如何使用 Groovy HttpBuilder 维护两个请求之间的会话状态
我正在开展需要身份验证的集成测试。 会话状态(即 cookie)似乎不会在请求之间维护。 有 CookieManager 或者类似的东西吗?
@Test
public void whenAuthenticatedUserRequestAForbiddenUrlShouldObtain403() {
def client = new RESTClient('http://127.0.0.1:8080/app/')
def login = client .post(
path: 'api/login.json',
body: [j_username: 'user', j_password: 'test'],
requestContentType: ContentType.URLENC)
def resp = client .get(path: 'forbidden-url')
assert (resp.status == 403)
==> FAILS status = 200
}
I'm working on a integration test where authentication is needed.
Session state (ie. cookie) seems not to be maintain beetween requests.
Is there a CookieManager or something like that ?
@Test
public void whenAuthenticatedUserRequestAForbiddenUrlShouldObtain403() {
def client = new RESTClient('http://127.0.0.1:8080/app/')
def login = client .post(
path: 'api/login.json',
body: [j_username: 'user', j_password: 'test'],
requestContentType: ContentType.URLENC)
def resp = client .get(path: 'forbidden-url')
assert (resp.status == 403)
==> FAILS status = 200
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在我看来,问题不在于丢失会话状态,而在于“forbidden-url”可能一开始就没有被指定为安全的。如果是的话,即使您登录,客户端请求似乎也不会成功。尝试删除顶部的登录信息,如果仍然显示 200,则说明您的 URL 可能没有受到保护。
It looks to me like the problem is not losing session state but rather the 'forbidden-url' might not be specified as secure in the first place. If it were, it does not seem that client request request should succeed EVEN IF you login. Try removing the login at the top and if you still get 200, you probably don't have the URL secured anyway.