如何使用 JMeter 在 Tomcat 中模拟表单身份验证?
我对 JMeter 很陌生,但我对 JMeter 的用途有一些想法。我还有一个启用了表单身份验证的 Tomcat 应用程序。我尝试使用的线程包括:
- HTTP 请求默认值
- HTTP Cookie 管理器
- HTTP 标头管理器
和以下一组 HTTP 采样器:
- 注销页面 (
/app/logout.jsp) - 登录页面 (
/app/login.jsp) - j_security_check (/
app/j_security_check)
,其中启用了“跟随重定向”和“使用 KeepAlive”。我无法弄清楚为什么 j_security_check 请求响应重定向到 logout.jsp。在检查 Chrome 中的 HTTP 响应后,我注意到此类请求会重定向到 index.jsp,但如果凭据正常,则永远不会重定向到注销页面。首先,我有一个想法,我没有模仿所有浏览器HTTP标头,但是在将它们全部添加到HTTP标头管理器后我失败了:
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.859.0 Safari/535.2
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding gzip,deflate,sdch
Accept-Language en-US,en;q=0.8
Host localhost:8080
Referer http://localhost:8080/whapp/index.jsp
但即使在指定了所有这些标头之后,我也无法模拟身份验证..有什么想法吗?提前致谢。
I'm very new to JMeter, but I have some ideas of what JMeter could be used for. Also I have a Tomcat application with form authentication enabled. The thread I'm trying to use consists of:
- HTTP Request Defaults
- HTTP Cookie Manager
- HTTP Header Manager
and the following set of HTTP samplers:
- logout page (
/app/logout.jsp) - login page (
/app/login.jsp) - j_security_check (/
app/j_security_check)
where Follow Redirects and Use KeepAlive are enabled. I cannot figure out why the j_security_check request response redirects to logout.jsp. After checking the HTTP response in Chrome, I've noticed that such request redirects to index.jsp, but never to the log out page if the credentials are fine. First of all, I had an idea that I didn't imitate all browser HTTP headers, but I've failed after I added all of them to HTTP Header Manager:
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.859.0 Safari/535.2
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding gzip,deflate,sdch
Accept-Language en-US,en;q=0.8
Host localhost:8080
Referer http://localhost:8080/whapp/index.jsp
But even after specifying all of them, I cannot simulate the authentication... Any ideas? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否尝试记录登录过程,或者这些都是手动完成的?
如果手动,您的请求之一可能会缺少参数。
如果记录,可能存在需要动态的硬编码参数(JSessionID 等)。您可能需要添加带有正则表达式的 GET 来检索该值并将其传递给您的 POST。
如果 JSessionID 需要作为参数,您将无法通过 cookie 管理器传递它,您需要将其作为 HTTP 参数来执行。
有关记录的概要,请参阅 http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf
Did you try recording the login process, or were these all done manually?
If manually, there could be a parameter missing from one of your requests.
If recorded, there could be a hardcoded parameter that needs to be dynamic (JSessionID, etc.) You may need to add a GET with a regex to retrieve this value and pass to your POST.
If the JSessionID is expected as a parameter, you won't be able to pass it through the cookie manager, you'll need to do it as an HTTP parameter.
For a rundown on recording, please see http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf