Testing basic HTTP-authenticated RESTful web services
A good place to start with security testing is HTTP Basic authentication. As far as authentication approaches go, it is very simple and widely used for both RESTful and SOAP web services. In this recipe, we'll see how to set up and test a REST resource that requires HTTP Basic authentication. If you've not seen HTTP Basic authentication before, you can, of course, read up on it first, although this should not be necessary in order to follow this recipe, and we will look at how it works shortly.
Getting ready
Most of the actual legwork in this recipe involves setting up the test service. You can always skip these parts and use any other available web service that requires HTTP Basic authentication instead, if you prefer.
To create our test service, we're going to deploy the helloworld-webapp
Jersey sample WAR file to Apache Tomcat, and also configure HTTP Basic authentication via Tomcat. I have included a prebuilt helloworld-webapp.war
and...