I'm not experienced in Java programming that's why I used Karate over Rest-Assured for API testing.
Unfortunately service that I'm testing is using digest authentication.
What would be the easiest way to implement digest authentication and use it in my request in Karate feature files?
Can I for example perform a call to external Java code the will use Rest-Assured build-in digest auth methods and then grab the response in my Karate feature file?
Can someone more experienced guide me trough the easiest way to authenticate my request in Karate feature test using digest auth?
Yes you can perform a call to external Java code. My recommendation is to ask someone for help and please note that setting up a Java function to do the authentication needed is a one time job. After that you will be up and running and this is what most teams do. The reason Karate does not bundle any auth solutions is because every team does it slightly differently. When you say "digest authentication" it can mean a whole lot of different ways.
I think this is a good reference: https://stackoverflow.com/a/46452864/143475
Related
has anyone done an enterprise integration of their public API with Postman? Checking Postman pages it seems like everything is straightforward, however, I have some concerns:
I don't see the way to automatically install pre-request scripts. Pre-request scripts allow an easy and straightforward way to call the endpoints without going through authentication step manually.
If you use sync with Github you'll need to give Postman full access. Not sure how people work around that.
You need to convert swagger to postman definition. Default Postman has limited nested levels of API schema, which means your API documentation will need additional processing step
So I don't know if it's worth integrating API release to the Postman with the internal API management system, or rather have a simple script on a virtual machine.
I'm completing a python grpc server function-wise and being ready for deployment. Thusfar I have unsecure communication (pretty much the helloworld example when it comes to security). I thought I could put in place an authentication mechanism for my server in a reasonable amount of time after I observed that there was some documentation on this very topic provided by google. Closer investigation let me to believe otherwise.
The case is simple: Users (fellow colleagues of mine) login to their company mail (gmail) and use the resulting token (JWT, OAuth, OAuth2, I don't care) to gain access to the grpc server I wrote. No one else gets in.
Since googling grpc+authentication has been fruitless so far I believe I'm on the wrong track on how I should approach this kind of problem. So therefore the questions:
Given this use case, should my grpc server have any concern with authentication? If so, are there examples? Or should this be handled by a different system? If so, what system?
I noticed a lot of articles mentioning Envoy+gRPC. Can Envoy help me out here? Is it designed to deal with this?
The gRPC authentication can follow the same approach of a normal HTTP, the only thing you need to have in mind is that the authentication check would be placed in an gRPC interceptor and you will be looking at the metadata to get the creadentials. Unfortunately, I don't have an example to do it with Python but you can search in "how to add gRPC Server interceptors in Python" and then "how to work with gRPC metadata in Python"
Here an example in Golang, maybe it can give you the idea
Asking to the "experts" here. It's not a trivial use case of AWS I think, just curious about potential avenues.
I could not find good examples, but using a regular HTTP client seems to be an option.
Ok, I resolved this using Spring RestTemplate (as the application is Spring-based), but any other HTTP client would do.
We are working with MobileFirst 7.0 version. We want to achieve authentication using adapter based authetication process. Earlier we used HTTP Adapter and it worked. But we changed it to Java Adapter and want to acheive authentcation with Java Adapter Based authetication.
My questions are :
Is it possible?
If yes, how can we move forward?
If not, what is the alternative of doing authentication usig Java Adapter?
There is some documentation covering your question.
Here are links to get you started:
Authentication concepts in MFP 7.0: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/authentication-concepts/
Adapters overview: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/adapter-framework-overview/
Java adapters: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/java-adapter/
Adapter-based authentication: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/adapter-based-authentication/
You need to use a JavaScript adapter.
Read the documentation.
Use OAuth.
I found this blog entry, and in particular the second video answered many questions.
OAuth Blog
In all cases I have ever seen we set up a Worklight security Realm and use adapter-based authentication to authenticate to that Realm. Our OAuth-protected resources then reference that realm.
In principle we could define realms that do not depend upon a JavaScript adapter for authentication, the MFP Security model is open to extension. In practice this is probably more work than you want to do. I find that the JavaScript model is itself quite extensible, as it can call down to Java code when something complex is needed.
ServiceStack provides an example where the different methods of authentication are tested in code. I was trying to build a simple browser test, just to see how it works.
I basically used this: ServiceStack Web Service with Basic Authentication and SetCredentials as a base template.
When I go to the metadata page, I see that Auth is listed as one of the available operations.
What do I need to enter as URL, to test whether Auth is working? For example localhost/ServiceStack.Hello/hello/suraj is what I typed in to test the hello world app. How do I test for authentication?
P.s: This is probably a Noob Question, so my apologies in advance.
See ServiceStack's AuthTests.cs for examples on how to test BasicAuth with a C# client.
If you want to do it manually you'll have to use something like Fiddler that will let you manually specify the BasicAuth Authorization: Basic ... HTTP Header. See the wikipedia reference on HTTP BasicAuth for an example.