Reputation: 1517
Testing spring security with Postman
I have configured a form-base authentication using Spring security. It works fine when I log in using the login form in my web application.
It also works with cURL:
curl --data "j_username=myname&j_password=mypassword" http://localhost:8080/test/j_spring_security_check --verbose
However, I cannot make it works using Postman:
What is missing? I need to be authenticated in order to test other services.
Upvotes: 25
Views: 94605
Answers (7)
Reputation: 2826
What worked for me is:
Create POST request to given security endpoint
Set j_username and j_password in the x-www-form-urlencoded tab:
Put headers as follows:
In the settings tab I disabled following redirects:
In that way when you call the request you will be able to check what was the result, for instance check the Set-Cookie Headers.
After calling this request you should be able to see the Set-Cookie and Location headers like:
This cookie which was just set should be used for all next requests for given domain. In that way those will be authenticated.
Upvotes: 0
Reputation: 21
http.httpBasic is working for Testing spring security with Postman.
For example, Added the override configure method from the configuration class MyConfiguration.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").permitAll().anyRequest().authenticated()
.and().formLogin().permitAll().and().logout().permitAll().and().httpBasic();
http.cors().disable().csrf().disable();
}
Note: To access the POST, PUT, and DELETE request you need to disable the cors and csrf as per code above.
Upvotes: 2
Reputation: 336
For me the Postman Interceptor was not working,
So I did the following and now I can login to the server.
- Select POST request from dropdown and type login URL in request URL section.
- Select Body from tabs
- Enter username and password keys and values as shown in picture.
- And click send this will create a temp cookie in postman and be there for a session.
- You can also do GET request for logout URL to logout from session. Or delete the cookie from Cookies below Send button.
Upvotes: 7
Reputation: 1018
When using basic auth on postman, you will set the credentials on the authorization tab. Click on Authorization, choose the type as Basic Auth, the credentials section will be displayed for you to key in the username and password.
Upvotes: 2
Reputation: 1763
You can achieve authentication/authorization in postman through various authorization types given in postman dropdown under Authorization tab.
Below is the step to use Basic Auth which by default spring security provides.
In spring security you can customize your credentials in application.properties file as given below.
spring.security.user.name=yer spring.security.user.password=galem
Upvotes: 18
Reputation: 143
Using http.httpBasic worked for me.
http.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/api/home")
.hasRole("ADMIN")
.antMatchers("/api/product/*")
.hasRole("ADMIN")
.and()
.formLogin();
Upvotes: 12
Reputation: 1517
Finally I managed making Postman aware of authentication by using the Postman Interceptor chrome extension
With the extension enabled (by clicking the satellite icon within the Postman App), you just need to log in using the login form of your web and then you can start using services that require authentication in Postman.
Upvotes: 15
Related Questions
- Postman gives 401 Unauthorized -"spring boot security"
- Spring Boot Security - Postman gives 401 Unauthorized
- Testing the saving method in Spring using Postman
- Spring Security Oauth2 Authorization and Resource Server Testing with Postman
- How to add spring security parameters in Postman?
- How to test the app using Postman properly?
- postman showing 401 forbidden when testing spring security using email and pasword
- Testing spring security enabled api using postman
- Testing a Spring app using REST controllers in Postman
- Testing Spring Security