Jmeter : getting 401 error - jmeter

Does any one knows how to solve it with regular expression? here i am putting screen shot with valid access token and error response token.
thanks in advance.
Valid response token
invalid response token
and Regular expression exctracter
it is fine if you guys have any other solution for this unauthorized access thing.

Add JSON Extractor as a child of the authserver request and configure it as follows:
Variable Names: anything meaningful, i.e. token
JSON Path expressions: $.access_token
Add HTTP Header Manager as a child of the student request and configure it to send Authorization header with the value of Bearer ${token}
Going forward you can go for an alternative way of recording a JMeter test which is capable of exporting the recorded requests in SmartJMX mode with automatic correlation of dynamic parameters applied so you will be able to save your time for more creative work. See How to Cut Your JMeter Scripting Time by 80% article for more details.

Related

How can I resolve a 403 response code in Jmeter?

I am working with Jmeter to do load testing. I created a simple login script using BlazeMeter. Then I imported the file into Jmeter.
Whenever I try to run the script, it fails. The first problem I encounter here is that in my first http request I receive a 403 response code:
I added a cookie manager and an authorization manager to try and solve this but it is not working. I think the problem is with cors in the manager header as 403 code means that it received the petition but the access to it was denied. Do you have any suggestions on how to resolve this? I tried adding post processors but couldn't make them work. Maybe because I am a newbie to jmeter and load testing. Idk.
As per HTTP Status 403 description
The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it.
so most probably your request is missing some authentication context.
Your recording seems to be incomplete, you seem to be testing a GeneXus-based application and it is using AJAX_SECURITY_TOKEN header as the security parameter.
From your screenshot it seems that you're sending recorded hard-coded value, however you should design your script as follows:
Perform initial request, i.e. open login page
Extract AJAX_SECURITY_TOKEN header value using Regular Expression Extractor
Substitute this e8985.... recorded value with the JMeter Variable from the Regular Expression Extractor
Check out Using Regular Expressions to Extract Tokens and Session IDs to Variables article for more information.

Get CSRF token in Jmeter for salesforce load-testing

I am trying to do the load testing of salesforce.com. I am logging via test.salesforce.com which is redirecting me to the console url. Now, subsequent post request accepts following post parameters.
ViewStateCSRF
ViewStateMAC
visualforce.ViewState
But this post request is failing with "invalid session" error message.
I am guessing this is because of CSRF token. I am trying to extract(post processor in Jmeter) CSRF token, but I am unable to find this token anywhere in the response/cookie of previous requests. In one of the HTML response, I can find few CSRF tokens(e.g: runApexCsrfToken, consoleAjaxCsrfToken etc). I have tried all of them but no result.
To summarize my problem: I need to pass csrf token in post login request but I am unable to find this token in previous responses.
Could you please help me with this.
PS: I have tried get request on "https://c.salesforce.com/libs/granite/csrf/token.json" after login but did not find any token in response.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to check all response fields as the token can be a part of URL or come as a HTTP Header
You need to correlate not only ViewStateCSRF but all other dynamic parameters as well
If you have problems with identifying the source for the dynamic parameters values you can try recording your scenario using cloud-based proxy service, it is capable of exporting recorded scripts in "SmartJMX" mode with automatic detection and correlation of dynamic parameters. See How to Cut Your JMeter Scripting Time by 80% article for more details

Managing auto generated HTTP Authorization Manager in jmeter not working

I have recorded a native app in jmeter. It shows one auto-generated 'Authorization Manager' where username is appearing as '${Auth_Login}' and password as ${Auth_password}.
I am running the script but the response is appearing as :
"{"error":"No authorization header."}"
Please help me out to resolve this issue.
You should extract the token which returns from the first response using a post processor (i.e regular expression extractor).
Now add this token to the next request's header manager like this:
Name: Authorization
Value: ${Token}
Note: you should check the request header using traffic capturing tool i.e fiddler, because these names might not be the same also the token sometimes looks like this Bearer ${Token}
See using regex with jmeter for more information on regular expression extractor.

Jmeter Login Request with cookies have wrong Response

I m new in jmeter i want to know if i send post request for login with cookies then in Response below information is displaying .
Request Error We’re sorry, there was a problem with your request.
Please make sure you have cookies enabled and try again.
What could be going wrong.?
It may be not about the missing or incorrect cookies.
You need to provide valid loginCsrfParam value as well, it needs to be extracted from previous response via one of the following PostProcessors:
Regular Expression Extractor
XPath Extractor
CSS/JQuery Extractor
converted into a JMeter Variable and used as a parameter in your login request.
See How to Load Test CSRF-Protected Web Sites guide for comprehensive information on bypassing CSRF protection in your JMeter test.

Jmeter - how to pass a csrfmiddlewaretoken to a http request without getting 403 or Forbidden issues?

Can you explain how to construct a relevant HTTP Header or HTTP Request parameter holding CSRF value when an HTTP request has to be passed with a csrfmiddlewaretoken in Jmeter ?
CSRF protection can be handled just like any other dynamic mandatory request parameter or field, the right term to perform search on in performance testing world is Correlation
Check out How to Load Test CSRF-Protected Web Sites guide, it looks like to be exactly what you're looking for.
Try to implement correlation, after you have recorded the script. This is useful to pass dynamic values between different requests.
http://apache-jmeter.blogspot.com/2011/12/correlation-regular-expression.html
http://www.youtube.com/watch?v=j8bBiCeQ88w
If you have already implemented correlation and you are still getting errors, then you should bypass the token generation by writing code in Beanshell sampler to generate csrfmiddlewaretoken and then pass it to the next HTTP request (as per requirement).
hope this will help.

Resources