1 Reply Latest reply on Jan 14, 2015 6:30 PM by pcraveiro

    Arquillian Testing and JWS Token

    jimmy001
    jimmy001 Jan 13, 2015 7:49 AM

      Hello,

       

      for testing purposes I would like to associate one user with a static JWS token.

      The class "Tokenprovider" from the quickstart uses

       

      builder.id(UUID.randomUUID().toString()).rsa256(privateKey).issuer(account.getPartition().getName())
                    .issuedAt(getCurrentTime()).subject(account.getId()).expiration(getCurrentTime() + (5 * 60))
                    .notBefore(getCurrentTime());

       

      and my configuration is

      builder.named("default.config").stores().file().supportType(User.class).supportAllFeatures();

       

      Because the subject is created from account.getId() the token is never the same (the other values I could set to fixed values).

      The Id is generated from the class "DefaultIdGenerator". I guess (not working yet) I can change the Generator by creating my

      own Partitionmanager and providing my own Id Generator

       

      PartitionManager partitionManager = new DefaultPartitionManager(configs, null, null,
                new CustomIdentityGenerator());

       

      But I can't return a value depending on the username, since generate() takes no inpurt parameter.

      The question:

      What is the recommended way/ your best practice to have a working Authentication and Authorization in case of using JWSToken?

      I am using "ArquillianRestEasy" and would like to use their "header"-annotation.

       

       @Header(name = HttpHeaderNames.AUTHORIZATION, value="Token tokenValue")
    public void when_x_then_y(...

       

      Thx for your thoughts

        • 1. Re: Arquillian Testing and JWS Token
          pcraveiro
          pcraveiro Jan 14, 2015 6:30 PM (in response to jimmy001)

          Hey Jimmy,

           

          I think the token is changing because you are using the file without preserve state between restarts. That means every time your app starts up, the file store is re-initialized. If you want to preserve state, please try something like that:

           

          builder.named("default.config").stores().file().supportType(User.class).supportAllFeatures();

           

          The IdGenerator is about generating UUIDs for every single type stored by PicketLink IDM. I'm not sure if you really need something different than what PL provides. It is changing every time because the file store is not preserving state, like I previously mentioned.

           

          Maybe, what you can do is extract the token from the response and send it every time during your tests. In this case, even if not preserving state, you will get the same token along with your requests.

           

          Regards.

            • Actions