堆栈内存溢出
  简体   繁体   English

放心测试-API请求401错误请求

[英]Rest assured testing - API request 401 bad request

 原文  2018-10-01 16:19:38       java/ rest/ api/ authentication/ csrf

问题描述

I have a problem with sending API request via postman or Java lib "io.restassured". 我通过邮递员或Java库“ io.restassured”发送API请求时遇到问题。 When I do the same action on UI the request returns correct response, but when I try the same thing via postman or java code I get: 当我在UI上执行相同的操作时,请求返回正确的响应,但是当我通过邮递员或java代码尝试相同的操作时,我得到:

401 Bad request 401错误的要求

Your browser sent an invalid request. 你的浏览器发送了一个无效的请求。

The java code Java代码 

       public static void main(String[] args) {

        String requestUrl = "exampleBaseUrl/app/reports/api/rest/v1/graphs?context=shipper&reports_type=freights";

 Response response = RestAssured.given().relaxedHTTPSValidation().header("x-csrf-token", "18ea65e740eb0ddddadf0ef435d92564").
            when().
            get(requestUrl);
    }

I assume something is wrong with the authentication, because in dev tools i can see a Get request for CSRF_token, and it looks like this: 我认为身份验证有问题,因为在开发工具中,我可以看到对CSRF_token的Get请求,它看起来像这样:

the endpoint for the token: 令牌的端点: 

/login?get_csrf_token

and for this request I get following response: 对于此请求,我得到以下响应: 

{"csrf_token":"18ea65e740eb0ddddadf0ef435d92564"}

I am not sure how to solve this, I have also tried to get the token via java code by sending a get request to the token's endpoint /login?get_csrf_token and this one gets my a HTML response with empty username and password input. 我不确定如何解决此问题,我还尝试通过将get请求发送到令牌的端点/login?get_csrf_token来通过Java代码获取令牌,而这得到了我的HTML响应,其中包含空的用户名和密码输入。

1 个解决方案

解决方案1
 1  2018-10-01 16:39:14

Error 401 means your request isn't authorized. 错误401表示您的请求未被授权。

For authorization, usually while logging in you are given a token, which you will have to keep in your cache/local-memory and whenever you communicate with the server you have to add that in your request header (for your own introduction to the server) 为了获得授权,通常在登录时会给您一个令牌,您必须将该令牌保存在高速缓存/本地内存中,并且每当与服务器通信时,都必须在请求标头中添加该令牌(用于您自己对服务器的介绍) )

It seems like in your case you can get a token from /login?get_csrf_token after logging in. Note that you don't need authorization for a login service. 在您看来,您可以在/login?get_csrf_token后从/login?get_csrf_token获取令牌。请注意,您不需要登录服务的授权。

Now, after getting token from the server, how to add it as a request header? 现在,从服务器获取令牌后,如何将其添加为请求标头? See REST Assured Documentation 请参阅REST保证文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用放心 put 方法测试 api 时出现错误请求 400 和反序列化错误 - Bad Request 400 and deserialization error while testing api using rest assured put method Rest 保证 400 错误请求 - Rest Assured 400 Bad Request 获得 HTTP 状态 400 – rest 中的发布请求中的错误请求得到保证 - Getting HTTP Status 400 – Bad Request in post request in rest assured JSON api 未正确读取 REST Assured 请求 - REST Assured request is not read properly by JSON api 我们如何同时执行 2 个 get 请求 放心的 API 测试 - How can we perform 2 get request at same time Rest assured API Testing 使用 rest-assured 断言错误请求时失败 - Failure when asserting bad request with rest-assured Rest 保证总是返回 400 Bad Request for POST - Rest Assured always returning 400 Bad Request for POST 如何使用Rest Assured将数组列表添加到Rest API请求? - How to add array list to rest API request using Rest Assured? 在Java中放心的https请求 - https request with rest assured in java Rest Assured - 如果失败重试请求 - Rest Assured - retry request if failed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM