OpenScript is the scripting engine in Oracle Application Testing Suite (OATS) that allows you to create automated test scripts for HTML, web services and Oracle application functional and load testing.

In most cases the OpenScript user can use the record, capture and playback functionality to create scripts for testing their application. However, on occasion their will be a requirement to extend or customise the scripts using Java. OpenScript has a full Java IDE for this very purpose. While OpenScript does support Basic authentication it does not have direct support for pre-emptive authentication.

Pre-emptive Authentication

HTTP Basic authentication is a simple technique for enforcing access controls to a web server; it uses a Base64 encoded username/password combination via HTTP headers. Usually, the web server will provide a 401 response to the browser request with a WWW-Authenticate header and then the browser will make a subsequent request with an Authorization header with the Base64 encoded credentials. However, pre-emptive authentication requires that the Authorization header is provided on the first request. OpenScript has support for Basic authentication via the http.addAuthentication() method, but does not have an out-of-the-box mechanism that supports pre-emptive authentication.

Solution

The following steps outline how to add pre-emptive authentication to your OpenScript test script:
1. Record your HTTP or web services script in OpenScript.
2. Add the following import directive in the Java Code view:
import org.bouncycastle.util.encoders.Base64;
3. In the Run section of the script add the following code snippet:

Openscript_Code_Snippet

4. Right-click the first HTTP request in the script and select Properties and then the Headers tab.
5. Add a header:
Name: Authorization
Value: {{userAuthentication}} (use the ‘Substitute Variable’ option)
Apply to all navigations after this: checked

Openscript_WSPost_Navigation

6. Playback the script
The script should play back successfully and you can verify that the Authorization header is being added to your requests by viewing the headers after selecting a request in the Results pane.