Authorization

In HTTP/header#implicit-header http headers section we defined how to use an implicit header provider to enable authentication/authorization Groovy package scenarios.rest.headers import scenarios.rest.headers.auth.Auth url = "http://localhost:8080" httpHeaderProvider = Auth.&authHeader package scenarios.rest.headers.auth import org.testingisdocumenting.webtau.http.HttpHeader class Auth { static HttpHeader authHeader(String fullUrl, String url, HttpHeader original) { def token = generateToken() return original.with([Authorization: "Bearer $token"]) } private static String generateToken() { return "jwt-token" } } Java In case of JUnit like runners, WebTau uses https://docs.oracle.com/javase/8/docs/api/java/util/ServiceLoader.html Service Loaders to locate header providers com.example.tests.junit5.config.HttpAuthHeaderProvider package com.example.tests.junit5.config; import org.testingisdocumenting.webtau.http.HttpHeader; import org.testingisdocumenting.webtau.http.config.WebTauHttpConfiguration; import static org.testingisdocumenting.webtau.WebTauDsl.*; public class HttpAuthHeaderProvider implements WebTauHttpConfiguration { @Override public HttpHeader fullHeader(String fullUrl, String passedUrl, HttpHeader given) { String token = generateToken(); return given.with("Authorization", "Bearer " + token); } private String generateToken() { return "jwt-token"; } }

Persona Authorization

Let's define authorization based on persona context. persona/introduction#context-definition Previously we defined two personas Groovy package personas import static org.testingisdocumenting.webtau.WebTauCore.persona class Personas { public static def Alice = persona("Alice", [authId: "alice-user-id"]) public static def Bob = persona("Bob", [authId: "bob-user-id"]) } Java package com.example.tests.junit5; import org.testingisdocumenting.webtau.persona.Persona; public class Personas { public static final Persona Alice = Persona.persona("Alice", "authId", "alice-user-id"); public static final Persona Bob = Persona.persona("Bob", "authId", "bob-user-id"); } Authorization test using persona concept looks like this Groovy package scenarios.rest.headers import static personas.Personas.* import static org.testingisdocumenting.webtau.WebTauGroovyDsl.* scenario("my bank balance") { Alice { http.get("/statement") { balance.shouldBe > 100 } } Bob { http.get("/statement") { balance.shouldBe < 50 } } } Java package com.example.tests.junit5; import org.junit.jupiter.api.Test; import org.testingisdocumenting.webtau.junit5.WebTau; import static com.example.tests.junit5.Personas.*; import static org.testingisdocumenting.webtau.WebTauDsl.*; @WebTau public class PersonaHttpJavaTest { @Test public void checkBalance() { Alice.execute(() -> http.get("/statement", (header, body) -> { body.get("balance").shouldBe(greaterThan(100)); })); Bob.execute(() -> http.get("/statement", (header, body) -> { body.get("balance").shouldBe(lessThan(50)); })); } } To make this example work, let's update implicit header provider above to take into account persona context Groovy package scenarios.rest.headers.auth import org.testingisdocumenting.webtau.http.HttpHeader import static org.testingisdocumenting.webtau.WebTauDsl.* class PersonaAuth { static HttpHeader authHeader(String fullUrl, String url, HttpHeader original) { def token = generateTokenBasedOnPersona() return original.with([Authorization: "Bearer $token"]) } static String generateTokenBasedOnPersona() { if (currentPersona.isDefault()) { // check if we are inside persona context or outside return generateDefaultToken() } return generateTokenForSystemUserId(currentPersona.payload.authId) // use persona payload to generate required token } static String generateTokenForSystemUserId(String systemUserId) { return "dummy:$systemUserId" // this is where you generate specific user auth token } static String generateDefaultToken() { return "dummy:default-user" // this is where you generate default user auth token } } Java package com.example.tests.junit5.config; import org.testingisdocumenting.webtau.http.HttpHeader; import org.testingisdocumenting.webtau.http.config.WebTauHttpConfiguration; import static org.testingisdocumenting.webtau.WebTauDsl.*; public class HttpPersonaAuthHeaderProvider implements WebTauHttpConfiguration { @Override public HttpHeader fullHeader(String fullUrl, String passedUrl, HttpHeader given) { String token = generateTokenBasedOnPersona(); return given.with("Authorization", "Bearer " + token); } private String generateTokenBasedOnPersona() { if (getCurrentPersona().isDefault()) { // check if we are inside persona context or outside return generateDefaultToken(); } return generateTokenForSystemUserId( getCurrentPersona().getPayload().getOrDefault("authId", "").toString()); // use persona payload to generate required token } private String generateTokenForSystemUserId(String systemUserId) { return "dummy:" + systemUserId; // this is where you generate specific user auth token } private String generateDefaultToken() { return "dummy:default-user"; // this is where you generate default user auth token } }