Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escape special characters +-&|!(){}[]^"~*?:\ - e.g. \+ \* \!
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Get Accesstoken for tests

I am trying to write some backend tests where I would like to use the "real" person. Is it possible to get the access token using Restassured for an employee? Then use it to call the users/subject api or any api that has the @Authenticated annotation?

Posted one year ago
Votes Newest


Hi Anand! There are a lot of ways to test quarkus applications (including/mocking auth).

You can always get a "real" token for a real user with restassured, but i highly recommend not to do that, at least not against external auth server resources.

This might look something like this (simple oauth2):

  public static String getToken() {
    return RestAssured
        .param("grant_type", "password")
        .param("username", "admin")
        .param("password", "changeme")
        .param("client_id", "your-client-id")
        .post(KEYCLOAK_SERVER_URL + "/realms/master/protocol/openid-connect/token")
        .as(AccessTokenResponse.class).getToken(); // class from keycloak library

You should at least have some kind of dev keycloak running for your tests (https://quarkus.io/guides/dev-services#keycloak). This can be done manually or using one of built in quarkus features. I recommend reading up https://quarkus.io/guides/security-keycloak-authorization#testing-the-application.

The better way to test your rest application is to mock authorization (with any kind of user you have). This looks something like this:

	// ....

    @TestSecurity(user = "anyservice", roles = {"public-holidays.read"})
    public void testGetDateWrongFormat() {

You can "fake" all your token information without having the need for any auth server process.

Btw you should do the same with your database: Having a "Mock" Database makes running CI Tests way easier and you can turn on continous testing in quarkus: https://quarkus.io/guides/continuous-testing.

Posted one year ago
Lucas Reeh
108 × 4 Administrator
1 Answer
one year ago
one year ago