API Testing is recognised as being more suitable for test automation and continuous testing than GUI testing [wiki]and OAuth2/OpenID Connect are fundamental for securing APIs. So there is always need to write test automation for APIs which are secured.

Testing of OAuth2/OpenID protected Restful APIs involves getting access token, then use token to call API resources and finally determine whether APIs return the correct response.

Testing secured APIs using Postman is pretty easy, It can be done by selecting Authorization type as OAuth 2.0 and get the Access token after providing required inforation (including proper Grant Type) as shown below. …


Robot Framework is language-agnostic open-source test automation framework for test automation and robotic process automation (RPA).
It is operating system and application independent. Several standard libraries are bundled with the framework, and there are separately developed external libraries galore that can be installed based on your needs. Libraries provide the actual automation and testing capabilities to framework by providing keywords. Test cases are written using a keyword-testing methodology written in a tabular format. You get more information about it here

Might be thinking there are already quite a number of Rest API testing frameworks like Postman, SoapUI, JMeter, Rest-Assured and several others.
How is wrting test cases using Robot Framework different from others. Robot framework is language-agnostic, you need not learn any language or scripting for write test cases. ROBOT framework is not only for REST APIs testing, it can be used for testing GUI (using selenium library ), verify database (using database library) and there are many more libraries which can be leveraged. …


There’s always been discussion about whether we should expose JPA entities in RESTful APIs, or define Data Transfer Objects(DTOs) and map entity classes to the DTOs. We will discuss pros and cons of exposing JPA entities as REST API resources.

We will see how to generate REST API DTOs from Open API Specification using openapi-generator tools and also how to greatly simplify mapping between JPA entities and DTOs using MapStruct code generator.

  1. Most times entities look the same as RESTful DTO, exposing JPA entities directly reduces code, Controllers, services, and repositories all deal with the same classes.
  2. Reduce code and maintenance overhead of two classes, like when adding an attribute one and forget to add in another. …


Strategy Design Pattern

Strategy design pattern is a behavioral design pattern that enables selecting an algorithm at run-time.

The intent of the Strategy design pattern is to:
“Define a family of algorithms, encapsulate each one, and make them interchangeable. Strategy lets the algorithm vary independently from clients that use it.” [GoF]

From wiki page https://en.wikipedia.org/wiki/Strategy_pattern
From wiki page https://en.wikipedia.org/wiki/Strategy_pattern

There are quite number of articles explaining Strategy design pattern and
how to implement them in various languages. The intent of this article is to
learn how to implement strategy pattern in a spring boot application.

Spring Boot has become the de facto standard for Java microservice development. …


Spring Boot Actuator provides number of features to monitor and manage your applications. Actuator includes a number of built-in endpoints to monitor, gather metrics and controls your application. You can use HTTP endpoints to interact with it. For example, the health endpoint provides basic application health information.

In this article, we’ll look into how to extend the httptrace endpoint for capturing content, authenticated user, his roles and tracing of the REST calls. In this article our application is protected by Keycloak.

Keycloak and Spring Boot

Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social…


Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login.

We are going to see how Keycloak gives us control, to transfer custom attributes to the applications that receive ID Tokens, Access Tokens. Keycloak provides us lot of control of what exactly goes back to the client. To demonstrate this we will configure custom attribute for an user and map that attribute to the Access Token using Mappers.

Spring Boot and Keycloak

Keycloak Client Adapters makes it really easy to secure applications and services. The Client Adapter is available for a number of platforms and programming languages. There are adapters for JBoss EAP/Wildfly, Spring Boot, Angular, NodeScript, and JavaScript. …


Image for post
Image for post

Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login.

Keycloak provides fine-grained authorization services as well. This allows you to manage permissions for all your services from the Keycloak admin console and gives you the power to define exactly the policies you need.

We are going to see how to use Keycloak Authorization services to protect REST APIs by using a set of permissions and policies defined in Keycloak. …

Ravinder Thirumala

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store