586: Restrict access to only authenticated users via password

Test Case #: 586	Test Case Name:Restrict access to only authenticated users via password
System: OpenLMIS	Subsystem: requisition
Test case designed by: Paulina Borowa	Design Date:17.08.2016
Short description: As a User, I must first be authenticated with my username and password before I can use OpenLMIS APIs. Acceptance: any use of OpenLMIS APIs must be in the context of an authenticated user authentication is via confirmation of a user's password, which is associated to a user (and encrypted!) -

Pre – conditions:

Step	Action	Expected system response	Comment
1	Run the service with gradle bootRun
2	Request a token from authentication service with some rest client: POST http://localhost:8081/oauth/token?grant_type=password&username=admin&password=password
3	Copy the token from response (e.g. {"access_token":"151a02ed-b6b4-4233-9566-cac2b7a1aec9"...)
4	Verify that service name endpoint is accessible without authorization: GET http://localhost:8080/	Status 200 OK
5	Verify that any other endpoint is secured, an example for api/geographicLevels: GET http://localhost:8080/api/geographicLevels	Status 401 Unauthorized
6	GET http://localhost:8080/api/geographicLevels/?access_token=668ad6dd-d322-4649-9da0-55583ebafa70	Status 200 OK