Many projects now use jwt to implement user login and data permissions . After verifying the user's username and password, they will respond to the user with an encrypted token, which may store data permissions , etc., in the later access , you need to carry this token, and the background parses this token to allow users to access the interface.
01. Set Bearer Token
If the backend project uses Bearer Token for security authentication, then use Postman to do this.
Set your environment variables
Click the little eye in the upper right corner, then click Add to add
Fill in your environment name and your variable name
Choose your new environment
Project collection setting authentication method and environment variables
Script for login interface
The meaning of this script is that, under the premise that your username and password are correct, accessing the backend interface will return you a Token, and you will store this Token in the environment variable you just set, when you use other interfaces to access , since the entire project has just set up the Token used by the access authority, so all your interfaces will carry this token to access, so that the data authority is received and used by the background
// pm stands for postman, just use js to write scripts
const responseJson = pm.response.json();
console.log('-----------',responseJson)
const accesssToken = responseJson.result
if('200'==responseJson.code){
pm.environment.set('accessToken',accesssToken)
}
02. Set Headers through script
Spring Security will add an accessToken to the request header when accessing. You can use scripts to add batches to the collection, or you can manually add Headers to each Api, but that will be troublesome, so I use scripts to add batches in a convenient way.
Login requests set environment variables
Get the accessToken from the login result, and set the accessToken to the environment variable
The script is as follows
const responseJson = pm.response.json();
console.log('-----------',responseJson)
const accesssToken = responseJson.result
if('200'==responseJson.code){
pm.environment.set('accessToken',accesssToken)
}
Set the send request script for the collection
Click the collection -> enter the Pre-request Scrip (pre-request script) tab -> write script
The script is as follows
console.log("----addHeader------", pm.environment.get("accessToken"));
var accessToken = pm.environment.get("accessToken");
// All requests set the accessToken in the request header before the request
pm.request.addHeader("accessToken:"+accessToken);
After this setting, all requests will carry the login accessToken.
Login interface to erase accessToken
Because the filter of our project is not set to parse the dirty data of accessToken, once there is an old token, an error will be reported and timed out. Therefore, the accessToken must be erased when the login interface is accessed. The pre-request setting script of the login interface is as follows:
// Remove the accessToken of the login interface to prevent the expired token from being parsed by the filter and affect the login interface
pm.request.headers.remove("accessToken")
Finally, I would like to thank everyone who has read my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, you can take it away if you need it:
Software testing interview applet
The software test question bank maxed out by millions of people! ! ! Who is who knows! ! ! The most comprehensive quiz mini program on the whole network, you can use your mobile phone to do the quizzes, on the subway or on the bus, roll it up!
The following interview question sections are covered:
1. Basic theory of software testing, 2. web, app, interface function testing, 3. network, 4. database, 5. linux
6. web, app, interface automation, 7. performance testing, 8. programming basics, 9. hr interview questions, 10. open test questions, 11. security testing, 12. computer basics
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can help you too!