Develop Reference

Jmeter - Unauthorized error in a direction

I have recorded a flow of a web app, which (I think) do login throught the Windws user. The first request is
:authority: XXX.XXXXX.es
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: es-ES,es;q=0.9
cache-control: max-age=0
sec-ch-ua: "Google Chrome";v="105", "Not)A;Brand";v="8", "Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
This return a 302 redirect, and in the jmeter run ok (that is, return a 302 redirect)
The second request (the redirection) is
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: es-ES,es;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Host: XXXXX.XXXXX.es
sec-ch-ua: "Google Chrome";v="105", "Not)A;Brand";v="8", "Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
And in the jmeter script returns a 401 Unauthorized. I have the Auth manager in JMeter
In the script, in the first request, we send a "NTML" auth,
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: es-ES,es;q=0.9
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
DNT: 1
sec-ch-ua: "Google Chrome";v="105", "Not)A;Brand";v="8", "Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
sec-fetch-User: ?1
sec-fetch-Site: none
Host: XXXXX.XXXXXX.XXX
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAADQANAAYAAAAAAAAAAwAQAACgAKADABAAAQABAAOgEAAAAAAABKAQAABYKJogUBKAoAAAAPpG+BcRbb9Mv8EX9lGMYYvY9TRE0ddvXwHNW4kGw9skxCk1+crDQRAwEBAAAAAAAA4LrJUKfN2AFw2B3BDux8LgAAAAACAAwARABNAEIATQAwADAAAQAQAFMAVgBEAEUAOQAyADMAMQAEABoAYgBhAG4AYwBhAG0AYQByAGMAaAAuAGUAcwADACwAUwBWAEQARQA5ADIAMwAxAC4AYgBhAG4AYwBhAG0AYQByAGMAaAAuAGUAcwAFABoAYgBhAG4AYwBhAG0AYQByAGMAaAAuAGUAcwAHAAgAeyODUKfN2AEAAAAAAAAAADEAMAA3ADcAMwBQAFYAMQAwADcAMAAxADAA
Response:
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found here</body>
and returns a 302 - redirect, but the second above request, returns a 401:
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: es-ES,es;q=0.9
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
DNT: 1
sec-ch-ua: "Google Chrome";v="105", "Not)A;Brand";v="8", "Chromium";v="105"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
sec-fetch-User: ?1
sec-fetch-Site: none
Host: XXXXX.XXXXXXX.XX
Response Headers:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Date: Wed, 21 Sep 2022 10:45:50 GMT
Content-Length: 1293
Some suggestion? Many thanks in advance for your comments.

WWW-Authenticate: Negotiate response header most probably means that your server is expecting Kerberos authentication so you need to:
Use KERBEROS as the "Mechanism"
Add your Domain and Realm
Perform Kerberos-specific configuration in jaas.conf and krb5.conf files
More information: Windows Authentication with Apache JMeter

Why is $request->file('document') not being recognized? Always is null

For some reason, I cannot quite pin-point the reason for my application to fail to send a file with the request body. I have tried all manners of configuring the request header, but to no avail. I know it's not my end-point in Laravel because Postman works just fine with it.
Various header comibinations I have tried:
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Transfer-Encoding': 'multipart/form-data'
OR
'Content-Type': 'multipart/form-data',
'Content-Transfer-Encoding': 'multipart/form-data'
OR
'Content-Type': 'application/json; charset=UTF-8',
'Content-Transfer-Encoding': 'multipart/form-data'
When ever I have my endpoint check to see if $request->file('document') is null, it always comes back true.
Here is my api code:
public function store(Request $request)
{
$value = $request->file('document')->storeAs(
$request->input('path'), $request->input('name')
);
return response()->json($value, 201);
}
Here is the last set of header's that was used and failed:
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 164
Content-Transfer-Encoding: multipart/form-data
Content-Type: multipart/form-data; charset=UTF-8
Cookie: remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IjhZMXRwM3BSYnlsMUdlUHQ1OEVzZkE9PSIsInZhbHVlIjoibFJBV3AxaHU0T3BJY1M5UGRQZG5YdmhxTndWYXRRRHFsZlhEZ0tNa1NqWnlFZndwUGdkeGxFNzZXVW53OUxKMWJ0Q0s3VkFxZTM5T1dKUTdQVE5HbHVhcHBoS29rMllQb1wvbUhKeWFMcjdOOGU3elRYWWlyV3daY1duUUZCb1k1amE3aEVHWEN5SkJLZFVCNnNlRlJIa0hVT2FGb1poVjhCZzVOR21EMUttND0iLCJtYWMiOiI2YjFjYTA5MzcyYzcxMDk4OWFmNzJlNTMzMzQ0ODRkYTZmYzEzZDNjYmQ2YTdiNmZhZWFhODc2NWM0MWExMzZiIn0%3D; XSRF-TOKEN=eyJpdiI6Ikh4R1JhSXJ4M1IycmJTNmFsRjRic0E9PSIsInZhbHVlIjoib0xpQzZqaHRRRFQ3V0RQU0lVT3VSdmU4RFwvS3MwSWpSeTdmOURVZE9kRlhPaTBFeWlBOHljQ1F4aGt0VEFIbWwiLCJtYWMiOiI3MjcyMGM5YzIwZjE5NTFkOTQyNjA3MDlmOTJjMjY0OTg2NGViZWY5NzYwZmJlNGEyYmM0MzFmNDYxMDRlN2U5In0%3D; conversion_session=eyJpdiI6InIwc2NRMzZhc1RZdWZtMDl0OFVMaHc9PSIsInZhbHVlIjoiNmY5MjJUYTNteW5zVG9MVmlmXC90a0FCaTlEY3VhS0w2UXYreUtmdG5yUE5IUnpWVE1qTWthemdnSzRKbmE5NWEiLCJtYWMiOiJjNDkzZTVlNzE0YjBhMDRiNDU3ZmQxMzNlZDkzMjQ1MWQ2YTcxMzYxODU0ZGMyYTFkOTZhYjA2ZmUwNDZhOGQ2In0%3D
Host: conversion:8000
Origin: http://conversion:8000
Referer: http://conversion:8000/accounts/1/projects/1?_token=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-XSRF-TOKEN: // Not pasted here

I discovered, that I was assigning my post data incorrectly for the files. A tutorial had instructed my incorrectly and I found another one that showed me the correct way.

Unable to Send Data in header to Spring Boot application in Angular 6

I am trying to hit my Spring Boot APIs using Angular 6. I am sending some data as a part of headers like this
const headers = new HttpHeaders({
'X-TenantID': tenantId,
'Accept': 'application/json'
});
this.httpClient.get(this.constants.urls.TENANT.VALIDATE + '/' + tenantId, {headers: headers });
At the back end, I am using interceptor and there i am trying to get 'X-TenantID' from my request Headers like this
if (request.getHeader("X-TenantID") != null) {
String tenantName = request.getHeader("X-TenantID");
ThreadLocaleStorage.setTenant(tenantName);
return tenantName;
}
And unfortunately its always returning null value for 'X-TenantID'. When I tried to print all headers it giving me following response
host
localhost:8080
connection
keep-alive
access-control-request-method
GET
origin
http://localhost:4200
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
dnt
1
access-control-request-headers
**x-tenantid**
accept
*/*
accept-encoding
gzip, deflate, br
accept-language
en-US,en;q=0.9
It's clear x-tenantid is present in headers but why I am not getting the value for it.
Please help me, how can I get this value from headers.

GetMapping "produces" works even though doesn't match accept header

Intro
There is a #GetMapping attribute, as the following in one of our projects:
#GetMapping(path = "/", produces = SaConstants.SA_MEDIA_TYPE)
public HttpEntity<Resource<Home>> get(HttpServletResponse response) {
In the SaConstants class:
public static final String SA_MEDIA_TYPE="application/sa+json";
When I access the page from any internet browser, I am getting the proper response that I want - and my breakpoint in the controller is being triggered.
The browser is sending the following headers:
Host: 127.0.0.1:8001
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
Cookie: io=Qt74kp5V5ziUNIxlAAAG
When I make a request to the page, without an Accept header, the page is not working.
If I add to postman the following Accept header, everything works:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Question
My question are:
why does it work even if the Accept: header of the request doesn't match the produces attribute of the Rest Controller?
Why does it fail if no Accept header is provided (given the first question).

"*/*" means all types, this header is by default provided by most of the popular browsers

WebApi HttpPost not working with parameters

I have a Web Api project with this route config
var config = GlobalConfiguration.Configuration;
config.Routes.MapHttpRoute(
"DefaultApiRoute",
"api/v1/{controller}/{action}");
I have two post method
[HttpPost]
public IHttpActionResult RetrieveTestNoParam()
{
return new JsonResult<string>("This is a test", new JsonSerializerSettings(), Encoding.UTF8, this);
}
[HttpPost]
public IHttpActionResult RetrieveTest(string input)
{
return new JsonResult<string>(input, new JsonSerializerSettings(), Encoding.UTF8, this);
}
The first one is working but the second one gives this respone
{
"Message": "No HTTP resource was found that matches the request URI 'http://test.dev.local/api/v1/NewsApi/RetrieveTest'.",
"MessageDetail": "No action was found on the controller 'NewsApiController' that matches the request."
}
This is what I see in fiddler
POST http://test.dev.local/api/v1/NewsApi/RetrieveTest HTTP/1.1
Host: test.dev.local
Connection: keep-alive
Content-Length: 261
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Content-Type: application/javascript
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36
Postman-Token: c2ba631b-4bfd-9379-bf40-0ca1a6a8a3bc
Accept: */*
DNT: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,nl;q=0.6
Cookie: ASP.NET_SessionId=4kgfwd2u3pwusfdvdsrkt2vt; SC_ANALYTICS_GLOBAL_COOKIE=ddd9185a3e8940c9823e81b7d38cdf20|False; sc_expview=0
------WebKitFormBoundaryxdYhzJ7A8WnI8qaa
Content-Disposition: form-data; name="input"
Dit is de input
------WebKitFormBoundaryxdYhzJ7A8WnI8qaa
Content-Disposition: form-data; name="czczcsdcsdf"
sdfsfsdfsdff
------WebKitFormBoundaryxdYhzJ7A8WnI8qaa--
Any ideas?
Other questions I have about Web Api:
Can a controller contain multiple get or post methods?
Do I need the actionname attribute and what does this attribute do?
Regards
Danny