1 Reply Latest reply on Jan 14, 2015 6:30 PM by Pedro Igor Silva

    Arquillian Testing and JWS Token

    jimmy001 Apprentice



      for testing purposes I would like to associate one user with a static JWS token.

      The class "Tokenprovider" from the quickstart uses


                          .issuedAt(getCurrentTime()).subject(account.getId()).expiration(getCurrentTime() + (5 * 60))


      and my configuration is



      Because the subject is created from account.getId() the token is never the same (the other values I could set to fixed values).

      The Id is generated from the class "DefaultIdGenerator". I guess (not working yet) I can change the Generator by creating my

      own Partitionmanager and providing my own Id Generator


      PartitionManager partitionManager = new DefaultPartitionManager(configs, null, null,
                      new CustomIdentityGenerator());


      But I can't return a value depending on the username, since generate() takes no inpurt parameter.

      The question:

      What is the recommended way/ your best practice to have a working Authentication and Authorization in case of using JWSToken?

      I am using "ArquillianRestEasy" and would like to use their "header"-annotation.


       @Header(name = HttpHeaderNames.AUTHORIZATION, value="Token tokenValue")
          public void when_x_then_y(...


      Thx for your thoughts

        • 1. Re: Arquillian Testing and JWS Token
          Pedro Igor Silva Master

          Hey Jimmy,


          I think the token is changing because you are using the file without preserve state between restarts. That means every time your app starts up, the file store is re-initialized. If you want to preserve state, please try something like that:




          The IdGenerator is about generating UUIDs for every single type stored by PicketLink IDM. I'm not sure if you really need something different than what PL provides. It is changing every time because the file store is not preserving state, like I previously mentioned.


          Maybe, what you can do is extract the token from the response and send it every time during your tests. In this case, even if not preserving state, you will get the same token along with your requests.