用digest auth放心

时间:2014-07-17 10:20:40

标签: rest java-ee spring-mvc spring-security rest-assured

我有一个有效的spring-mvc应用程序,有休息服务和一些可以保证的测试:

@Test
public void createFoobarFromScratchReturns201(){
    expect().statusCode(201).given()    
    .queryParam("foo", generateFoo())
    .queryParam("bar", generateBar())
    .when().post("/foo/bar/");
}

=> OK

然后我实施了摘要身份验证。一切都运作良好,现在我必须登录才能使用我的服务:

curl http://localhost:8089/foo/bar
=> HTTP ERROR 401,  Full authentication is required to access this resource

curl http://localhost:8089/foo/bar --digest -u user_test:password
=> HTTP 201, CREATED

但是当我尝试使用most obvious function升级我的测试时,我仍然有401错误:

@Test
public void createFoobarFromScratchReturns201(){
    expect().statusCode(201).given()    
    .auth().digest("user_test", "password") // Digest added here
    .queryParam("foo", generateFoo())
    .queryParam("bar", generateBar())
    .when().post("/foo/bar/");
}

=> Expected status code <201> doesn't match actual status code <401>

我在 preemptive()函数中找到了一些线索,但它似乎只针对基本实现:

// Returns an AuthenticatedScheme and stores it into the general configuration
RestAssured.authentication = preemptive().basic("user_test", "password");

// Try a similar thing, but it didn't work :
RestAssured.authentication = RestAssured.digest("user_test", "password");

目前,我正在努力实现两件事:

  • 我需要升级几项测试以支持摘要
  • 我需要修改其余测试套件的 @Before (与auth问题无关),已经登录。

任何想法或文档?

1 个答案:

答案 0 :(得分:1)

尝试在Rest Assured中嵌入的HTTP客户端中启用对Cookie的支持:

 RestAssuredConfig config = new RestAssuredConfig().httpClient(new HttpClientConfig().setParam(ClientPNames.COOKIE_POLICY, CookiePolicy.BEST_MATCH));

 expect().statusCode(201).given()    
 .auth().digest("user_test", "password") // Digest added here
 .config(config)
 .queryParam("foo", generateFoo())
 .queryParam("bar", generateBar())
 .when().post("/foo/bar/");

HTTP客户端(因此Rest Assured)支持摘要式身份验证,使用digest方法配置RestAssured效果很好。

相关问题
最新问题