REST Assured Basic Authentication

Carvia Tech | December 30, 2019 | 2 min read | 4,542 views | Rest Assured

In this article we will explore how to develop Rest Assured testcase for Basic Auth protected resource, with a coding sample.

Setting up Basic Auth Server

Creating the basic auth server is outside the scope for this tutorial, you can just clone this project and run it from command line.

Starting the Server
$ ./gradlew :bootRun

Now we should have the following endpoint running on the server:

Request Body
	"name": "Foo"
    "data": "hello Foo",
    "success": true

Let’s further assume that username and password for accessing this resource are: admin/password

Rest Assured Basic Auth Testcase

We will develop the below RestAssured testcase that will make a post call on the Basic Auth protected resource and assert the behaviour.
import io.restassured.http.ContentType;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static io.restassured.RestAssured.given;
import static org.hamcrest.core.IsEqual.equalTo;

public class BasicAuthTest {

    public void basicAuthLogin() {
        String username = "admin";
        String password = "password";

        String jsonBody = "{\n" +
                "  \"name\": \"Foo\"\n" +

        given().auth().preemptive().basic(username, password)
                .statusCode(200)    (1)
                .body("success", equalTo(true)) (2)
                .body("data", equalTo("hello Foo"));
1 Asserting the HTTP response status code
2 Asserting the json content

Preemptive vs Challenged Basic Authentication

There are two types of basic authentications - preemptive and "challenged basic authentication".

Preemptive basic authentication sends the credentials even before the server ives an unauthorized response in certain situations, thus additional call is avoided. We normally prefer Preemptive basic authentication in most situations, unless we want to test the server’s ability to send back the challenge response.

When using challenged basic authentication REST Assured will not supply the credentials unless the server has explicitly asked for it. This means that REST Assured will make an additional request to the server in order to be challenged and then follow up with the same request once more but this time setting the basic credentials in the header.

Rest Assured:
  1. Rest Assured API Testing Interview Questions
  2. OAuth2 protected resources in RestAssured Testcases
  3. RestAssured multipart file upload
See all articles in Rest Assured
Top articles in this category:
  1. Rest Assured API Testing Interview Questions
  2. 50 SDET Java Interview Questions & Answers
  3. SDET: JUnit interview questions for automation engineer
  4. SDET Java Coding Challenges
  5. Java 11 HttpClient with Basic Authentication
  6. RestAssured multipart file upload
  7. REST Assured with plain/text response body

Find more on this topic:
SDET Interviews image
SDET Interviews

SDET Java Interview pattern and collection of questions covering SDET coding challenges, automation testing concepts, functional, api, integration, performance and security testing, junit5, testng, jmeter, selenium and rest assured

Last updated 1 week ago

Recommended books for interview preparation:

This website uses cookies to ensure you get the best experience on our website. more info