Override HTTP Authorization Manager in Jmeter - jmeter

I have a test configured in Jmeter for a HTTP basic auth-protected site. I have an HTTP Authorization Manager configured at the top level with the user/pass for this auth.
There's one http request buried deep in the thread ('Get configurable product options' in the pic below) that I do not want to send the Authorization header with: it's a REST call and I'm sending a bearer Authorization header instead.
I have a HTTP Header Manager assigned to this call with the specific Authorization header defined. All I want is for the Basic Auth header not to be sent, but I cannot for the life of me figure out how.
How do I override this so that the Authorization header set by the HTTP Header Manager overrides the one set by the Authorization Manager?

As per documentation for the HTTP Authorization Manager (JMeter 5.0)
If there is more than one Authorization Manager in the scope of a Sampler, there is currently no way to specify which one is to be used.
So the only way you can override the Authorization header value is using HTTP Header Manager
Add HTTP Header Manager as a child which header you want to override
Configure it as follows:
Name: Authorization
Value: ${__base64Encode(username:password,)}
Replace username and password with your real credentials
Keep in mind that __base64Encode() is a custom JMeter function, if you don't have it already you will need to install it via JMeter Plugins Manager

Related

How does JMeter generate Content-Type = Multipart/form-data; boundary=----WebkitFormBoundaryxxxxxxxxxx

I am working on creating performance test for an application based on Windows authentication.
Test plan is designed as following :
Test Plan
HTTP Cookie Manager
HTTP Authorization Manager
Thread Group
HTTP Request 1
HTTP Request 2
In the HTTP authorization manager section I have provided the base URL, username, password and selected Mechanism as BASIC_DIGEST.
Now assume that HTTP Request 2 is a file upload scenario.
When the steps were recorded then then the file upload scenario had a Content-Type header which has the value - Multipart/form-data; boundary=----WebkitFormBoundaryxxxxxxxxxx.
Now when I execute the script boundary in the above format is not generated which probably results in script failure. I need to understand what changes I might need to implement in order to generate the Content-Type correctly.
I believe that you should rather remove Content-Type header from the HTTP Header Manager and tick "Use multipart-form/data" box in the HTTP Request sampler:
The fact you're getting HTTP Status 401 means that your configuration of HTTP Authorization Manager is not correct. If you're using your Windows domain credentials for accessing the application your "Mechanism" choice might be wrong as Kerberos is way more popular than NTLM so inspect network tab of your browser developer tools and see what are WWW-Authenticate and Authorization header value, this way you can guess what mechanism is being used exactly and properly configure the HTTP Authorization Manager
More information: Windows Authentication with Apache JMeter

How to pass bearer token in a request apart from Authorization manager and Header manager

I need to pass the token generated in one request into another request.
In second request,
I cannot pass the Authorization as the header because the API is not designed in a way to pass the token as header, nor Authorization manager is working as I need to pass the body and in Authorization manager I am not able to locate where to pass the body.
Is there any other way apart from Authorization manager or Header manager?
HTTP Authorization Manager generates and sends the relevant Authorization header, the header value differs depending on the protocol which is being used for the authentication/authorization from basic access control to NTLM and Kerberos
HTTP Header Manager allows you to send arbitrary HTTP headers including the aforementioned Authorization one
Unfortunately we cannot suggest how exactly you can pass the token, you need to
check the API contract or documentation, some API implementations have special documentation endpoints
contact the people who "designed" the "API"
capture the request from the real browser using browser developer tools or if it's another application use a sniffer tool like Wireshark or Fiddler

Possible if want to do API Load Testing using JMeter with URI info only?

My team planned to do API Performance Testing using JMeter 5.0 for my client. My client developed the API in Kubernetes. Just wondering, they gave info such as URI, HTTP Method and Content-Type only. We never have experience using URI. Are these info sufficient to do load test in JMeter? And where do I fill in these info? Is it in Config Element: HTTP Header Manager?
Because usually I only do my enablement using sample website which already provide the URL.
Do I need to ask them to provide the specific URL for this? Or URL can be extracted from URI?
Thanks.
Normally you should put:
Protocol, server name or IP and Port Number into HTTP Request Defaults, this way you will have a single configuration element having these details and in case of change you will need to introduce the change at one place only and won't have to revisit each and every HTTP Request sampler
Individual requests are defined using individual HTTP Request samplers where you need to provide URL Path and request body (if any)
Content-Type and other Headers can be provided via HTTP Header Manager, the same Scoping Rules as for HTTP Request Defaults apply, for example if you want to send application/json for all the requests just add HTTP Header Manager on the top of your Test Plan and it will add the header to all HTTP Request samplers which are at the same level as the HTTP Header Manager or lower.

Override Authorization header

I am doing a testing
I have setup an HTTP Authorization Manager to manage my Basic Browser Authentication. This is declared before my HTTP request - making each HTTP request header contains
Authorization: SOMETHING sOmeGibber1SHCOdes...
As some point in my testing, I need to add a new entry in the Authorization header. So I created an HTTP header Manager and added something like:
Authorization: somethingElse #n0therGibber15hC0de...
and this overrides my existing header setup by my HTTP Authorization Manager
Question:
If I need both Authorization header - is there a workaround?
Additional info:
I tried extracting the values using regext extractor and concatenate the strings in the HTTP Header manager... does't seem to work. I think simply copying the header created by HTTP Authorization manager and putting it directly to the HTTP Header Manager is not being recognized as an authentication by jmeter.
Please be informed about JMeter Scoping Rules concept
If HTTP Authorization Manager lives at the same level with the HTTP Request samplers - it will be applied to all of them
If HTTP Authorization Manager (or HTTP Header Manager) is added as a child of a particular HTTP Request sampler - it will be applied to this sampler only
So you can "override" the "global" Authorization header value by adding a HTTP Header Manager as a child of the particular request and defining the header there:

Jmeter header manager reuse

Im using Jmeter to write some load tests on an API secured by oAuth.
I want to be able to reuse the header manager once the bearer token has been produced from the access token call.
However when I try to move the header manager out side of the http request the call is no longer authorised. I think its because it can no longer get the bearer token.
For Post Request, when i put the header manager outside it no longer works, it only works when I put it under the request as I have done for User get request, Delete request and Put request.
How do I make the header manager reusable and therefore only manage one header manager?
Thank you.
{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}
My expectation is that this is due to clash with the HTTP Authorization Manager
Both are Configuration Elements and both obey JMeter Scoping rules
When you move HTTP Header Manager outside the HTTP Request sampler it might be the case that Authorization Header comes from the HTTP Authorization Manager
You can check which exact header value is being sent using Request -> Request Headers tab of the View Results Tree listener
Given you manually create Authorization header for your request I believe if you disable or delete the HTTP Authorization Manager your test should start working as expected as you basically don't need it.

Resources