Changelog 5.3.2 (2023-09-08)
----------------------------
* Add onFailMessage into validatable response (#1724). This means that you can use `onFailMessage` after `then` like: `when().get("/somewhere").then().onFailMessage("My fail message").statusCode(200);` (thanks to Ilya Koshaleu for pull request)
* Added support for path parameters methods in RestAssuredMockMvc (#1723) (thanks to Jefersom Martins for pull request)
* Make header blacklisting case-insensitive (#1722) (thanks to Bekh-Ivanov Aleksey for pull request)
* Blacklisted headers added to LogConfig are now case-insensitive by default
* Fixed so that testing multipart data request along with passing path parameters doesn't fail anymore in RestAssuredMockMvc (#1673) (thanks to Andrey Demin for pull request)
* Improved compatibility issues with newer version of Spring Security
* Upgraded kotlin from 1.8.22 to 1.9.10
* Upgraded scala to 2.12.18
Changelog 5.3.1 (2023-06-16)
----------------------------
* Upgraded Guava library to 32.0.1-jre
* Fixed "Unexpected logic in PathSupport.getPath" (issue 1682) (thanks to fucct for pull request)
* Fixed "Not able to POST xml file using Inpustream" (issue 1160) (thanks to Balasaravanan for pull request)
* Fixed "MockMvcRequestSenderImpl convertCookies function is not copying the httpOnly, sameSite and expires from the servletCookies into the cookieBuilder" (issue 1462) (thanks to Justin Tay for pull request))
* Fixed "Accept cookies that have an expiration date" (issue 1430) (thanks to Stéphane Épardaud for pull request)
* Upgraded the Kotlin extension module to use Kotlin 1.8.22
* Upgraded Groovy to 4.0.11
* Upgraded faster jackson to 2.14.3
* Upgraded Hamcrest to 2.2
Changelog 5.3.0 (2022-11-18)
----------------------------
* Added (much) improved support for CSRF tokens when sent as a header and not in a form
* Enable the use of relaxedHTTPSValidation with two-way ssl (issue #1631) (thanks to Mathieu Amblard for pull request)
* Lastest Spring Framework 6 is now supported again (thanks to Marcin Grzejszczak for pull request)
* Removed content assignment from asPrettyString() (thanks to Bartłomiej Chabowski for pull request)
* Allow contentType() to accept Spring MediaType in Spring MockMvc module (thanks to Hantsy Bai for pull request)
* Upgraded kotlin from 1.7.10 to 1.7.20 in the kotlin module
* Upgraded groovy from 4.0.1 to 4.0.6
* Updated jackson from version 2.13.2 to 2.13.4
Changelog 5.2.1 (2022-11-18)
----------------------------
* Lastest Spring Framework 6 is now supported again (thanks to Marcin Grzejszczak for pull request)
Changelog 5.2.0 (2022-09-09)
----------------------------
* Improved FilterContext used in Filters by adding the method FilterContext#hasValue(name, object). This makes it easier to check if a value exists _and_ is equal to the expect object.
* Introducing a much improved CSRF (cross-site request forgery) support. For example:
given().
csrf("/users").
formParm("firstName", "John").
formParm("lastName", "Doe").
when().
post("/users").
then().
statusCode(200);
This will first make a GET request to /users (due to csrf("/users")) to get an HTML page that contains the CSRF token.
Rest Assured will then automatically try to find the input field that contains the CSRF token and include in the POST to /users.
Here's an example of what Rest Assured expects as a response for the GET request to /users:
Add User
The csrf input field name is called "_csrf", and it'll be automatically detected by REST Assured.
* Fixed so that form authentication takes CSRF into account. The previous form authentication CSRF implementation didn't really work (sorry!).
Now you can combine csrf with form authentication and it actually works as expected! Note that for requests other than GET or HEAD,
you need to specify _both_ form authentication _and_ csrf, e.g.
given().
csrf("/users").
formParm("firstName", "John").
formParm("lastName", "Doe").
auth().form("j_spring_security_check", "j_username", "j_password").
when().
post("/users").
then().
statusCode(200);
The reason for this is that the server returns a new CSRF token per request. So after the login request (with will use the CSRF token from the login page),
REST Assured needs to make an additional GET request to /users to get a new CSRF token. This token will then finally be supplied with the "POST" request
to "/users".
* Adds support for Multipart upload via http PATCH method (thanks to Madis Liias for pull request)
* Upgraded kotlin module to using Kotlin 1.7.10 (previously 1.6.21 was used)
Changelog 5.1.1 (2022-06-10)
----------------------------
* Added support for Spring Framework 6.0 in Spring WebClientTest module
* Overwrite responseLogDetail when merging ResponseSpecificationImpl (issue 1493) (thanks to petur for pull request)
* Fix: rootPath does not allow chaining paths with leading operators (issue 1577) (thanks to Roman Mitasov for pull request)
* Fix: body(InputStream) does not work (issue 1480) (thanks to fedinskiy for pull request)
* Fix: jsonPath - return null if list(array) does not exists in input document (issue 1544) (thanks to Oleksandr Kulychok for pull request)
* Fix: Re-added groovy package to package imports for OSGi support (issue 1567) (thanks to Steven Huypens for pull request)
* Fix: class cast exception in RequestPrinter with byte[] body (thanks to Andreas Grub for pull request)
* Upgraded gson from 2.6.2 to 2.9.0
Changelog 5.1.0 (2022-05-24)
----------------------------
* Upgrading kotlin to 1.6.21
* Moved package io.restassured.assertion to io.restassured.internal.assertion since the classes in this package should be internal.
Not all files have been moved yet, but refactoring will continue in the next release.
* Added support for Spring Framework 6.0 and Jakarta API's in Spring MockMvc module.
Changelog 5.0.1 (2022-04-06)
----------------------------
* Fixed so that with RestAssuredHttpBuilder no longer requires ResponseSpecificationImpl but rather a FilterableResponseSpecification
Changelog 5.0.0 (2022-03-25)
----------------------------
* Breaking change: REST Assured now builds on Groovy 4!
* Excluded example projects from rest assured bom file (issue 1546)
* Updated jackson from version 2.11.1 to 2.13.2 (issue 1555)
Changelog 4.5.1 (2022-02-11)
----------------------------
* Fixed a bug in ObjectMapper that required JAXB/JakartaEE when this was not intended (issue 1542)
Changelog 4.5.0 (2022-01-21)
----------------------------
* JAXB is now an optional dependency for XmlPath and is now longer required. Depend on 'jakarta.xml.bind:jakarta.xml.bind-api:2.3.3' and 'com.sun.xml.bind:jaxb-impl:2.3.3'
* Implemented support for serializing and deserializing with Jakarta EE 8 and 9. To use it you need to have Jakarta EE on the classpath, for example by depending on 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' and 'org.glassfish.jaxb:jaxb-runtime:3.0.2'.
* Upgraded groovy from 3.0.8 to 3.0.9 (thanks to sullis for pull request)
* Added support for adding multiple LogDetails to the RequestLoggingFilter. You can now do e.g.:
given().filter(RequestLoggingFilter.with(LogDetail.METHOD, LogDetail.HEADERS, LogDetail.BODY)).when(). ..
Thanks to lucasnguyen17 for pull request.
* Fix default implementation of deprecated method detachRoot (#1503) (thanks to Guillaume Boucherie for pull request)
* Add on fail message builder for response specification (#1502). This means that you can no do:
when().
get().
then().
onFailMessage("Some specific message").
statusCode(200);
The "onFailMessage" will be shown in the error. This is good if you want to e.g. distinguish more easily between tests if they fail. (thanks to Victor Borovlev for pull request)
* Allow parsing responses with cookies that has numbers out of signed decimal range (#1069). This is a backward incompatible change if you're using the maxAge on "DetailedCookie" which now takes a long instead of an int. (thanks to Michał Radomyski for pull request)
* Upgraded the kotlin extension module to use Kotlin 1.6.10 instead of 1.5.0
* Introduced a rest-assured bom project for maven. Depend on 'io.rest-assured:rest-assured-bom:4.5.0' to use it. The bom contains configuration details for the rest-assured project that imports the correct dependencies (and versions) and to build your project. (thanks to George Gastaldi for pull request)
* Added "noContentType()" method to RequestSpecification which allows you to remove the content-type from the request if needed. For example:
given().
noContentType().
when().
post("/somewhere").
then().
statusCode(200);
(issue 1516)
* Removed accidental import of jdk.nashorn.internal.runtime.JSType.UNDEFINED_LONG from the Cookie class
Changelog 4.4.0 (2021-05-21)
----------------------------
* Upgrading kotlin extension module to use Kotlin 1.5.0 (previously 1.4.21 was used)
* Upgrading commons-io from 2.4.0 to 2.8.0
* Apache http client is upgraded from 4.5.3 to 4.5.13 (thanks to Daniel Reissenberger for pull request)
* Improved oauth compatibility with new http client
* Fixed a bug in EncoderConfig where user configured was accidentally set to true in default constructor
* Non-backward compatible change: REST Assured will no longer add "charset=utf-8" by default to application/json content-type's since this is not recommended by RFC 7159.
REST Assured will still automatically encode content as UTF-8, it's just that the charset is not added. To revert to the old behavior do:
RestAssured.config(RestAssured.config().encoderConfig(EncoderConfig.encoderConfig().defaultCharsetForContentType("UTF-8", "application/json")))
or specify the charset explicitly in the request:
given().contentType(ContentType.JSON.withCharset(UTF_8)). ..
(thanks to Michal Domagala for initial pull request)
* Added MULTIPART to as an option ContentType (thanks to Yusuf Tayman for pull request)
* Upgraded groovy from 3.0.7 to 3.0.8
Changelog 4.3.3 (2020-12-11)
----------------------------
* Upgrading kotlin extension module to use Kotlin 1.4.21 (previously 1.4.10 was used)
* Upgraded groovy from 3.0.6 to 3.0.7
* Ensure subclasses of ResponseOptions do not break Prettifier (#1425) (thanks to Sam Neirinck for PR)
Changelog 4.2.1 (2020-12-11)
----------------------------
* Backport of: Fix content type name before charset recognition (#1341)
Changelog 4.3.2 (2020-11-08)
----------------------------
* Upgrade json-schema-validator to 2.2.14 (issue 1397) (thanks to Guillaume Smet for PR)
* Upgrading apache commons lang3 from 3.4 to 3.11.
* Added asPrettyString method to ResponseBody (issue 1395) (thanks to GithubMood for PR)
* Describe non matching actual method with Hamcrest matcher format (issue 1387) (thanks for Ivo Šmíd for PR)
Before you could run into cryptic error messages such as:
JSON path values.pi doesn't match.
Expected: <3.14>
Actual: 3.14
Now, you see this instead:
JSON path values.pi doesn't match.
Expected: <3.14>
Actual: <3.14F>
* Upgraded groovy from 3.0.3 to 3.0.6
* Upgrading Kotlin extension module to use Kotlin 1.4.10 (previously 1.3.72 was used)
Changelog 4.3.1 (2020-07-03)
----------------------------
* Upgrading Kotlin extension module to use Kotlin 1.3.72 (previously 1.3.70 was used)
* Upgraded Groovy from 3.0.2 to 3.0.3
* Upgraded spring-security-core from 4.2.13.RELEASE to 4.2.17.RELEASE
* Fixed content type name before charset recognition (issue 1341) (thanks to jekanik for pull request)
* Removes dependencies javax.activation, com.sun.activation and org.apache.sling.javax.activation in favor of jakarta.activation (thanks to Geoffrey De Smet for pull request)
* Upgraded jackson-module-kotlin and jackson-core from 2.10.2 to 2.11.1
Changelog 4.3.0 (2020-03-13)
----------------------------
* Upgraded from Groovy 2.5.7 to Groovy 3.0.2
* Upgrading Kotlin extension module to use Kotlin 1.3.70 (previously 1.3.50 was used)
* Fixed so that DecoderConfig is properly set and used in the response in the Spring MockMvc module (thanks to dawiking for pull request)
* Fix jsonb serialization method in JsonbMapper (issue 1274) (thanks to Matthias for pull request)
* Fixed so that the predefined ResponseAwareMatchers "endsWithPath" and "startsWithPath" supports checking number properties
* Allow multipart uploads using PUT with Spring MockMvc (thanks to Ankit Tomar for pull request)
* Allow configuring CookieFilter (by using a new overloaded constructor) whether or not it should be allowed to specify multiple cookies with the same name (thanks to Ivo Šmíd for pull request)
Changelog 4.2.0 (2020-01-17)
----------------------------
* Jakarta EE API: switch from javax.xml.bind:jaxb-api to jakarta.xml.bind:jakarta.xml.bind-api (issue 1228) (thanks to Sanne Grinovero for pull request)
* Ignore unsupported by scripbejava verbs (thanks to Corneliu Duplachi for pull request)
* Add support for SameSite in Cookie (issue 1255) (thanks to Andreas Jonsson for pull request)
* Upgrading jackson2 from version 2.10.0 to 2.10.2
* Introduced the spring-mock-mvc-kotlin-extensions project which allows a nicer experience for Kotlin developers using the spring-mock-mvc module. This allows one to write tests like this:
class RestAssuredMockMvcKotlinExtensionsTest {
@Test
fun example() {
val mockMvc =
MockMvcBuilders.standaloneSetup(GreetingController())
.build()
val id: Int =
Given {
mockMvc(mockMvc)
param("name", "Johan")
} When {
get("/greeting")
} Then {
body(
"id", Matchers.equalTo(1),
"content", Matchers.equalTo("Hello, Johan!")
)
} Extract {
path("id")
}
assertThat(id).isEqualTo(1)
}
(thanks to Myeonghyeon-Lee for pull request)
* Added a new object mapper type that supports the Jakarta EE JSON Binding (JSON-B) specification. By default it will use Eclipse Yasson as the JSON-B implementation. To use it simply include
org.eclipse
yasson
${yasson.version}
in your classpath and then configure REST Assured to use it as its default ObjectMapperType:
RestAssured.config = RestAssured.config.objectMapperConfig(ObjectMapperConfig.objectMapperConfig().defaultObjectMapperType(ObjectMapperType.JSONB));
(thanks to Andrew Guibert for pull request)
* Added ability to blacklist headers so that they are not shown in the request or response log. Instead the header value will be replaced with "[ BLACKLISTED ]". You can enable this per header basis using the LogConfig:
given().config(config().logConfig(logConfig().blacklistHeader("Accept"))). ..
The response log will the print:
Request method: GET
Request URI: http://localhost:8080/something
Proxy:
Request params:
Query params:
Form params:
Path params:
Headers: Accept=[ BLACKLISTED ]
Cookies:
Multiparts:
Body:
(thanks to Simone Ivan Conte for the help)
Changelog 4.1.2 (2019-10-02)
----------------------------
* The properties in a JSON document now preserves the order in which they are received (thanks to contextshuffling for pull request).
* Added "When" method to Kotlin extensions API for consistency. This means that you can now call "When" directly without using "Given":
When {
get("/greeting")
}
* Fixed so that it's possible to extract values after body validations in the Kotlin extensions API (issue 1212)
* Upgrading jackson2 from version 2.9.9 to 2.10.0
* Upgraded Groovy from version 2.5.6 to 2.5.8
* Support for Java 13 (enabled by groovy upgrade)
Changelog 4.1.1 (2019-09-06)
---------------------------
* Upgraded jaxb-api from 2.2.12 to 2.3.1
* Upgraded jaxb-osgi from 2.2.10 to 2.3.0.1
Changelog 4.1.0 (2019-09-02)
----------------------------
* Upgraded jackson2 from version 2.9.8 to 2.9.9 because of security issue in jackson-databind 2.9.8
* The ResponseBuilder now sets a default RestAssuredConfig instance when building responses from scratch. This is needed for example if extracting path's from the response.
* Added a Kotlin module that contains Kotlin extension functions that makes REST Assured nicer to work with from Kotlin. Depend on:
io.rest-assured
kotlin-extensions
${rest-assured.version}
test
and then import "Given" from the "io.restassured.module.kotlin.extensions" package. You can then use it like this:
val message: String =
Given {
port(7000)
header("Header", "Header")
body("hello")
} When {
put("/the/path")
} Then {
statusCode(200)
body("message", equalTo("Another World"))
} Extract {
path("message")
}
Besides a more pleasing API for Kotlin developers it also has a couple of major benefits to the Java API:
1. All failed expectations are reported at the same time
2. Formatting the code in your IDE won't mess up indentation
(issue 609)
* No longer depending on hamcrest-core or hamcrest-library, instead the hamcrest module is used directly.
* The scala support module has been upgraded to use Scala 2.13.0 (previously 2.12.7 was used)
* RequestSpecBuilder no longer sets 8080 port for non localhost uri (issue #1197) (thanks to dr29bart for pull request)
Changelog 4.0.0 (2019-05-10)
----------------------------
* Fix duplication of content type in the Spring MockMvc module (thanks to Gemini Kim for pull request)
* Fixed issue with overwriting FailureConfig on settings other configs (#1127) (thanks to Victor Orlovsky for pull request)
* Added version range for the Groovy dependency for the osgi module to be between 2.4 and less than 2.5. This is because the API has changed in Groovy 2.5. (thanks to Rikske54 for pull request)
* Fixed so that using a ResponseSpecBuilder doesn't overwrite the configured config implicitly (issue 1128)
* Add Apache Johnzon object mapper support (thanks to Andriy Redko for pull request)
* Add support for MatcherConfig in RestAssuredMockMvcConfig (#1071) (thanks to Jurriaan Pruijs for pull request)
* Supported for logging when assertion errors thrown from internal matcher #1129 (thanks to Gemini Kim for pull request)
* Fixed so that there no longer are multiple versions of org.springframework:spring-web:jar, leading to inconsistent semantic behaviors (#1143) (thanks to HelloCoCooo for pull request)
* Fixed issues with the use of maven-bundle-plugin which created duplicate classes in the distributed jar-files (#1117) (big thanks to Milen Dyankov, Steven Huypens and Mark Kolich for the help!)
* Breaking changes introduced when solving #1117:
* io.restassured.mapper.TypeRef has been moved to io.restassured.common.mapper.TypeRef
* io.restassured.mapper.DataToDeserialize has been moved to io.restassured.common.mapper.DataToDeserialize
* io.restassured.mapper.ObjectDeserializationContext has been moved to io.restassured.common.mapper.ObjectDeserializationContext
* io.restassured.mapper.factory.GsonObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.GsonObjectMapperFactory
* io.restassured.mapper.factory.Jackson1ObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.Jackson1ObjectMapperFactory
* io.restassured.mapper.factory.Jackson2ObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.Jackson2ObjectMapperFactory
* io.restassured.mapper.factory.DefaultGsonObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.DefaultGsonObjectMapperFactory
* io.restassured.mapper.factory.DefaultJackson1ObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.DefaultJackson1ObjectMapperFactory
* io.restassured.mapper.factory.DefaultJackson2ObjectMapperFactory has been moved to io.restassured.path.json.mapper.factory.DefaultJackson2ObjectMapperFactory
* io.restassured.mapper.resolver.ObjectMapperResolver has been moved to io.restassured.common.mapper.resolver.ObjectMapperResolver
* io.restassured.exception.PathException has been moved to io.restassured.common.exception.PathException
* Removed deprecated methods:
* io.restassured.RestAssured
* withArguments
* withNoArguments
* io.restassured.builder.ResponseSpecBuilder
* expectContent
* io.restassured.builder.RequestSpecBuilder
* setContent
* addParameters
* addParameter
* addQueryParameters
* addQueryParameter
* addFormParameters
* addFormParameter
* addPathParameter
* addPathParameters
* setAuthentication
* io.restassured.specification.ResponseSpecification
* content
* specification
* io.restassured.specification.RequestSpecification
* content
* formParameters
* formParameter
* pathParameter
* pathParameters
* authentication
* specification
* parameters
* parameter
* queryParameter
* queryParameters
* Deprecations
* Deprecated all short versions of "root", for example "root(..)", "appendRoot(..)", "detachRoot(..)". Use "rootPath(..)", "appendRootPath(..)", "detachRootPath(..)" instead. This was introduced for better consistency and clearer intention..
* JsonPath#setRoot(..) - Use JsonPath#setRootPath(..) instead
* XmlPath#setRoot(..) - Use XmlPath#setRootPath(..) instead
* Rest Assured now requires Java 8 (previously Java 6 was required)
* Removed io.restassured.function.RestAssuredFunction - use java.util.function.Function instead
* Made io.restassured.matcher.ResponseAwareMatcher a proper annotated functional interface
* Made io.restassured.filter.Filter a proper annotated functional interface
* Made io.restassured.listener.ResponseValidationFailureListener a proper annotated functional interface
* Made io.restassured.module.mockmvc.intercept.MockHttpServletRequestBuilderInterceptor a proper annotated functional interface
* Made io.restassured.path.json.mapping.JsonPathObjectDeserializer a proper annotated functional interface
* Upgraded Groovy dependency from 2.4.15 to 2.5.6
* Removed io.restassured.response.ValidatableResponseOptions#specification(..), use io.restassured.response.ValidatableResponseOptions#spec instead
* Removed io.restassured.response.ValidatableResponseOptions#content(..), use io.restassured.response.ValidatableResponseOptions#body(..) instead
* Upgraded Hamcrest from version 1.3 to 2.1
* Made it possible to specify a multi-expectation body with arguments. For example:
when().
get("/jsonStore").
then().
rootPath("store.book.find { it.author == '%s' }").
body(
"price", withArgs("Nigel Rees"), is(8.95f),
"price", withArgs("Evelyn Waugh"), is(12.99f)
);
(issue #1154)
* MockMvc module now supports using MediaType for Accept header value (issue #1142). Thanks to Gemini Kim for pull request.
* Support for using "HttpStatus" when validating response status when using MockMvc module. Thanks to Gemini Kim for pull request.
* MockMvc module now supports using MediaType for Accept header in WebTestClientRequest. Thanks to Gemini Kim for pull request.
* Upgraded spring-webmvc dependency from version 4.3.19.RELEASE to 4.3.23.RELEASE (issue #1161)
Changelog 3.3.0 (2019-01-11)
----------------------------
* Upgraded json-schema-validator from version 2.2.6 to 2.2.10 (thanks to thorin for pull request)
* Added io.restassured.mapper.TypeRef class that allows you to deserialize the response to a container with generic type. For example:
List