request:
I send a "get" http request, has no parameters;
path: http://192.168.22.139:8080/KSP
response:
<input id="username" type="text" name="username" required/>
<input id="password" type="password" name="password" required/>
<input type="hidden" name="lt" value="LT-697-vbNmm6NKOZ0cd7Wg1ywzbMKLa0DnOc" />
<input type="hidden" name="execution" value="e1s1" />
<input type="hidden" name="_eventId" value="submit" />
And I add two XPath Extractor to get lt and execution:
reference name: lt;
xPath query: //*[#id="login"]/input[3]
reference name: execution;
xPath query: //*[#id="login"]/input[4]
Then I send another request with username/password/service/It/execution/_eventId:
Error: ticket and execution I get is empty, I get the xpath by chrome, so what is the problem?
From the first response, can use Regular Expression Extractor to extract ticke and lt.
Then send the second request with parameter:
username/password/It/execution/_eventId/_eventId
By the way, you should add HTTP Cookie Manager,
I didnot see parameters of your first request. At least I didnot see the lt.
The second request should be a GET request, and the parameters are: service and ticket(This is not jsessionid, the value is generated by CAS, and it is the same with the parameter lt in the first request to the CAS login ).
There is a few things you need to change in the second request:
add execution parameter (extract it from the first request, eg. with XPath Extractor or Regular Expression Extractor),
the XPath expression would be something like .//*[#id='fm1']//*[#name='execution']/#value
add _eventId=submit parameter,
the lt parameter (the login ticket) should be extracted from the login form, too - it changes each time; see XPath Extractor or Regular Expression Extractor,
XPath expression: .//*[#id='fm1']//*[#name='lt']/#value,
not required, but will look nicer - change GET to POST.
If you're testing CAS login itself I can suggest using JMeter HTTP Proxy server to record login process, catch all values which are being passed, detect those, which are dynamic and deal with them via Regular Expression Extractor, XPath, Beanshell, etc. Post Processors - what you're most comfortable with.
In case if your application is behind CAS I guess that CAS login simply adds a cookie and your application considers user authenticated basing on it. In this case you can simply store cookies somewhere in CSV file and use them via HTTP Cookie Manager to simulate authenticated users.
Related
How to write json path expressions for the below script in jmeter . I need to get the two dynamic values session id and csrf
<input type="hidden" name="_txtSession_Id" value="tw-2777518705045647360wor" >
<input type="hidden" name="csrf_token" value="QIuBhc0mxMfA0XMczGIoZ+jPRprc3wfxbxCfjHiAykU=" />
You cannot use JSON Extractor on HTML data, consider using CSS Selector Extractor instead.
The relevant configuration would be something like:
Name of created variable: anything meaningful, i.e. _txtSession_Id
CSS Selector Expression: input[name=_txtSession_Id]
Attribute: value
That's it, you will be able to refer the first value as ${_txtSession_Id} where required.
The same way you can extract csrf_token, just change CSS Selector Expression to input[name=csrf_token]
You can test your CSS Expressions using View Results Tree listener
I tried extracting name and value of token using regular expression and use it in post call with the defined variables but the call keeps on failing.
Below is the html code :
<input type="hidden" name="e4662291f0b8" value="b9cd1ccb0e33594426209c9bea2392fb04d4b54529780a63d4a538c74f852674"/>
I have created a default web api project with at least those 2 media formatters loaded. Both are for the same content-type:
FormUrlEncodedMediaTypeFormatter: application/x-www-form-urlencoded
JQueryMvcFormUrlEncodedFormatter: application/x-www-form-urlencoded
When I do a simple http post form with enctype="application/x-www-form-urlencoded" it works only with the JQueryMvcFormUrlEncodedFormatter, that means my sent complex object is not null at server side.
When I remove the formatter JQueryMvcFormUrlEncodedFormatter at application startup and do the simple http post form again I expect it to work again but it does not.
I get an exception that no appropriate formatter is loaded.
Thats not true -actually-
Why does it not work?
P.S.
I found that this is the difference:
– System.Net.Http.Formatting.FormUrlEncodedMediaTypeFormatter, for handling HTML form URL-encoded data
– System.Web.Http.ModelBinding.JQueryMvcFormUrlEncodedFormatter, for handling model-bound HTML form URL-encoded data
but I do not understand the difference!
I do not even use jquery to post my form:
<form role="form" method="post" action="api/values" enctype="application/x-www-form-urlencoded">
<input type="text" class="form-control" name="firstName" placeholder="Enter first name">
<input type="text" class="form-control" name="lastName" placeholder="Enter last name">
<button type="submit" class="btn btn-default">Submit</button>
</form>
FormUrlEncodedMediaTypeFormatter binds application/x-www-form-urlencoded body to FormDataCollection type, and only that type.
JQueryMvcFormUrlEncodedFormatter however uses available ModelBinders to first parse the body to FormDataCollection and then use the first compatible ModelBinder to parse that into the final model. It's like mixing Model Binding approach and Media Type Formatting approach, which AFAIK is not explained anywhere in the WebAPI docs.
Both formatters are registered by default. This is what I inferred reading WebAPI source code.
There are 4 out of box formatters
JsonMediaTypeFormatter
XMLMediaTypeFormatter
FormUrlEncodedMediaTypeFormatter
JQueryMvcFormUrlEncodedFormatter
The first two media type formatters can serialize and deserialize CLR types to request/response and vice versa. But 3rd one neither serializes nor deserializes to/from any CLR type. 4th formatter can deserialize incoming raw data to CLR type.
Hence in your case, you are experiencing with error after you remove JQueryMvcFormUrlEncodedFormatter since 3rd formatter could not able to deserialize incoming request data to CLR type.
I am trying to get the value from a hidden input field. I researched and found many sites ( including instances on this site ) showing great examples. When I try them, I am not able to retrieve the value from this hidden field using the methods I have learned. I have tried both an xpath extractor and a regular expression extractor, but neither one retrieves the value from the hidden field.
Also, I will note that in the tree on the left side in JMeter, I put the extractors as a child to the HTTP Request where the token first appears. Are the extractors supposed to be children or are they supposed to be at the same level as the HTTP Request, but just after it in the flow of the test?
==============================
Here, I will explain my set up. There is an HTTP request from a form. There is a token on the form. I need to get the value for this token. Here is the html for the page where the token appears:
<form action="/folder1/part1/save/12345-1234-1234-1234-123456789012" method="post" name="mgr" id="mgr" >
<input type="hidden" name="token" value="1234-12-12-12-1234" id="token" />
==============================
For the Regular Expression Extractor, I have tried all of these, one at a time for each test run:
//input[#type="hidden" and name="token"]/#value
//input[#type="hidden"][#name="token"]/#value
//input[#type="hidden"]/[#name="token"]/#value
//input[#type="hidden"][#name="token"]/#value/[#id="token"]
//input[#type="hidden"]/[#name="token"]/#value/[#id="token"]
For the XPath Extractor, I have tried all of these, one at a time for each test run:
//[#id="token"]
/html/body/div/div[2]/div/form/input[1]
//html/body/div/div[2]/div/form/input[1]
Try this one: //input[#type="hidden" and #name="token"]/#value
Also, you could test your expressions exactly in JMeter. For example, this xpath extraction you could check in XPath Tester element in View Result Tree Listener. There you could find Regexp Tester too
I have an ActionResult decorated with ValidateAntiForgeryToken and Authorize. Once my forms authorization timeout limit is reached, I'm receiving a "A required anti-forgery token was not supplied or was invalid" error instead of being routed to my login page.
Can someone explain why this happens?
The ValidateAntiForgeryTokenAttribute
'Represents an attribute that is used to detect whether a server
request has been tampered with.'
to quote MSDN. What Html.AntiForgeryToken() does is output a hidden field into the form, something like: <input name="__RequestVerificationToken" type="hidden" value="XXX" />.
What the ValidateAntiForgeryTokenAttribute does on post back is compare the posted value to a previously stored cookie, to verify that they match. See http://aspnet.codeplex.com/SourceControl/changeset/view/72551#338576 (the OnAuthorization method) for details. The cookie has a name of RequestVerificationToken_Lw (you can use a cookie inspection tool like FireCookie to see this).
The cookie stored is a session cookie (the important bit). This means that when your authorization timeout is reached (30 mins by default in .NET), the cookie expires, doesn't get sent with the next request and the comparison to the hidden field value fails, throwing a HttpAntiForgeryException.
Make sure to use #Html.AntiForgeryToken() with in the BeginForm(){....} in the view
#using(Html.BeginForm()){
#Html.AntiForgeryToken()
.
.
.
.
}
Then this will be validated in the action filter attribute [ValidateAntiForgeryToken]