io.restassured.authentication

Class FormAuthConfig

java.lang.Object

io.restassured.authentication.FormAuthConfig

public class FormAuthConfig
extends Object

Configuration of form authentication to correctly identify which form that contains the username and password and the action of the form.

Constructor Summary

Constructors

Constructor and Description
FormAuthConfig() Creates a new empty FormAuthConfig.
FormAuthConfig(String formAction, String userNameInputTagName, String passwordInputTagName) Create a form auth config with a pre-defined form action, username input tag, password input tag.

Method Summary

Modifier and Type	Method and Description
FormAuthConfig	and() Syntactic sugar
static FormAuthConfig	formAuthConfig() Creates a new empty FormAuthConfig.
List<String>	getAdditionalInputFieldNames()
String	getCsrfFieldName()
String	getFormAction()
LogConfig	getLogConfig()
LogDetail	getLogDetail()
String	getPasswordInputTagName()
String	getUserInputTagName()
boolean	hasAdditionalInputFieldNames()
boolean	hasCsrfFieldName()
boolean	hasFormAction()
boolean	hasPasswordInputTagName()
boolean	hasUserInputTagName()
boolean	isAutoDetectCsrfFieldName()
boolean	isLoggingEnabled()
boolean	requiresParsingOfLoginPage()
FormAuthConfig	sendCsrfTokenAsFormParam()
FormAuthConfig	sendCsrfTokenAsHeader()
boolean	shouldSendCsrfTokenAsFormParam()
static FormAuthConfig	springSecurity()
FormAuthConfig	withAdditionalField(String fieldName) Include additional field when using form authentication by including input field value with the specified name.
FormAuthConfig	withAdditionalFields(String firstFieldName, String secondFieldName, String... additionalFieldNames) Include multiple additional fields when using form authentication by including input field values with the specified name.
FormAuthConfig	withAutoDetectionOfCsrf() Enable Cross-site request forgery (csrf) support when using form authentication by automatically trying to find the name and value of the csrf input field.
FormAuthConfig	withCsrfFieldName(String fieldName) Enable Cross-site request forgery (csrf) support when using form authentication by including the csrf value of the input field with the specified name.
FormAuthConfig	withLoggingEnabled() Enables logging with log level LogDetail.ALL of the request made to authenticate using form authentication.
FormAuthConfig	withLoggingEnabled(LogConfig logConfig) Enables logging with log level LogDetail.ALL of the request made to authenticate using form authentication using the specified LogConfig.
FormAuthConfig	withLoggingEnabled(LogDetail logDetail) Enables logging with the supplied logDetail of the request made to authenticate using form authentication.
FormAuthConfig	withLoggingEnabled(LogDetail logDetail, LogConfig logConfig) Enables logging with the supplied log detail of the request made to authenticate using form authentication using the specified LogConfig.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

FormAuthConfig

public FormAuthConfig(String formAction,
                      String userNameInputTagName,
                      String passwordInputTagName)

Create a form auth config with a pre-defined form action, username input tag, password input tag. E.g. let's say that the login form on your login page looks like this:

  <form action="/j_spring_security_check">
     <label for="j_username">Username</label>
     <input type="text" name="j_username" id="j_username"/>
     <br/>
     <label for="j_password">Password</label>
     <input type="password" name="j_password" id="j_password"/>
     <br/>
     <input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.
     <br/>
     <input type="submit" value="Login"/>
 </form>
 

This means that formAction should be set to /j_spring_security_check, userNameInputTagName should be set to j_username and passwordInputTagName should be set to j_password.

Parameters:

formAction - The action of the form

userNameInputTagName - The name of the username input tag in the login form

passwordInputTagName - The name of the password input tag in the login form

FormAuthConfig

public FormAuthConfig()

Creates a new empty FormAuthConfig.

Method Detail

springSecurity

public static FormAuthConfig springSecurity()

Returns:

A predefined form authentication config for default Spring Security configuration (tested in version 3.0.5) (no CSRF detection).

withCsrfFieldName

public FormAuthConfig withCsrfFieldName(String fieldName)

Enable Cross-site request forgery (csrf) support when using form authentication by including the csrf value of the input field with the specified name. For example if the login page looks like this:

 <html>
 <head>
     <title>Login</title>
 </head>
 <body>
 <form action="j_spring_security_check_with_csrf" method="POST">
     <table>
         <tr>
             <td>User:&nbsp;</td>
             <td><input type="text" name="j_username"></td>
         </tr>
         <tr>
             <td>Password:</td>
             <td><input type="password" name="j_password"></td>
         </tr>
         <tr>
             <td colspan="2"><input name="submit" type="submit"/></td>
         </tr>
     </table>
     <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/>
 </form>
 </body>
 </html>
 

The csrf field name is called _csrf.

Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to be able to include in the csrf value which will slow down the tests.

Parameters:

fieldName - The name of the input field

Returns:

A new FormAuthConfig instance.

See Also:

withAutoDetectionOfCsrf()

withAdditionalField

public FormAuthConfig withAdditionalField(String fieldName)

Include additional field when using form authentication by including input field value with the specified name. For example if the login page looks like this:

 <html>
 <head>
     <title>Login</title>
 </head>
 <body>
 <form action="j_spring_security_check_with_csrf" method="POST">
     <table>
         <tr>
             <td>User:&nbsp;</td>
             <td><input type="text" name="j_username"></td>
         </tr>
         <tr>
             <td>Password:</td>
             <td><input type="password" name="j_password"></td>
         </tr>
         <tr>
             <td colspan="2"><input name="submit" type="submit"/></td>
         </tr>
     </table>
     <input type="hidden" name="something" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/>
 </form>
 </body>
 </html>
 

and you'd like to include the field named something as an additional form parameter in the request you can do like this:

 given().auth().form(..., new FormAuthConfig(..).withAdditionalField("something"). ..
 

and then REST Assured will send the form parameter something=8adf2ea1-b246-40aa-8e13-a85fb7914341

Important: When including an additional field without specifying a value then REST Assured must always make an additional request to the server in order to be able to figure out the field value. This will slow down the tests.

Parameters:

fieldName - The first field name to include

Returns:

A new FormAuthConfig instance.

withAdditionalFields

public FormAuthConfig withAdditionalFields(String firstFieldName,
                                           String secondFieldName,
                                           String... additionalFieldNames)

Include multiple additional fields when using form authentication by including input field values with the specified name. This is the same as withAdditionalField(String) but for multiple fields.

Important: When including an additional field without specifying a value then REST Assured must always make an additional request to the server in order to be able to figure out the field value. This will slow down the tests.

Parameters:

firstFieldName - The first additional input field to include

secondFieldName - The second additional input field to include

additionalFieldNames - Additional field name to include (optional)

Returns:

A new FormAuthConfig instance.

sendCsrfTokenAsHeader

public FormAuthConfig sendCsrfTokenAsHeader()

Returns:

Configure form authentication to send the csrf token in a header.

sendCsrfTokenAsFormParam

public FormAuthConfig sendCsrfTokenAsFormParam()

Returns:

Configure form authentication to send the csrf token as a form parameter (default setting).

withAutoDetectionOfCsrf

public FormAuthConfig withAutoDetectionOfCsrf()

Enable Cross-site request forgery (csrf) support when using form authentication by automatically trying to find the name and value of the csrf input field. For example if the login page looks like this:

 <html>
 <head>
     <title>Login</title>
 </head>
 <body>
 <form action="j_spring_security_check_with_csrf" method="POST">
     <table>
         <tr>
             <td>User:&nbsp;</td>
             <td><input type="text" name="j_username"></td>
         </tr>
         <tr>
             <td>Password:</td>
             <td><input type="password" name="j_password"></td>
         </tr>
         <tr>
             <td colspan="2"><input name="submit" type="submit"/></td>
         </tr>
     </table>
     <input type="hidden" name="_csrf" value="8adf2ea1-b246-40aa-8e13-a85fb7914341"/>
 </form>
 </body>
 </html>
 

The csrf field name is called _csrf and REST Assured will autodetect its name since the field name is the only hidden field on this page. If auto-detection fails you can consider using withCsrfFieldName(String).

Important: When enabling csrf support then REST Assured must always make an additional request to the server in order to be able to include in the csrf value which will slow down the tests.

Returns:

A new FormAuthConfig instance.

See Also:

withCsrfFieldName(String)

withLoggingEnabled

public FormAuthConfig withLoggingEnabled()

Enables logging with log level LogDetail.ALL of the request made to authenticate using form authentication. Both the request and the response is logged.

Returns:

A new FormAuthConfig instance.

withLoggingEnabled

public FormAuthConfig withLoggingEnabled(LogDetail logDetail)

Enables logging with the supplied logDetail of the request made to authenticate using form authentication. Both the request and the response is logged.

Returns:

A new FormAuthConfig instance.

withLoggingEnabled

public FormAuthConfig withLoggingEnabled(LogConfig logConfig)

Enables logging with log level LogDetail.ALL of the request made to authenticate using form authentication using the specified LogConfig. Both the request and the response is logged.

Returns:

A new FormAuthConfig instance.

withLoggingEnabled

public FormAuthConfig withLoggingEnabled(LogDetail logDetail,
                                         LogConfig logConfig)

Enables logging with the supplied log detail of the request made to authenticate using form authentication using the specified LogConfig. Both the request and the response is logged.

Returns:

A new FormAuthConfig instance.

formAuthConfig

public static FormAuthConfig formAuthConfig()

Creates a new empty FormAuthConfig.

Returns:

A new FormAuthConfig instance.

and

public FormAuthConfig and()

Syntactic sugar

Returns:

The same FormAuthConfig instance

getFormAction

public String getFormAction()

getUserInputTagName

public String getUserInputTagName()

getPasswordInputTagName

public String getPasswordInputTagName()

Returns:

The password input tag name or null if undefined

getLogConfig

public LogConfig getLogConfig()

Returns:

The logging configuration

isLoggingEnabled

public boolean isLoggingEnabled()

Returns:

true if logging is enabled or false otherwise.

getLogDetail

public LogDetail getLogDetail()

Returns:

The specified log detail or null if undefined

getCsrfFieldName

public String getCsrfFieldName()

Returns:

The specified csrf field name or null if undefined

getAdditionalInputFieldNames

public List<String> getAdditionalInputFieldNames()

Returns:

The additional input field names

hasCsrfFieldName

public boolean hasCsrfFieldName()

Returns:

true if csrf field name is defined or false otherwise.

hasAdditionalInputFieldNames

public boolean hasAdditionalInputFieldNames()

Returns:

true if additional input field name have been specified or false otherwise.

isAutoDetectCsrfFieldName

public boolean isAutoDetectCsrfFieldName()

Returns:

true if auto detection of csrf field name is enabled, false otherwise.

hasUserInputTagName

public boolean hasUserInputTagName()

Returns:

true if the user input tag name is defined or false otherwise.

hasPasswordInputTagName

public boolean hasPasswordInputTagName()

Returns:

true if the password input tag name is defined or false otherwise.

hasFormAction

public boolean hasFormAction()

Returns:

true if the form action is defined or false otherwise.

requiresParsingOfLoginPage

public boolean requiresParsingOfLoginPage()

Returns:

true if the FormAuthConfig instance contains settings that require REST Assured to make a request to the server before applying form authentication, false otherwise.

shouldSendCsrfTokenAsFormParam

public boolean shouldSendCsrfTokenAsFormParam()

Returns:

true if the csrf token should be sent as a form param or false if it's sent as a header.