I am new to using Rest Assured,Java and Api testing so please be gentle with me. When I use rest assured to test an api that uses Bearer authentication the tests fail resulting in:-
java.net.ConnectException: Connection refused: connect
I know the issue is likely to do with the authentication but am unsure on how to use "Bearer". I searched around and believe that somehow I need to make an initial request using my username and password. Then get a token back to be used for bearer authentication.
Please can someone help me to do this with a very simple example?
My code is
import com.jayway.restassured.RestAssured;
import static com.jayway.restassured.RestAssured.*;
import static org.hamcrest.Matchers.hasItem;
@BeforeTest
public void setUp() {
RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
RestAssured.authentication = preemptive().basic("username","password");
}
@Test
public void successfulTest() {
given()
.contentType("application/json; charset=UTF-8");
when().
get("http://mydomain/testpath/Id=2").
then().
statusCode(200);
}
Response response =
given()
.headers(
"Authorization",
"Bearer " + bearerToken,
"Content-Type",
ContentType.JSON,
"Accept",
ContentType.JSON)
.when()
.get(url)
.then()
.contentType(ContentType.JSON)
.extract()
.response();
In order to get the bearer token you can use this code to authorize your request:
PreemptiveBasicAuthScheme authScheme = new PreemptiveBasicAuthScheme();
authScheme.setUserName("login");
authScheme.setPassword("password");
RestAssured.authentication = authScheme;
After you get the token, send it in your request this way:
response = given().auth().oauth2(token).get("http://mydomain/testpath/Id=2");
My Cucumber step definition looks like this:
// Class variables
private String token_resource = "/yourApp/oauth/token?username=";
private String endpoint_rest="https://your.app.domain.com/";
private String acessToken;
@When("^user gets access token using userId \"(.+)\" and password \"(.+)\"$")
public void getAccessToken(String userName, String password){
RequestSpecification requestSpec = RestAssured.with();
requestSpec.given().contentType("application/json");
requestSpec.headers("Authorization", "Basic your-string-here");
Response response = requestSpec.post(endpoint_rest + token_resource + userName + "&password=" + password + "&client_id=yourApp&grant_type=password");
String responseMsg = response.asString();
System.out.println(">> responseMsg=" + responseMsg);
assertTrue("Missing access token",responseMsg.contains("access_token"));
System.out.println(">> Get Access token RESPONSE: " + responseMsg);
DocumentContext doc = JsonPath.parse(responseMsg);
acessToken= doc.read("access_token");
System.out.println(" >> doc.read access_token= " + acessToken);
}
Much depends on how your endpoint was coded.
When I want to learn this kind of thing I go to the Rest-assured examples and search.
Here for instance.
If the error was "Connection refused", it sounds more like a network issue instead of authentication. Basically you haven't reached the point to authenticate your client with the service.
You can check to see if your service is running on a different port other than 80. If that's the case, just provide the port before sending out the request:
given().port(your_port_number)
You can use a more visualized rest client app to try your request to make sure it actually works before putting it into your code. "Postman" could be a good candidate.
