You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by nikolaos prodromidis <ni...@gmail.com> on 2009/10/20 13:49:00 UTC
OAuth with jMeter
Hi all,
Is there anyway of using jMeter to complete the OAuth authentication
process? Has this been done before or even talked about?
Thanks, Nikos.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: OAuth with jMeter
Posted by Deepak Shetty <sh...@gmail.com>.
hi
thanks. i get it now :)
regards
deepak
On Mon, Oct 26, 2009 at 1:16 AM, Ronan Klyne <ro...@groupbc.com>wrote:
> Deepak Shetty wrote:
>
>> OAuth allows the end user to use OAuth tokens instead of login details,
>>>
>>>
>> which means that you can allow a third party site to >access all or part
>> of
>> your Twitter profile, to continue the example. The third party site will
>> store an OAuth token, and it can use >this token to log in to Twitter as
>> you.
>> Exactly. So whatever libraries you need are needed for the webapp you are
>> developing (If you were actually implementing the protocol). If you wanted
>> to test this out , you dont need anything special , the demo does work in
>> a
>> standard browser (which is what we are simulating in Jmeter).
>>
> Yes, exactly right. The browser does not need any special libraries or
> software to interact with that web site, as the browser does not do any
> signing of OAuth requests.
>
> I guess you
>> are saying libraries are needed if you want JMeter to act as the third
>> party
>> right(which shouldnt normally be what you are testing out)?
>>
>>
> Yes, libraries would be needed for that, but it's not as unusual as you
> might think. OAuth is well suited to providing authentication to web
> services and other APIs. It's not unreasonable to think that someone might
> want to load test such an API...
>
> Ronan
>
>
> regards
>> deepak
>>
>> On Fri, Oct 23, 2009 at 12:02 AM, Ronan Klyne <ronan.klyne@groupbc.com
>> >wrote:
>>
>>
>>
>>> Deepak Shetty wrote:
>>>
>>>
>>>
>>>> That can't be right. You mean Internet explorer / firefox will sign
>>>> this?
>>>> As far as I understand this is between two websites , where one relies
>>>> on
>>>> the other to perform the actual authentication and they pass signed
>>>> tokens
>>>> to securely get this information across.
>>>> I looked at a demo http://twitteroauth.appspot.com/ ,which seems to
>>>> indicate the above. (in a Java app world this is very similar to SAML,
>>>> something I have done in Jmeter without needing any additional
>>>> libraries)
>>>>
>>>>
>>>>
>>>>
>>> As far as I know, there is no support in Firefox or IE for OAuth, unless
>>> you have custom extensions. There is certainly no support required. OAuth
>>> is
>>> a mechanism for machine to machine authentication in the name of a user.
>>> It
>>> is designed for those cases where it would be really useful to give an
>>> external site/application your password, but you obviously don't want to
>>> give out your password.
>>>
>>> OAuth allows the end user to use OAuth tokens instead of login details,
>>> which means that you can allow a third party site to access all or part
>>> of
>>> your Twitter profile, to continue the example. The third party site will
>>> store an OAuth token, and it can use this token to log in to Twitter as
>>> you.
>>>
>>> As it happens, I have implemented the bulk of the OAuth protocol in
>>> Python.
>>> It's a simple protocol, and easy to do, but because all of the data you
>>> send
>>> is signed and checked, the smallest thing like extra line-feeds can break
>>> it
>>> completely - it's best to use an existing tested implementation.
>>>
>>> And it is technically possible to use OAuth without SHA1, I think that
>>> the
>>> only other option is plaintext, which offers no security, and removes the
>>> major performance hits on the server.
>>>
>>>
>>> Cheers,
>>> Ronan
>>>
>>>
>>> regards
>>>
>>>
>>>> deepak
>>>>
>>>> On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <ronan.klyne@groupbc.com
>>>>
>>>>
>>>>> wrote:
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>> Deepak Shetty wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> hi
>>>>>> maybe im missing something, but how exactly does OAuth differ from any
>>>>>> other
>>>>>> HTTP web based app (the signing etc is still done at the server and
>>>>>> passed
>>>>>> around in hidden fields etc) is it not?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> No. The client is required to be able to sign the request using the
>>>>> access
>>>>> key secret. At the very least, this requires some implementation of
>>>>> SHA1,
>>>>> and some careful coding.
>>>>>
>>>>> It's probably possible to do this in a BSF/Java pre-processor, but it
>>>>> might
>>>>> take a lot of fiddling and testing to get it right.
>>>>>
>>>>>
>>>>> Ronan
>>>>>
>>>>>
>>>>> regards
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> deepak
>>>>>>
>>>>>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> On JMeter dev-list, one thread :
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>>>>>>
>>>>>>> and 1 bugzilla:
>>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>>>>>>
>>>>>>> Milamber
>>>>>>>
>>>>>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Is there anyway of using jMeter to complete the OAuth authentication
>>>>>>>> process? Has this been done before or even talked about?
>>>>>>>>
>>>>>>>> Thanks, Nikos.
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>>>>> For additional commands, e-mail:
>>>>>>>> jmeter-user-help@jakarta.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: OAuth with jMeter
Posted by Ronan Klyne <ro...@groupbc.com>.
Deepak Shetty wrote:
>> OAuth allows the end user to use OAuth tokens instead of login details,
>>
> which means that you can allow a third party site to >access all or part of
> your Twitter profile, to continue the example. The third party site will
> store an OAuth token, and it can use >this token to log in to Twitter as
> you.
> Exactly. So whatever libraries you need are needed for the webapp you are
> developing (If you were actually implementing the protocol). If you wanted
> to test this out , you dont need anything special , the demo does work in a
> standard browser (which is what we are simulating in Jmeter).
Yes, exactly right. The browser does not need any special libraries or
software to interact with that web site, as the browser does not do any
signing of OAuth requests.
> I guess you
> are saying libraries are needed if you want JMeter to act as the third party
> right(which shouldnt normally be what you are testing out)?
>
Yes, libraries would be needed for that, but it's not as unusual as you
might think. OAuth is well suited to providing authentication to web
services and other APIs. It's not unreasonable to think that someone
might want to load test such an API...
Ronan
> regards
> deepak
>
> On Fri, Oct 23, 2009 at 12:02 AM, Ronan Klyne <ro...@groupbc.com>wrote:
>
>
>> Deepak Shetty wrote:
>>
>>
>>> That can't be right. You mean Internet explorer / firefox will sign this?
>>> As far as I understand this is between two websites , where one relies on
>>> the other to perform the actual authentication and they pass signed tokens
>>> to securely get this information across.
>>> I looked at a demo http://twitteroauth.appspot.com/ ,which seems to
>>> indicate the above. (in a Java app world this is very similar to SAML,
>>> something I have done in Jmeter without needing any additional libraries)
>>>
>>>
>>>
>> As far as I know, there is no support in Firefox or IE for OAuth, unless
>> you have custom extensions. There is certainly no support required. OAuth is
>> a mechanism for machine to machine authentication in the name of a user. It
>> is designed for those cases where it would be really useful to give an
>> external site/application your password, but you obviously don't want to
>> give out your password.
>>
>> OAuth allows the end user to use OAuth tokens instead of login details,
>> which means that you can allow a third party site to access all or part of
>> your Twitter profile, to continue the example. The third party site will
>> store an OAuth token, and it can use this token to log in to Twitter as you.
>>
>> As it happens, I have implemented the bulk of the OAuth protocol in Python.
>> It's a simple protocol, and easy to do, but because all of the data you send
>> is signed and checked, the smallest thing like extra line-feeds can break it
>> completely - it's best to use an existing tested implementation.
>>
>> And it is technically possible to use OAuth without SHA1, I think that the
>> only other option is plaintext, which offers no security, and removes the
>> major performance hits on the server.
>>
>>
>> Cheers,
>> Ronan
>>
>>
>> regards
>>
>>> deepak
>>>
>>> On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <ronan.klyne@groupbc.com
>>>
>>>> wrote:
>>>>
>>>
>>>
>>>> Deepak Shetty wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> hi
>>>>> maybe im missing something, but how exactly does OAuth differ from any
>>>>> other
>>>>> HTTP web based app (the signing etc is still done at the server and
>>>>> passed
>>>>> around in hidden fields etc) is it not?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> No. The client is required to be able to sign the request using the
>>>> access
>>>> key secret. At the very least, this requires some implementation of SHA1,
>>>> and some careful coding.
>>>>
>>>> It's probably possible to do this in a BSF/Java pre-processor, but it
>>>> might
>>>> take a lot of fiddling and testing to get it right.
>>>>
>>>>
>>>> Ronan
>>>>
>>>>
>>>> regards
>>>>
>>>>
>>>>
>>>>> deepak
>>>>>
>>>>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> On JMeter dev-list, one thread :
>>>>>>
>>>>>>
>>>>>>
>>>>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>>>>>
>>>>>> and 1 bugzilla:
>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>>>>>
>>>>>> Milamber
>>>>>>
>>>>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Is there anyway of using jMeter to complete the OAuth authentication
>>>>>>> process? Has this been done before or even talked about?
>>>>>>>
>>>>>>> Thanks, Nikos.
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: OAuth with jMeter
Posted by Deepak Shetty <sh...@gmail.com>.
>OAuth allows the end user to use OAuth tokens instead of login details,
which means that you can allow a third party site to >access all or part of
your Twitter profile, to continue the example. The third party site will
store an OAuth token, and it can use >this token to log in to Twitter as
you.
Exactly. So whatever libraries you need are needed for the webapp you are
developing (If you were actually implementing the protocol). If you wanted
to test this out , you dont need anything special , the demo does work in a
standard browser (which is what we are simulating in Jmeter). I guess you
are saying libraries are needed if you want JMeter to act as the third party
right(which shouldnt normally be what you are testing out)?
regards
deepak
On Fri, Oct 23, 2009 at 12:02 AM, Ronan Klyne <ro...@groupbc.com>wrote:
> Deepak Shetty wrote:
>
>> That can't be right. You mean Internet explorer / firefox will sign this?
>> As far as I understand this is between two websites , where one relies on
>> the other to perform the actual authentication and they pass signed tokens
>> to securely get this information across.
>> I looked at a demo http://twitteroauth.appspot.com/ ,which seems to
>> indicate the above. (in a Java app world this is very similar to SAML,
>> something I have done in Jmeter without needing any additional libraries)
>>
>>
> As far as I know, there is no support in Firefox or IE for OAuth, unless
> you have custom extensions. There is certainly no support required. OAuth is
> a mechanism for machine to machine authentication in the name of a user. It
> is designed for those cases where it would be really useful to give an
> external site/application your password, but you obviously don't want to
> give out your password.
>
> OAuth allows the end user to use OAuth tokens instead of login details,
> which means that you can allow a third party site to access all or part of
> your Twitter profile, to continue the example. The third party site will
> store an OAuth token, and it can use this token to log in to Twitter as you.
>
> As it happens, I have implemented the bulk of the OAuth protocol in Python.
> It's a simple protocol, and easy to do, but because all of the data you send
> is signed and checked, the smallest thing like extra line-feeds can break it
> completely - it's best to use an existing tested implementation.
>
> And it is technically possible to use OAuth without SHA1, I think that the
> only other option is plaintext, which offers no security, and removes the
> major performance hits on the server.
>
>
> Cheers,
> Ronan
>
>
> regards
>> deepak
>>
>> On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <ronan.klyne@groupbc.com
>> >wrote:
>>
>>
>>
>>> Deepak Shetty wrote:
>>>
>>>
>>>
>>>> hi
>>>> maybe im missing something, but how exactly does OAuth differ from any
>>>> other
>>>> HTTP web based app (the signing etc is still done at the server and
>>>> passed
>>>> around in hidden fields etc) is it not?
>>>>
>>>>
>>>>
>>>>
>>> No. The client is required to be able to sign the request using the
>>> access
>>> key secret. At the very least, this requires some implementation of SHA1,
>>> and some careful coding.
>>>
>>> It's probably possible to do this in a BSF/Java pre-processor, but it
>>> might
>>> take a lot of fiddling and testing to get it right.
>>>
>>>
>>> Ronan
>>>
>>>
>>> regards
>>>
>>>
>>>> deepak
>>>>
>>>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com>
>>>> wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> On JMeter dev-list, one thread :
>>>>>
>>>>>
>>>>>
>>>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>>>>
>>>>> and 1 bugzilla:
>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>>>>
>>>>> Milamber
>>>>>
>>>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>>>>
>>>>> Hi all,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Is there anyway of using jMeter to complete the OAuth authentication
>>>>>> process? Has this been done before or even talked about?
>>>>>>
>>>>>> Thanks, Nikos.
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: OAuth with jMeter
Posted by Ronan Klyne <ro...@groupbc.com>.
Deepak Shetty wrote:
> That can't be right. You mean Internet explorer / firefox will sign this?
> As far as I understand this is between two websites , where one relies on
> the other to perform the actual authentication and they pass signed tokens
> to securely get this information across.
> I looked at a demo http://twitteroauth.appspot.com/ ,which seems to
> indicate the above. (in a Java app world this is very similar to SAML,
> something I have done in Jmeter without needing any additional libraries)
>
As far as I know, there is no support in Firefox or IE for OAuth, unless
you have custom extensions. There is certainly no support required.
OAuth is a mechanism for machine to machine authentication in the name
of a user. It is designed for those cases where it would be really
useful to give an external site/application your password, but you
obviously don't want to give out your password.
OAuth allows the end user to use OAuth tokens instead of login details,
which means that you can allow a third party site to access all or part
of your Twitter profile, to continue the example. The third party site
will store an OAuth token, and it can use this token to log in to
Twitter as you.
As it happens, I have implemented the bulk of the OAuth protocol in
Python. It's a simple protocol, and easy to do, but because all of the
data you send is signed and checked, the smallest thing like extra
line-feeds can break it completely - it's best to use an existing tested
implementation.
And it is technically possible to use OAuth without SHA1, I think that
the only other option is plaintext, which offers no security, and
removes the major performance hits on the server.
Cheers,
Ronan
> regards
> deepak
>
> On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <ro...@groupbc.com>wrote:
>
>
>> Deepak Shetty wrote:
>>
>>
>>> hi
>>> maybe im missing something, but how exactly does OAuth differ from any
>>> other
>>> HTTP web based app (the signing etc is still done at the server and passed
>>> around in hidden fields etc) is it not?
>>>
>>>
>>>
>> No. The client is required to be able to sign the request using the access
>> key secret. At the very least, this requires some implementation of SHA1,
>> and some careful coding.
>>
>> It's probably possible to do this in a BSF/Java pre-processor, but it might
>> take a lot of fiddling and testing to get it right.
>>
>>
>> Ronan
>>
>>
>> regards
>>
>>> deepak
>>>
>>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com>
>>> wrote:
>>>
>>>
>>>
>>>
>>>> Hello,
>>>>
>>>> On JMeter dev-list, one thread :
>>>>
>>>>
>>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>>>
>>>> and 1 bugzilla:
>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>>>
>>>> Milamber
>>>>
>>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>>>
>>>> Hi all,
>>>>
>>>>
>>>>
>>>>> Is there anyway of using jMeter to complete the OAuth authentication
>>>>> process? Has this been done before or even talked about?
>>>>>
>>>>> Thanks, Nikos.
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: OAuth with jMeter
Posted by Deepak Shetty <sh...@gmail.com>.
That can't be right. You mean Internet explorer / firefox will sign this?
As far as I understand this is between two websites , where one relies on
the other to perform the actual authentication and they pass signed tokens
to securely get this information across.
I looked at a demo http://twitteroauth.appspot.com/ ,which seems to
indicate the above. (in a Java app world this is very similar to SAML,
something I have done in Jmeter without needing any additional libraries)
regards
deepak
On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <ro...@groupbc.com>wrote:
> Deepak Shetty wrote:
>
>> hi
>> maybe im missing something, but how exactly does OAuth differ from any
>> other
>> HTTP web based app (the signing etc is still done at the server and passed
>> around in hidden fields etc) is it not?
>>
>>
> No. The client is required to be able to sign the request using the access
> key secret. At the very least, this requires some implementation of SHA1,
> and some careful coding.
>
> It's probably possible to do this in a BSF/Java pre-processor, but it might
> take a lot of fiddling and testing to get it right.
>
>
> Ronan
>
>
> regards
>> deepak
>>
>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com>
>> wrote:
>>
>>
>>
>>> Hello,
>>>
>>> On JMeter dev-list, one thread :
>>>
>>>
>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>>
>>> and 1 bugzilla:
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>>
>>> Milamber
>>>
>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>>
>>> Hi all,
>>>
>>>
>>>> Is there anyway of using jMeter to complete the OAuth authentication
>>>> process? Has this been done before or even talked about?
>>>>
>>>> Thanks, Nikos.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: OAuth with jMeter
Posted by Ronan Klyne <ro...@groupbc.com>.
Deepak Shetty wrote:
> hi
> maybe im missing something, but how exactly does OAuth differ from any other
> HTTP web based app (the signing etc is still done at the server and passed
> around in hidden fields etc) is it not?
>
No. The client is required to be able to sign the request using the
access key secret. At the very least, this requires some implementation
of SHA1, and some careful coding.
It's probably possible to do this in a BSF/Java pre-processor, but it
might take a lot of fiddling and testing to get it right.
Ronan
> regards
> deepak
>
> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com> wrote:
>
>
>> Hello,
>>
>> On JMeter dev-list, one thread :
>>
>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>>
>> and 1 bugzilla:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>>
>> Milamber
>>
>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>>
>> Hi all,
>>
>>> Is there anyway of using jMeter to complete the OAuth authentication
>>> process? Has this been done before or even talked about?
>>>
>>> Thanks, Nikos.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: OAuth with jMeter
Posted by Deepak Shetty <sh...@gmail.com>.
hi
maybe im missing something, but how exactly does OAuth differ from any other
HTTP web based app (the signing etc is still done at the server and passed
around in hidden fields etc) is it not?
regards
deepak
On Tue, Oct 20, 2009 at 1:48 PM, Milamber <mi...@gmail.com> wrote:
> Hello,
>
> On JMeter dev-list, one thread :
>
> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
>
> and 1 bugzilla:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
>
> Milamber
>
> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
>
> Hi all,
>>
>> Is there anyway of using jMeter to complete the OAuth authentication
>> process? Has this been done before or even talked about?
>>
>> Thanks, Nikos.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: OAuth with jMeter
Posted by Milamber <mi...@gmail.com>.
Hello,
On JMeter dev-list, one thread :
http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3CC60D0F8E.F1BD0%25zhihong@gmail.om%3E
and 1 bugzilla:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47040
Milamber
Le 20/10/2009 11:49, nikolaos prodromidis a ecrit :
> Hi all,
>
> Is there anyway of using jMeter to complete the OAuth authentication
> process? Has this been done before or even talked about?
>
> Thanks, Nikos.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org