
public void whenAdminAccessDiscoveryResource_thenSuccess() { public void whenAdminAccessDiscoveryResource_thenSuccess() {
SessionData sessionData = login(); SessionData sessionData = login("admin", "admin");
final Response response = RestAssured.given() final Response response = RestAssured.given()
.auth().preemptive().basic("admin", "admin")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.get(ROOT_URI + "/discovery"); .get(ROOT_URI + "/discovery");
@ -92,11 +88,10 @@ public class LiveTest {
final Rating rating = new Rating(1L, 4); final Rating rating = new Rating(1L, 4);
SessionData sessionData = login(); SessionData sessionData = login("admin", "admin");
// request the protected resource // request the protected resource
final Response ratingResponse = RestAssured.given() final Response ratingResponse = RestAssured.given()
.auth().preemptive().basic("admin", "admin")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.and() .and()
@ -113,11 +108,10 @@ public class LiveTest {
public void whenAddnewBook_thenSuccess() { public void whenAddnewBook_thenSuccess() {
final Book book = new Book("Baeldung", "How to spring cloud"); final Book book = new Book("Baeldung", "How to spring cloud");
SessionData sessionData = login(); SessionData sessionData = login("admin", "admin");
// request the protected resource // request the protected resource
final Response bookResponse = RestAssured.given() final Response bookResponse = RestAssured.given()
.auth().preemptive().basic("admin", "admin")
.header("X-XSRF-TOKEN", sessionData.getCsrf()) .header("X-XSRF-TOKEN", sessionData.getCsrf())
.filter(sessionFilter) .filter(sessionFilter)
.and() .and()
@ -210,16 +204,35 @@ public class LiveTest {
} }
} }
private SessionData login() { private SessionData login(String username, String password) {
sessionFilter = new SessionFilter(); sessionFilter = new SessionFilter();
Response getLoginResponse = RestAssured.given() Response getLoginResponse = RestAssured.given()
.filter(sessionFilter)
.when()
.get("/login.html")
.then()
.extract()
.response();
String csrfToken = getLoginResponse.cookie("XSRF-TOKEN");
RestAssured.given().log().all().
filter(sessionFilter)
.header("X-XSRF-TOKEN", csrfToken)
.param("username", username)
.param("password", password)
.when()
.post("/login");
Response afterLoginResponse = RestAssured.given()
.filter(sessionFilter) .filter(sessionFilter)
.when() .when()
.get("/") .get("/")
.then() .then()
.extract() .extract()
.response(); .response();
return new SessionData(getLoginResponse.cookie("XSRF-TOKEN"), sessionFilter.getSessionId());
return new SessionData(afterLoginResponse.cookie("XSRF-TOKEN"), sessionFilter.getSessionId());
} }
private class SessionData { private class SessionData {