Response.getSessionId() doesn't work for form-auth

salilbc / rest-assured

Automatically exported from code.google.com/p/rest-assured

0 stars 0 forks source link

Response.getSessionId() doesn't work for form-auth #229

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

> What steps will reproduce the problem?
@Test
public void ping() {
    Response resp = given()
       .auth()
       .form("emem58", "heslo58", FormAuthConfig.springSecurity())
        .get("/ping"); 
    assertNotNull(resp.getSessionId()); //this failed
}

> What is the expected output? What do you see instead?
resp.getSessionId() should be not null.

> What version of the product are you using?
1.8.0

> On what operating system?
Windows

> Please provide any additional information below.
Communication is this one :
request : POST /rest/j_spring_security_check
response: HTTP/1.1 302 Found
          Set-Cookie: JSESSIONID=E2895F6AFD5354549A5D1A0C087C971B; Path=/rest/; HttpOnly
request : GET /rest/ping
          Cookie: JSESSIONID=E2895F6AFD5354549A5D1A0C087C971B
response: HTTP/1.1 200 OK
          ^^^ without any cookies

Original issue reported on code.google.com by vkra...@gmail.com on 24 Apr 2013 at 7:21

GoogleCodeExporter commented 9 years ago

Thanks for reporting!

Original comment by johan.ha...@gmail.com on 26 Apr 2013 at 11:16

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Is there a workaround for this defect? I would love to have this resolved...we 
have a sessionid which changes after login, and I don't have a way to access 
the new sessionid for subsequent calls.

Original comment by lgregory...@gmail.com on 27 Aug 2013 at 4:30

GoogleCodeExporter commented 9 years ago

Not yet. I suspect that the sessionid is lost somewhere in the FormAuthFilter, 
probably on line 58. The session id (and possibly other headers) should be 
copied to the Response object. It would be cool if you could help out with this.

Original comment by johan.ha...@gmail.com on 28 Aug 2013 at 5:44

GoogleCodeExporter commented 9 years ago

You do not know the code in detail, but the problem could be in the concept.
The second response doesn't contain 'Set-Cookie' header, so the session ID has 
to be remembered from the first response.

I've made an workaround, simplified code of it is attached.

Usage :
MySession ses = new MySession();
ses.login("username", "password")
ses.given()
   .with().pathParam(...)
   .expect().statusCode(HttpStatus.SC_OK)
   .when().get(...);
ses.given()...;

Original comment by vkra...@gmail.com on 28 Aug 2013 at 6:12

Attachments:

MySession.java

GoogleCodeExporter commented 9 years ago

> You do not know the code in detail,
^^^^^ This should be : "I do not know"
My mistake, sorry.

Original comment by vkra...@gmail.com on 28 Aug 2013 at 7:09

GoogleCodeExporter commented 9 years ago

No problem. Good that you found a work-around, I think it confirms my 
suspicions.  Thanks!

Original comment by johan.ha...@gmail.com on 28 Aug 2013 at 9:54

GoogleCodeExporter commented 9 years ago

I've now implemented better session support, you can now do:

SessionFilter sessionFilter = new SessionFilter();

      given().
              auth().form("John", "Doe").
              filter(sessionFilter).
      expect().
              statusCode(200).
      when().
              get("/formAuth");

      given().
              filter(sessionFilter). // Reuse sessionId from previous filter
      expect().
              statusCode(200).
      when().
              get("/formAuth");

String sessionId = sessionFilter.getSessionId();

Please try it out by depending on version 1.8.2-SNAPSHOT after having added the 
following repo:

<repositories>
        <repository>
            <id>sonatype</id>
            <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
            <snapshots />
        </repository>
</repositories>

Original comment by johan.ha...@gmail.com on 22 Nov 2013 at 4:10

Changed state: Fixed