Basic Authentication about wiremock HOT 13 CLOSED

I can't think why it would support what you've attempted there. Could you send me the stub mapping and the full exception trace?

from wiremock.

I'm not currently trying to stub that request, I was trying to set an expectation. The problem is that the jetty server that wiremock uses doesn't have the ability to respond to requests with an authorization request in it. It doesn't throw an exception, jetty quietly responds with a 400.

One would have to setup the jetty server like this: (some scratch code I wrote into the WiremockServer)

+        if (options.username() != null && options.password() != null) {
+            Constraint constraint = new Constraint();
+            constraint.setRoles(new String[] { "admin" });
+            constraint.setName(Constraint.__BASIC_AUTH);
+            constraint.setAuthenticate(true);
+
+            ConstraintMapping constraintMapping = new ConstraintMapping();
+            constraintMapping.setConstraint(constraint);
+            constraintMapping.setPathSpec("/*");
+
+            HashUserRealm hashUserRealm = new HashUserRealm();
+            hashUserRealm.setName("AuthGroup");
+            hashUserRealm.put(options.username(), options.password());
+            hashUserRealm.addUserToRole(options.username(), "admin");
+
+            SecurityHandler securityHandler = new SecurityHandler();
+            securityHandler.setUserRealm(hashUserRealm);
+            securityHandler.setAuthenticator(new BasicAuthenticator());
+            securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
+
+            jettyServer.setUserRealms(new UserRealm[] { hashUserRealm });
+
+            jettyServer.addHandler(securityHandler);
+        }

I might take a stab at it this weekend. Any suggestions?

from wiremock.

OK, I see the problem. I'm not familiar with now Jetty attempts to process basic auth, but disabling it completely might be the simplest option (if that's possible), then you can just write stub/verify statements against auth headers as normal.

from wiremock.

+1
I'm also looking for a way to test HTTP(S) Basic Authentication for a Jersey Client:

  ClientConfig clientConfig = new ClientConfig();
  clientConfig.register(HttpAuthenticationFeature.basic(someUserName, somePassword));
  Client client = ClientBuilder.newClient(clientConfig);

from wiremock.

If all you're wanting to do is check that the client sends an appropriate basic auth header, you could just verify the header directly e.g.

verify(getRequestedFor(urlEqualTo("/your-url"))
  withHeader("Authorization", equalTo("Basic <base64 encoded user:pass>"))

from wiremock.

It would be nice if there was a more convenient way to do the authorization header verification.

from wiremock.

Ideally, it should support auth scheme negociation as described in §2 Basic Authentication with the API of http://www.baeldung.com/httpclient-4-basic-authentication
Even if in the end, it can only mock basic auth

from wiremock.

I'd certainly like to make this easier, although it's possible to do pre-emptive now in the 2.0 beta (and from there, mock out the whole interaction).

from wiremock.

I was able to add a test for basic auth using a custom transformer.

Has any thought been given to including some transformers with Wiremock?

(Or should someone start an extensions project?)

from wiremock.

@mrdanpsmith - I presume you mean a negotiated auth handshake via a transformer?

If so, it'd be great to get that as a PR. I like the idea of having it as an extension but in the core codebase so it can be activated just when needed.

from wiremock.

@tomakehurst - Yes, that is what I'm talking about.

It's good to know that you would consider adding that to the main project.

I'll see if I can find some time to put a PR together.

EDIT: It looks like you added something for this already in the 2.0-beta and you are not accepting PRs for 1.xx.

from wiremock.

Yes, there's pre-emptive basic auth in 2.x already, but not negotiated.

And yes, 1.x is frozen now.

from wiremock.

Closing this as it's inactive. I'd still be happy to accept an extension supporting negotiated auth.

from wiremock.