Announcement Announcement Module
No announcement yet.
How to test authenticated access to endpoint secured with spring-security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to test authenticated access to endpoint secured with spring-security

    I am using spring-security with form based basic authentication in my jersey server to do a secure POST request.
    When a client accesses the secure resource they are correctly redirected to the spring generated login form where username / password is entered and the form is submitted. After successful authentication and authorization the server then redirects to the secure resource.

    I need to write a junit test that uses jersey client to invoke the secure POST request. Can any one tell me the outline of what the jersey client code needs to do in order to first authenticate and then issues the secure POST request.

    The spring generated login form source looks like this:

    <html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
    <h3>Login with Username and Password</h3><form name='f' action='/mycontext/j_spring_security_check' method='POST'>
        <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
        <tr><td colspan='2'><input name="submit" type="submit"/></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"/></td></tr>
    I wrote the following jersey client code to simulate the submission of above form:

            Client c = Client.create();
            Form form = new Form();
            form.add("j_username", "myuser");
            form.add("j_password", "mypassword");
            String url = "http://localhost:8080/mycontext/j_spring_security_check";
            WebResource webResource = c.resource(url);
            ClientResponse resp = webResource.type(MediaType.APPLICATION_FORM_URLENCODED_TYPE).post(ClientResponse.class, form);
            int status = resp.getStatus();
    Based on debug session I can tell that above code does do authentication (good). But the response returns a status of 404.

    What am I doing wrong?

  • #2
    Actually what I need to know is how to write java client code that invokes a post request to a web endpoint that is secured using spring-security using the UsernamePasswordAuthenticationFilter. The details of my configuration are described here.


    • #3
      [solved] How to test authenticated access to endpoint secured with spring-security

      The following simple jersey client code does an authentiacted request:

              Client c  = new Client();
              // client basic auth filter
              String userId = "...";
              String password = "...";
              c.addFilter(new HTTPBasicAuthFilter(userId, password));
      My thanks to Pavel Bucek of the awesome jersey dev team for the answer.