At first - I am pretty new to Java. I am working on an app that uses Shiro and I have defined a REST for logout. It has a redirect inside which gives me 302 Found Status Code while using dev tools in Chrome:
return Response.temporaryRedirect(redirectionAddress).build();
The problem is, I can't get this status using Postman or just by invoking it in a test:
HttpUriRequest request = new HttpGet("http://localhost:8080/shop/logout/);
HttpResponse httpResponse = HttpClientBuilder.create().build().execute(request);
After calling the rest I get only 200 OK code without 302 redirection. Prehaps it's the response when there is no session on the server side. In Postman I am using Basic Auth, but in the HttpGet there is no authorization because I am not sure how to do it. I tried adding a header, but it doesn't work also:
httpRequestBase.addHeader("Authorization", "Basic " + auth);
Should I first invoke login rest and than logout? Is there any option to test the logout without login?
Apache HttpClient does automatic redirect handling, see HttpClient Tutorial:
1.7. Redirect handling
HttpClient handles all types of redirects automatically, except those explicitly prohibited by the HTTP specification as requiring user intervention.
See Other(status code 303) redirects onPOSTandPUTrequests are converted to GET requests as required by the HTTP specification.
but you can disable it, see HttpClientBuilder#disableRedirectHandling:
Disables automatic redirect handling.
Your modified code:
HttpUriRequest request = new HttpGet("http://localhost:8080/shop/logout/");
HttpResponse httpResponse = HttpClientBuilder.create().disableRedirectHandling().build().execute(request);