Dropwizard: How to test a resource protected with `@Auth`?

Created on 20 Aug 2015  ·  3Comments  ·  Source: dropwizard/dropwizard

From the documentation it's unclear how to by pass the authentication. What I read here doesn't work because the methods used are simply not there (e.g: client.addFilter(new HTTPBasicAuthFilter(“user”, “secret")); - seems to be from jersey). If I can make this work I would update the documentation to make it easier for others to do testing.

Here is my class rule

@ClassRule
    public static final ResourceTestRule resources = ResourceTestRule
            .builder()
            .addProvider(
                    AuthFactory.binder(new BasicAuthFactory<User>(
                            new TokenAuthenticator(userDAO),
                            "SUPER SECRET STUFF", User.class)))
            .addResource(new ShopResource(shopDAO, userDAO)).build();

where TokenAuthenticator is a derivation of a username/password scheme. I want to basically have the username:password send to BasicAuthentication to the specified realm. However when I send my request

Builder builder = resources
                .client()
                .register(
                        HttpAuthenticationFeature
                                .basic("[email protected]", "test"))
                .target(R.URL_SHOPS).request();
        Response response = builder.post(Entity.json(shop));
        System.out.println(response.getStringHeaders());

my authenticator simple doesn't get called at all.

For more details, here is my token validator

public class TokenAuthenticator implements
        Authenticator<BasicCredentials, User> {
    UserDAO userDAO;

    public TokenAuthenticator(UserDAO userDAO) {
        super();
        this.userDAO = userDAO;
    }

    /**
     * Need to send in email:auth_token
     */
    @Override
    public Optional<User> authenticate(BasicCredentials credentials)
            throws AuthenticationException {
        Optional<User> userOptional = userDAO.findByEmail(credentials
                .getUsername());
        if (!userOptional.isPresent()
                || userOptional.get().getAuthToken() != credentials
                        .getPassword())
            return Optional.absent();
        return userOptional;
    }

}

and here is my resource

    @POST
    public Response create(@Auth User user, Shop shop) {
        if (shopDAO.findByName(shop.getName()).isPresent()) {
            return Response.status(Status.NOT_ACCEPTABLE).entity("Name existed").build();
        }

        if (!userDAO.findById(shop.getUserId()).isPresent()) {
            return Response.status(Status.NOT_FOUND).entity("User id not found").build();
        }

        long shopId = shopDAO.create(shop);
        return Response.status(Status.CREATED).entity(shopId).build();
    }

Most helpful comment

@carlo-rtr thank you for your pointer, but it's still not clear how to do it properly. I created a discussion here and it turns out I'm not the only one with this problem. I'm surprised the documentation doesn't mention anything about this matter, at all.

All 3 comments

can anybody take a look?

Please don't open issues to ask questions. Use the mailing the list.

With that said, there are tests that use the authentication. See this:

https://github.com/dropwizard/dropwizard/blob/master/dropwizard-auth/src/test/java/io/dropwizard/auth/basic/BasicAuthProviderTest.java

@carlo-rtr thank you for your pointer, but it's still not clear how to do it properly. I created a discussion here and it turns out I'm not the only one with this problem. I'm surprised the documentation doesn't mention anything about this matter, at all.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

jamisonhyatt picture jamisonhyatt  ·  8Comments

animesh-sharama picture animesh-sharama  ·  6Comments

rbjorklin picture rbjorklin  ·  5Comments

henrikno picture henrikno  ·  5Comments

gogo649 picture gogo649  ·  4Comments