[BAEL-2735] REST-Assured Authentication article (eugenp#6753)

rozagerardo · maibin · commit 15b053c6a84a · 2019-04-18T08:34:40.000-07:00
* Added restassured test using basic auth, form auth and digest.

* Added Rest Assured Authentication - OAuth Live Test

* Add Authentication with Rest Assured for autoconfigured Form Login

* Add OAuth 1 Rest Assured scenario
diff --git a/testing-modules/rest-assured/pom.xml b/testing-modules/rest-assured/pom.xml
@@ -162,6 +162,11 @@
             <artifactId>commons-collections</artifactId>
             <version>${commons-collections.version}</version>
         </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <!-- Rest Assured Dependencies-->
         <dependency>
@@ -179,6 +184,12 @@
             <artifactId>json-schema-validator</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.github.scribejava</groupId>
+            <artifactId>scribejava-apis</artifactId>
+            <version>${scribejava.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <properties>
@@ -211,6 +222,8 @@
 
         <rest-assured.version>3.0.1</rest-assured.version>
         <rest-assured-json-schema-validator.version>3.0.1</rest-assured-json-schema-validator.version>
+        
+        <scribejava.version>2.5.3</scribejava.version>
     </properties>
 
 </project>
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicAuthenticationLiveTest.java
@@ -0,0 +1,38 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the service located in the spring-security-rest-basic-auth module.
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-rest-basic-auth">spring-security-rest-basic-auth module</a>
+ * 
+ */
+public class BasicAuthenticationLiveTest {
+
+    private static final String USER = "user1";
+    private static final String PASSWORD = "user1Pass";
+    private static final String SVC_URL = "http://localhost:8080/spring-security-rest-basic-auth/api/foos/1";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.UNAUTHORIZED.value());
+    }
+
+    @Test
+    public void givenBasicAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        given().auth()
+            .basic(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value());
+    }
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicPreemtiveAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/BasicPreemtiveAuthenticationLiveTest.java
@@ -0,0 +1,56 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.is;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the service located in the spring-boot-admin/spring-boot-admin-server module.
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-boot-admin/spring-boot-admin-server">spring-boot-admin/spring-boot-admin-server module</a>
+ * 
+ */
+public class BasicPreemtiveAuthenticationLiveTest {
+
+    private static final String USER = "admin";
+    private static final String PASSWORD = "admin";
+    private static final String SVC_URL = "http://localhost:8080/api/applications/";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("<form"), containsString("action=\"login\""));
+    }
+
+    @Test
+    public void givenNonPreemtiveBasicAuthentication_whenRequestSecuredResource_thenLoginPageRetrieved() {
+        given().auth()
+            .basic(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("<form"), containsString("action=\"login\""));
+    }
+
+    @Test
+    public void givenPreemtiveBasicAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        given().auth()
+            .preemptive()
+            .basic(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .body("size()", is(1));
+    }
+
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/DigestAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/DigestAuthenticationLiveTest.java
@@ -0,0 +1,40 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.containsString;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the service located in the spring-security-mvc-digest-auth module.
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-mvc-digest-auth">spring-security-mvc-digest-auth module</a>
+ * 
+ */
+public class DigestAuthenticationLiveTest {
+
+    private static final String USER = "user1";
+    private static final String PASSWORD = "user1Pass";
+    private static final String SVC_URL = "http://localhost:8080/spring-security-mvc-digest-auth/homepage.html";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.UNAUTHORIZED.value());
+    }
+
+    @Test
+    public void givenFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        given().auth()
+            .digest(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("This is the body of the sample view"));
+    }
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAuthenticationLiveTest.java
@@ -0,0 +1,57 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.isEmptyString;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+import io.restassured.authentication.FormAuthConfig;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the service located in the spring-security-mvc-login module.
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-security-mvc-login">spring-security-mvc-login module</a>
+ * 
+ */
+public class FormAuthenticationLiveTest {
+
+    private static final String USER = "user1";
+    private static final String PASSWORD = "user1Pass";
+    private static final String SVC_URL = "http://localhost:8080/spring-security-mvc-login/secured";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenLoginFormResponse() {
+        get(SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("<form"), containsString("action=\"perform_login\""));
+    }
+
+    @Test
+    public void givenParsingFormAuthentication_whenRequestSecuredResource_thenLoginFormResponse() {
+        // Form can't be parsed correctly because the app is in servlet container, thus the form's 'action' attribute doesn't include the correct URI
+        given().auth()
+            .form(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("<form"), containsString("action=\"perform_login\""));
+    }
+
+    @Test
+    public void givenFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        given().auth()
+            .form(USER, PASSWORD, new FormAuthConfig("/spring-security-mvc-login/perform_login", "username", "password"))
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(isEmptyString());
+    }
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAutoconfAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/FormAutoconfAuthenticationLiveTest.java
@@ -0,0 +1,42 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.is;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the service located in the spring-boot-admin/spring-boot-admin-server module.
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-boot-admin/spring-boot-admin-server">spring-boot-admin/spring-boot-admin-server module</a>
+ * 
+ */
+public class FormAutoconfAuthenticationLiveTest {
+
+    private static final String USER = "admin";
+    private static final String PASSWORD = "admin";
+    private static final String SVC_URL = "http://localhost:8080/ger1/api/applications/";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .content(containsString("<form"), containsString("action=\"login\""));
+    }
+
+    @Test
+    public void givenParsingFormAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        given().auth()
+            .form(USER, PASSWORD)
+            .when()
+            .get(SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .body("size()", is(1));
+    }
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuth2AuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuth2AuthenticationLiveTest.java
@@ -0,0 +1,61 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.hasKey;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+/**
+ * For this Live Test we need:
+ * * a running instance of the authorization server located in the spring-security-oauth repo - oauth-authorization-server module.
+ * @see <a href="https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-authorization-server">spring-security-oauth/oauth-authorization-server module</a>
+ * 
+ * * a running instance of the service located in the spring-security-oauth repo - oauth-resource-server-1 module.
+ * @see <a href="https://github.com/Baeldung/spring-security-oauth/tree/master/oauth-resource-server-1">spring-security-oauth/oauth-resource-server-1 module</a>
+ * 
+ */
+public class OAuth2AuthenticationLiveTest {
+
+    private static final String USER = "john";
+    private static final String PASSWORD = "123";
+    private static final String CLIENT_ID = "fooClientIdPassword";
+    private static final String SECRET = "secret";
+    private static final String AUTH_SVC_TOKEN_URL = "http://localhost:8081/spring-security-oauth-server/oauth/token";
+    private static final String RESOURCE_SVC_URL = "http://localhost:8082/spring-security-oauth-resource/foos/1";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(RESOURCE_SVC_URL).then()
+            .assertThat()
+            .statusCode(HttpStatus.UNAUTHORIZED.value());
+    }
+
+    @Test
+    public void givenAccessTokenAuthentication_whenRequestSecuredResource_thenResourceRetrieved() {
+        String accessToken = given().auth()
+            .basic(CLIENT_ID, SECRET)
+            .formParam("grant_type", "password")
+            .formParam("username", USER)
+            .formParam("password", PASSWORD)
+            .formParam("scope", "read foo")
+            .when()
+            .post(AUTH_SVC_TOKEN_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .path("access_token");
+
+        given().auth()
+            .oauth2(accessToken)
+            .when()
+            .get(RESOURCE_SVC_URL)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .body("$", hasKey("id"))
+            .body("$", hasKey("name"));
+    }
+}
diff --git a/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuthAuthenticationLiveTest.java b/testing-modules/rest-assured/src/test/java/com/baeldung/restassured/authentication/OAuthAuthenticationLiveTest.java
@@ -0,0 +1,53 @@
+package com.baeldung.restassured.authentication;
+
+import static io.restassured.RestAssured.get;
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.Matchers.hasKey;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+
+import io.restassured.http.ContentType;
+
+/**
+ * For this Live Test we need to obtain a valid Access Token and Token Secret:
+ * * start spring-mvc-simple application in debug mode
+ * @see <a href="https://github.com/eugenp/tutorials/tree/master/spring-mvc-simple">spring-mvc-simple module</a>
+ * * calling localhost:8080/spring-mvc-simple/twitter/authorization/ using the browser
+ * * debug the callback function where we can obtain the fields
+ */
+public class OAuthAuthenticationLiveTest {
+
+    // We can obtain these two from the spring-mvc-simple / TwitterController class
+    private static final String OAUTH_API_KEY = "PSRszoHhRDVhyo2RIkThEbWko";
+    private static final String OAUTH_API_SECRET = "prpJbz03DcGRN46sb4ucdSYtVxG8unUKhcnu3an5ItXbEOuenL";
+    private static final String TWITTER_ENDPOINT = "https://api.twitter.com/1.1/account/settings.json";
+    /* We can obtain the following by:
+     * - starting the spring-mvc-simple application
+     * - calling localhost:8080/spring-mvc-simple/twitter/authorization/
+     * - debugging the callback function */
+    private static final String ACCESS_TOKEN = "...";
+    private static final String TOKEN_SECRET = "...";
+
+    @Test
+    public void givenNoAuthentication_whenRequestSecuredResource_thenUnauthorizedResponse() {
+        get(TWITTER_ENDPOINT).then()
+            .assertThat()
+            .statusCode(HttpStatus.BAD_REQUEST.value());
+    }
+
+    @Test
+    public void givenAccessTokenAuthentication_whenRequestSecuredResource_thenResourceIsRequested() {
+        given().accept(ContentType.JSON)
+            .auth()
+            .oauth(OAUTH_API_KEY, OAUTH_API_SECRET, ACCESS_TOKEN, TOKEN_SECRET)
+            .when()
+            .get(TWITTER_ENDPOINT)
+            .then()
+            .assertThat()
+            .statusCode(HttpStatus.OK.value())
+            .body("$", hasKey("geo_enabled"))
+            .body("$", hasKey("language"));
+    }
+
+}
