Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Distributed systems often come with complex challenges such as service-to-service communication, state management, asynchronous messaging, security, and more.
Dapr (Distributed Application Runtime) provides a set of APIs and building blocks to address these challenges, abstracting away infrastructure so we can focus on business logic.
In this tutorial, we'll focus on Dapr's pub/sub API for message brokering. Using its Spring Boot integration, we'll simplify the creation of a loosely coupled, portable, and easily testable pub/sub messaging system:
1. Overview
In this tutorial, we’ll learn how to use Postman to test an endpoint secured with Basic Authentication.
We’ll see how to use the “Authorization” tab to generate the header based on the raw credentials. After that, we’ll learn how to do it manually. Finally, we’ll see how Postman Interceptor works and how it can come in handy.
2. Basic Authentication
Basic Authentication is a method of securing HTTP requests through a special header:
Authorization: Basic <credentials>To generate the credentials token, we need to write the username and password, joined by the semicolon character. After that, we need to encode the resulting string with Base64.
Let’s assume the username is “admin” and the password is “baeldung“. First, we’ll create the credentials string, which will be “admin:baeldung“. Then, we’ll encode it with Base64, add the “Basic” keyword, and set it as the header’s value:
Authorization: Basic YWRtaW46YmFlbGR1bmc=3. Authorization Tab
Firstly, let’s send a GET request to a Basic Auth-secured endpoint and expect an Unauthorized status for the response:
Now, let’s add the credentials. To do this, we simply go to the “Authorization” tab and select “Basic Auth” as the authorization type. After that, we insert the username and password and we’re all set:
Consequently, we can see that the request was authorized and the response code is 200. Furthermore, if we click on the “code” link, we can see how the authorization header was now added to the request:
GET /postman-test HTTP/1.1
Host: localhost:8080
Authorization: Basic YWRtaW46YmFlbGR1bmc=
Cache-Control: no-cache
Postman-Token: 6ad07f7c-4846-9c3f-2a3e-b24e8d2273ad4. Adding the Header Manually
Postman allows us to manually add headers. As a result, we can add the authorization header directly, if we already have the credentials token.
We can do this from the “Headers” tab. First, we set “Authorization” as the key. After that, we’ll add the credentials token:
If we inspect the HTTP request, we’ll see that nothing differs from the previous one.
5. Postman Interceptor
Postman Interceptor is a Chrome extension that allows us to bind the Postman application to a browser session. In other words, it allows Postman to execute requests on behalf of the user who is logged in on the browser.
Firstly, we need to download and install the Chrome extension. After that, we enable the interceptor from the Postman application, by clicking on the satellite icon:
Now, the Postman application is bonded with the browser session. If we navigate the web, we’ll be able to see all the requests in Postman’s “History” tab. However, if we try to execute the GET request now, we’ll still get the 401 Unauthorized response because we haven’t logged in yet.
Let’s use the browser to navigate to the Basic Auth-secured page:
After we sign in using the browser pop-up, we can go back to Postman and execute the request again. This time, the request will be authorized.
6. Conclusion
In this article, we learned how Basic Authentication works and explored various ways of testing a secured endpoint with Postman.
We saw how we can manually add the Authorization header, and how to use Postman to generate it based on raw credentials. Finally, we learned about Postman Interceptor and we discovered that we can use it to send requests on behalf of the user logged in from the browser.
