Basic Authentication in Rest Assured

Carvia Tech | November 21, 2019 | 2 min read | 278 views | Rest Assured


In this article we will explore how to develop Rest Assured testcase for Basic Auth protected resource, with a coding sample.

Setting up Basic Auth Server

Creating the basic auth server is outside the scope for this tutorial, you can just clone this project and run it from command line.

Starting the Server
$ ./gradlew :bootRun

Now we should have the following endpoint running on the server:

Request Body
{
	"name": "Foo"
}
Response
{
    "data": "hello Foo",
    "success": true
}

Let’s further assume that username and password for accessing this resource are: admin/password

Rest Assured Basic Auth Testcase

We will develop the below RestAssured testcase that will make a post call on the Basic Auth protected resource and assert the behaviour.

BasicAuthTest.java
import io.restassured.http.ContentType;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static io.restassured.RestAssured.given;
import static org.hamcrest.core.IsEqual.equalTo;

public class BasicAuthTest {

    @Test
    public void basicAuthLogin() {
        String username = "admin";
        String password = "password";

        //language=JSON
        String jsonBody = "{\n" +
                "  \"name\": \"Foo\"\n" +
                "}";

        given().auth().preemptive().basic(username, password)
                .body(jsonBody)
                .contentType(ContentType.JSON)
                .when()
                .post("http://localhost:8080/secured/hello")
                .then()
                .statusCode(200)    (1)
                .body("success", equalTo(true)) (2)
                .body("data", equalTo("hello Foo"));
    }
}
1 Asserting the HTTP response status code
2 Asserting the json content

Preemptive vs Challenged Basic Authentication

There are two types of basic authentications - preemptive and "challenged basic authentication".

Preemptive basic authentication sends the credentials even before the server ives an unauthorized response in certain situations, thus additional call is avoided. We normally prefer Preemptive basic authentication in most situations, unless we want to test the server’s ability to send back the challenge response.

When using challenged basic authentication REST Assured will not supply the credentials unless the server has explicitly asked for it. This means that REST Assured will make an additional request to the server in order to be challenged and then follow up with the same request once more but this time setting the basic credentials in the header.


Rest Assured:
  1. multi-part file upload using RestAssured
  2. SDET: Rest Assured Interview Questions
  3. OAuth2 protected resources in RestAssured Testcases
See all articles in Rest Assured
Top articles in this category:
  1. SDET: Rest Assured Interview Questions
  2. Top 50 SDET Java Programming Interview Questions & Answers
  3. SDET: JUnit interview questions for automation engineer
  4. Top 15 coding problems for SDET Java Interviews
  5. Java 11 HttpClient with Basic Authentication
  6. multi-part file upload using RestAssured
  7. REST Assured vs Apache HttpClient and RestTemplate


Find more on this topic:
SDET Interviews image
SDET Interviews

SDET Java Interview pattern and collection of questions covering SDET coding challenges, automation testing concepts, functional, api, integration, performance and security testing, junit5, testng, jmeter, selenium and rest assured

Last updated 1 week ago


Recommended books for interview preparation:

This website uses cookies to ensure you get the best experience on our website. more info