I have an ASP.NET Core 6 web application that uses authorization and authentication. An incorrect section of Program.cs is
WebApplication app = builder.Build();
...
app.UseAuthentication();
app.UseAuthorization();
....
In my app, we need some cookies. This section can easily be corrected as
WebApplication app = builder.Build();
...
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
...
Is there a way I can write a unit test that verifies the application is using the cookie policy? To be clear, I don't want to examine the behavior of the code in UseCookiePolicy() and I am not trying to examine any policies for cookies' use. I only want to verify that I wrote in my code that a cookie policy is be used.
(Not that it should make a difference, but I am using MSTest and NSubstitute in my suites.)
Related
I am new to web service.
I am trying to send a request and get response from a SOAP webservice from my uft code(VB script). How can I do this. When I try to find a solution, I m being shown how to test webservice. But here I am not testing webservice, it is a part of my flow.
Unified Functional Testing (UFT) = API Testing (formerly Service Test - ST) + GUI Testing (formerly QuickTest Professional - QTP)
From the API testing part of UFT, you can perform the web service call. Then, once you have the API testing call ready (i.e.: SOAP, REST..) you can call the API testing action from a GUI Testing script (VBScript) using the RunAPITest statement.
For more information, check the below topic from the help files (F1):
Tutorials > UFT Tutorial > Part 4: Create and run GUI and API tests in a single test > Lesson 2: Call the API test from a GUI test
Here is the vb script to call the soap service and get the response.
Dim oXMLHTTP,result
'Request XML
strEnvelope="C:\request.xml"
url = "soap end point"
Set oXMLHTTP=CreateObject("MSXML2.XMLHTTP.4.0")
oXMLHTTP.Open "Post", url, false
oXMLHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oXMLHTTP.setRequestHeader "Content-Type", "application/xml"
oXMLHTTP.send (strEnvelope)
result = oXMLHTTP.responseText
Set oXMLHTTP=Nothing
There are two ways to do what you want.
1) From the code itself, you can test the service in UFT.this might help http://relevantcodes.com/working-with-webservices/
2) You can use the UFT APi testing. There you can split the UFT GUI and API Test and run one after another in a flow.
I'm embedding Jetty 9.1 from within a Java application. I'm configuring everything programmatically; I am not using web.xml or Spring or anything else. I have Wicket mapped to /* and a RestEASY JAX-RS API mapped to /rest/*. That's all working fine.
I wanted to add HTTP authentication, so I added the following (based upon as much Jetty documentation as I find):
HashLoginService loginService = new HashLoginService();
loginService.setName("My Realm");
loginService.setConfig("src/main/resources/realm.properties");
server.addBean(loginService);
I added a user with a role of admin to realm.properties. Then I tried to configure my REST service, putting the following annotation on my main JAX-RS resource:
#RolesAllowed({ "admin" })
Then I added the following annotation to my main Wicket page:
#AuthorizeInstantiation("admin")
None of these changes made any difference; I can still use my browser to navigate to my REST API and Wicket pages.
I'm guessing I need to turn on DIGEST authentication in Jetty. But how do I do that programmatically, without a web.xml file? What else do I need to do?
Another answer to a similar question, providing a link to a sample webapp, helped me immensely and got me up and running.
In Jetty v7, you chain the handlers together:
server.setHandler(securityHandler);
securityHandler.setHandler(resourceHandler);
Works on my machine! (tm)
I have developed a REST web application using apache cxf library. I am able to access them using a browser and test. I want to write unit tests for the services.
I tried testing it using embedded Jetty server with cxf.
After starting the Jetty server, I am getting a proxy using WebClient API of cxf. The relevant code is
WebClient client = WebClient.create(ENDPOINT_ADDRESS);
client.accept("text/xml");
client.path("/studyservice/topimstudydetails");
client.replaceQuery("pnlId=3&lclId=30&indId=442&maxImStudies=99&rName=DEV");
TopIMStudyDetailsResponse resp = client.get(TopIMStudyDetailsResponse.class);
assertEquals(resp.getStatus().getReturnCode(),0);
The call to the service is successful as I can see the logs, but I'm get a null pointer where the service is trying to make a dao call. The dao is declared as a dependency for the service. How can we get a proxy with all the dependencies injected ?
May be you'll find the following posts helpful:
http://tarlogonjava.blogspot.co.il/2011/12/running-integration-test-using-with.html
http://tarlogonjava.blogspot.co.il/2011/12/running-integration-tests-using-with.html
The second post is about replacing the data source with a special in-memory data source for tests.
I have two servlets that access two corresponding Axis2 web services on the same host. One of the servlets is read-only, while the other writes to a database.
Each of the Axis2 web services uses BASIC authentication. The read-only web service uses a system account, while the write web service uses the user's credentials (which are submitted as part of a web form).
The problem I'm running into is that the servlet called second always fails authentication to its web service. For example, I can query the read-only service through it's servlet all I want, but I get a "401: Authorization Required" when I try to use the write service. If I call the write service first, I get the same error when I try to use the read-only service.
Here is how I am setting the credentials for the connections in the servlets:
Stub service = new Stub(serviceUrl);
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setUsername(username);
auth.setPassword(password);
auth.setPreemptiveAuthentication(true);
service._getServiceClient().getOptions().setProperty(HTTPConstants.AUTHENTICATE, auth);
The servlet that accesses the read-only service has this code in it's constructor. The servlet that accesses the write service has this code in it's doGet/doPost method.
It seems that the credentials for the first service called are getting cached somewhere, but I can't find where that could be. I saw a possible solution here, but I can't find where WSClientConstants.CACHED_HTTP_STATE is defined. The comments in this JIRA issue seems to imply that it's part of org.apache.axis2.transport.http.HTTPConstants but it's not there.
Specifics:
Axis version: 1.5.1
Tomcat Version: 6.0.26
Java version: 1.6.0_23
It turns out the connections to the two different services were using the same JSESSIONID. Thus, the connection to the second web service was trying to use a session authenticated for the first web service, causing the error.
My solution for this was to define an HttpClient for each service, done by the following
MultiThreadedHttpConnectionManager manager = new MuliThreadedHttpConnectionManager();
HttpClient client = new HttpClient(manager);
ConfigurationContext context = ConfigurationContextFactory.createDefaultConfigurationContext();
context.setProperty(HTTPConstants.CACHED_HTTP_CLIENT, client);
context.setProperty(HTTPConstants.REUSE_HTTP_CLIENT, true);
Stub service = new Stub(context, serviceUrl);
This allows both servlets to have a separate session for their corresponding services.
The important point is to create a dedicated ConfigurationContext.
I've solved in a simpler way using a default config context when creating the stub without the multithreaded connection factory
stub = new MyStub(ConfigurationContextFactory.createDefaultConfigurationContext(), myServicesUrl);
I work with JAX-WS Web services deployed on to a Glassfish Web server and Netbeans IDE. We have provisions to disable or undeploy a Web service deployed onto a Glassfish Web server using admin console or services tab in the IDE. This looks to be some sort of hardware interrupt. I would like to achieve the same, i.e. disabling a deployed Web service through Java code, on some external command from interface. Is there any mechanism to obtain such outcome through software interrupts or by any other means?
You can keep configuration settings like discoveryAllowed attribute at server side may be like in DB.
On which you can decide whether to allow user to call web-methods. Add beelow code in web-method:
If discoveryAllowed is false then call following code:
MessageContext mc = context.getMessageContext();
HttpServletResponse resp = (HttpServletResponse) mc.get(MessageContext.SERVLET_RESPONSE);
resp.setContentType("text/plain");
resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Web service is disabled.");
If discoveryAllowed is true allow to proceed with code execution.