546: Web Security
- Paulina Borowa (Unlicensed)
- Lucyna Laska (Unlicensed)
| Test Case #:546 | Test Case Name: Web Security |
System: OpenLMIS | Subsystem:example |
Test case designed by:Lucyna Kwidzińska | Design Date:27.07.2016 |
Short description: Access to the endpoint will be possible only for authenticated users. To do that, it's required to generate the authentication token from authentication service with some rest client. If user is not authenticated,access to the endpoints will not be granted. |
|
Pre – conditions: |
| Step | Action | Expected system response | Comment |
1 | 1.. Request a token from authentication service with some rest client. Method: Post: In URL:http://localhost:8081/oauth/token?grant_type=password&username=admin&password=password Basic Authorization Username: trusted-client Password: secret | Stasus 200 OK, access_token id: "ded4fb93-35ab-47e5-8924-f2ce228259d0" | |
2 | 2. Verify that service name endpoint is accessible without authorization: Method: Get In URL: | Status 200 OK, { "name": "openlmis-example", "version": "0.0.1" } |
|
3 | 3. Verify that foos endpoint is available only for authenticated users: In URL http://localhost:8080/api/foos/count | Status 401 Unauthorized :
|
|
4 | 4. Put access_token as query parameter: In URL: http://localhost:8080/api/foos/count?access_token=ded4fb93-35ab-47e5-8924-f2ce228259d0 | Status 200 Success:
|
|
5 | |||
6 |
| ||
7 |
| ||
8 |
|
OpenLMIS: the global initiative for powerful LMIS software