Introduction

In our previous post, we discussed Maven Dependencies for REST Assured, setting up the necessary libraries for your project. Now, we’ll dive into Configuration, focusing on how to configure REST Assured to handle SSL (Secure Sockets Layer) and proxy settings. This guide is tailored for beginners and experienced developers, providing clear steps and examples to ensure your API tests work in secure or restricted network environments.

Key Point: Proper configuration of SSL and proxy settings is essential when testing APIs hosted on secure servers or accessed through corporate networks with proxies.

Why Configure SSL and Proxy?

Many APIs use HTTPS for secure communication, requiring SSL configuration to handle certificates. Similarly, if you’re working in a corporate environment or behind a firewall, you may need to configure a proxy to route API requests. REST Assured provides flexible options to manage these scenarios, ensuring your tests run smoothly.

  • SSL Configuration: Handles secure connections, including accepting self-signed certificates or disabling SSL validation (for testing purposes).
  • Proxy Configuration: Routes requests through a proxy server, common in restricted networks.

Step 1: Configuring SSL in REST Assured

By default, REST Assured validates SSL certificates for HTTPS requests. However, when testing APIs with self-signed certificates or in non-production environments, you may need to relax or customize SSL validation.

Option 1: Relax SSL Validation

To bypass SSL certificate validation (useful for testing but not recommended for production), use the relaxedHTTPSValidation() method. 


import io.restassured.RestAssured;
import org.junit.jupiter.api.Test;
import static io.restassured.RestAssured.*;

public class SSLTest {

    @Test
    public void testWithRelaxedSSL() {
        RestAssured.baseURI = "https://some-secure-api.com";

        given()
            .relaxedHTTPSValidation() // Bypasses SSL certificate checks
            .when()
                .get("/endpoint")
            .then()
                .statusCode(200);
    }
}

Explanation:

  • relaxedHTTPSValidation(): Disables strict SSL certificate validation, allowing tests to proceed even with untrusted or self-signed certificates.
  • Use this cautiously, as it reduces security by accepting any certificate.
Important: Never use relaxedHTTPSValidation() in production environments, as it makes your application vulnerable to man-in-the-middle attacks. Use it only for testing in controlled environments.

Option 2: Specify a Custom Trust Store

For APIs with specific SSL certificates, configure a trust store containing the server’s certificate. Here’s an example using a trust store file: 


import io.restassured.RestAssured;
import org.junit.jupiter.api.Test;
import static io.restassured.RestAssured.*;

public class SSLTrustStoreTest {

    @Test
    public void testWithTrustStore() {
        RestAssured.useRelaxedHTTPSValidation(); // Fallback for simplicity
        // Alternatively, configure a trust store
        RestAssured.config = RestAssured.config()
            .sslConfig(
                RestAssured.newSslConfig()
                    .with()
                    .trustStore("/path/to/truststore.jks", "truststore-password")
            );

        given()
            .when()
                .get("https://secure-api.com/endpoint")
            .then()
                .statusCode(200);
    }
}

Explanation:

  • trustStore(path, password): Specifies the path to a Java KeyStore (JKS) file containing trusted certificates and its password.
  • You’ll need to generate or obtain the trust store file from your API provider or system administrator.

To create a trust store, use the keytool command (included with Java) or consult your server administrator.

Step 2: Configuring Proxy in REST Assured

If your network requires a proxy server to access external APIs, REST Assured allows you to configure proxy settings easily. You can specify the proxy host and port, and optionally, authentication credentials.

Basic Proxy Configuration

Here’s how to configure a proxy without authentication: 


import io.restassured.RestAssured;
import org.junit.jupiter.api.Test;
import static io.restassured.RestAssured.*;

public class ProxyTest {

    @Test
    public void testWithProxy() {
        RestAssured.baseURI = "https://jsonplaceholder.typicode.com";

        given()
            .proxy("proxy.example.com", 8080) // Specify proxy host and port
            .when()
                .get("/users/1")
            .then()
                .statusCode(200)
                .body("id", equalTo(1));
    }
}

Explanation:

  • proxy(host, port): Routes requests through the specified proxy server (e.g., proxy.example.com on port 8080).
  • Replace proxy.example.com and 8080 with your actual proxy details.

Proxy with Authentication

For proxies requiring authentication, use the proxy method with username and password: 


import io.restassured.RestAssured;
import org.junit.jupiter.api.Test;
import static io.restassured.RestAssured.*;

public class ProxyAuthTest {

    @Test
    public void testWithAuthenticatedProxy() {
        RestAssured.baseURI = "https://jsonplaceholder.typicode.com";

        given()
            .proxy(
                new ProxySpecification("proxy.example.com", 8080, "http")
                    .withAuth("username", "password")
            )
            .when()
                .get("/users/1")
            .then()
                .statusCode(200)
                .body("id", equalTo(1));
    }
}

Explanation:

  • ProxySpecification: Allows advanced proxy configuration, including authentication.
  • withAuth(username, password): Specifies the proxy’s username and password.
Pro Tip: Obtain proxy details (host, port, credentials) from your network administrator or IT team. Incorrect settings may cause connection failures.

Step 3: Combining SSL and Proxy

You can combine SSL and proxy configurations for APIs requiring both. Here’s an example: 


import io.restassured.RestAssured;
import org.junit.jupiter.api.Test;
import static io.restassured.RestAssured.*;

public class CombinedConfigTest {

    @Test
    public void testWithSSLAndProxy() {
        RestAssured.baseURI = "https://secure-api.com";

        given()
            .relaxedHTTPSValidation() // Relax SSL for testing
            .proxy("proxy.example.com", 8080) // Proxy settings
            .when()
                .get("/endpoint")
            .then()
                .statusCode(200);
    }
}

This test bypasses SSL validation and routes requests through a proxy, demonstrating how to handle both configurations.

Step 4: Verify Configuration with a Maven Project

Ensure your pε…ˆγ«ι€²γ‚€ε‰γ«、pom.xml includes the REST Assured and JUnit dependencies (as covered in the previous post). Here’s a minimal pom.xml for reference: 



    
        io.rest-assured
        rest-assured
        5.4.0
        test
    
    
        org.junit.jupiter
        junit-jupiter
        5.10.2
        test

Run the test using mvn test or your IDE’s test runner to confirm the configuration works.

Tips for Beginners

  • Test Locally First: Use public APIs like jsonplaceholder.typicode.com to practice without complex SSL or proxy setups.
  • Secure SSL in Production: Always use proper trust stores in production environments instead of relaxedHTTPSValidation().
  • Check Proxy Details: Verify proxy settings with your network team to avoid connection errors.
  • Log Requests: Enable logging (covered in a later post) to debug SSL or proxy issues.
Troubleshooting Tip: If tests fail, check for error messages related to SSL (e.g., “certificate not trusted”) or proxy (e.g., “connection refused”). Use RestAssured.enableLoggingOfRequestAndResponseIfValidationFails() to diagnose issues.

What’s Next?

In the next post, we’ll explore Basic Request Specification, diving into how to define reusable request configurations in REST Assured for cleaner and more efficient tests. Stay tuned for more practical examples!