Postman Collection Setup Guide¶
This guide helps you import and use the Postman collection for testing all authentication methods.
๐ Quick Import¶
Step 1: Download the Collection¶
The collection file is located at:
Step 2: Import into Postman¶
- Open Postman
- Click Import (top-left)
- Drag the JSON file or click Upload Files
- Click Import
You'll see a new collection: "Spring Security Reference - Complete Testing Suite"
๐ How JWT Auto-Save Works¶
The collection automatically saves your JWT token! Here's the magic:
The Flow¶
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. Run "Login as ADMIN" request โ
โ POST /api/auth/login โ
โ โ
โ 2. Response contains token: โ
โ { "token": "eyJhbGciOi...", "role": "ROLE_ADMIN" } โ
โ โ
โ 3. Test script AUTO-SAVES token to {{jwtToken}} โ
โ pm.collectionVariables.set('jwtToken', token); โ
โ โ
โ 4. All other requests use {{jwtToken}} automatically! โ
โ Authorization: Bearer {{jwtToken}} โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Switch Users Easily¶
| To login as... | Run this request |
|---|---|
| Admin (ROLE_ADMIN) | JWT Auth > 1. Login as ADMIN |
| User (ROLE_USER) | JWT Auth > 2. Login as USER |
The token switches automatically!
๐ Collection Structure¶
๐ JWT Authentication
โโโ 1. Login as ADMIN โญ โ Start here!
โโโ 2. Login as USER
โโโ 3. Get Auth Info (Who Am I?)
โโโ 4. Access ADMIN Endpoint
โโโ 5. Access USER Endpoint
๐๏ธ JDBC Authentication
โโโ 1. JDBC Admin - View Users
โโโ 2. JDBC User - View Users
โโโ 3. JDBC Admin - Secure Endpoint
โโโ 4. JDBC User - Secure Endpoint
๐ข LDAP Authentication
โโโ 1. LDAP Admin - View Users
โโโ 2. LDAP User - View Users
โโโ 3. LDAP Admin - Secure Endpoint
๐ OAuth2 Social Login
โโโ 1. OAuth2 Profile
โโโ INFO: Google Login URL
โโโ INFO: GitHub Login URL
๐งช Error Testing
โโโ 1. Invalid JWT Token
โโโ 2. Missing Auth Header
โโโ 3. Invalid Basic Auth
โโโ 4. User Accessing Admin (403)
๐ฅ Health & Public
โโโ 1. Health Check
โโโ 2. Public Hello
๐ฏ Step-by-Step Testing¶
Test JWT Authentication¶
- Start the app:
mvn spring-boot:run -pl rest-api - Open collection in Postman
- Run
๐ JWT Authentication > 1. Login as ADMIN - Check console - you'll see "Token saved!"
- Run
4. Access ADMIN Endpoint- it works! - Run
๐ JWT Authentication > 2. Login as USER - Run
4. Access ADMIN Endpoint- now it fails (403)!
Test JDBC Authentication¶
- Run
๐๏ธ JDBC Authentication > 1. JDBC Admin - View Users - Postman automatically sends Basic Auth header
- Check response - shows authenticated user
Test Error Scenarios¶
- Run
๐งช Error Testing > 1. Invalid JWT Token - Check response - 401 Unauthorized
- Run
4. User Accessing Admin (403) - Check response - 403 Forbidden
๐ง Collection Variables¶
The collection uses these variables:
| Variable | Default | Description |
|---|---|---|
{{baseUrl}} |
http://localhost:8080 |
API base URL |
{{jwtToken}} |
(empty) | Auto-saved JWT token |
{{currentUser}} |
(empty) | Current logged-in user |
{{currentRole}} |
(empty) | Current user's role |
Change Base URL¶
If running on a different port:
- Click collection name
- Go to Variables tab
- Change
baseUrlvalue - Click Save
๐ Run All Tests at Once¶
Use Postman's Collection Runner:
- Click Run button on collection
- Select all requests or specific folders
- Click Run Collection
- Watch all tests execute!
Test Order
Run JWT login requests BEFORE other JWT-authenticated requests.
๐ Quick Reference: All Credentials¶
JWT Authentication¶
| Username | Password | Role |
|---|---|---|
admin |
password |
ROLE_ADMIN |
user |
password |
ROLE_USER |
JDBC (Database) Authentication¶
| Username | Password | Role |
|---|---|---|
jdbcadmin |
password |
ROLE_ADMIN |
jdbcuser |
password |
ROLE_USER |
LDAP (Directory) Authentication¶
| Username | Password | Role |
|---|---|---|
ldapadmin |
password |
ROLE_ADMIN |
ldapuser |
password |
ROLE_USER |
๐ Troubleshooting¶
"Could not send request"¶
- Is the application running?
- Check
baseUrlis correct
"Token is empty"¶
- Run a login request first
- Check the test script executed (green checkmark)
"401 Unauthorized"¶
- Token may have expired (24 hour limit)
- Run login again to get a fresh token
"LDAP requests fail"¶
- LDAP server is disabled by default
- Enable with:
--spring.ldap.embedded.enabled=true
๐ฅ Alternative: VS Code REST Client¶
If you prefer VS Code, use the api-testing.http file:
- Install REST Client extension
- Open
api-testing.http - Click Send Request above any request
The file includes all the same tests with manual token management.