You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by Steve Duran <st...@nmmcc.com> on 2004/10/07 21:26:26 UTC
need help with form authentication
Hello,
I am attempting to use JMeter to test a web application and have been
unable to get past the login page, which uses form authentication. My
test plan and configuration are described below. When I use a browser
to access a protected page, the system will set a cookie named
JSESSIONID and redirect me to the login page. If I disable cookies in
the browser, I get the same message from Tomcat that JMeter gets, so I
think JMeter is not storing the cookie at all.
I have tried this test using the non-gui version on a Linux box and
the results were the same. I tried not listing any cookies, making them
secure and not secure, and that changed nothing. I can access the
application using both http, and https, so I don't think SSL is involved
with this problem.
How can I get past the login page so I can proceed with the benchmark
tests?
Thank you.
Test Plan
Thread Group
Login Prompt (HTTP Request)
server name: foo.nmmcc.com
port number:
protocol: http
path: /theapp/news.jsp
method: get
redirect automatically: checked
follow redirects: checked
use keepalive: checked
retrieve all embedded resources: checked
use as monitor: checked
Login Form (HTTP Request)
server name: foo.nmmcc.com
port number:
protocol: http
method: post
path /theapp/j_security_check
redirect automatically: checked
follow redirects: checked
use keepalive: checked
retrieve all embedded resources: checked
use as monitor: checked
parameters:
j_username value: steved
encode: checked
include equals: checked
j_password value: steved
encode: checked
include equals: checked
Test Page (HTTP Request)
server name: foo.nmmcc.com
port number:
protocol: http
method: get
path /theapp/my_struts_page.do
redirect automatically: checked
follow redirects: checked
use keepalive: checked
retrieve all embedded resources: checked
use as monitor: not checked
parameters:
summary value: test summary
encode: checked
include equals: checked
subject value: test subject
encode: checked
include equals: checked
descrip value: test descrip
encode: checked
include equals: checked
HTTP Cookie Manager
clear cookies each iteration: not checked
cookies:
JSESSIONID value:
domain: foo.site.com
secure: not checked
expiration: 120000
View Results in Table
filename: C:\jmeter.txt
log errors only: checked
Response:
<html><head><title>
Apache Tomcat/4.0.6 - Error report</title><STYLE><
!--H1{font-family : sans-serif,Arial,Tahoma;color :
white;background-color : #0086b2;}
BODY{font-family : sans-serif,Arial,Tahoma;color :
black;background-color : white;}
B{color : white;background-color : #0086b2;}
HR{color : #0086b2;} --></STYLE>
</head><body><h1>
Apache Tomcat/4.0.6 - HTTP Status 400 - Invalid direct reference to form
login page<
/h1><HR size="1" noshade><p><b>type</b>
Status report</p><p><b>message</b> <u>
Invalid direct reference to form login
page</u></p><p><b>
description</b> <u>
The request sent by the client was syntactically incorrect (Invalid
direct reference to form login page).</u>
</p><HR size="1" noshade></body></html>
I am using JMeter 2.0.1 running on Windows XP (SP2) with Java
1.4.2_05-b04. The application is using jboss-3.0.5_tomcat-4.0.6, running
on Red Hat Linux release 9, kernel 2.4.20-31.9 with Java 1.3.1_07.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: need help with form authentication
Posted by sebb <se...@gmail.com>.
On Thu, 07 Oct 2004 13:26:26 -0600, Steve Duran <st...@nmmcc.com> wrote:
>
> Hello,
>
> I am attempting to use JMeter to test a web application and have been
> unable to get past the login page, which uses form authentication. My
> test plan and configuration are described below. When I use a browser
> to access a protected page, the system will set a cookie named
> JSESSIONID and redirect me to the login page. If I disable cookies in
> the browser, I get the same message from Tomcat that JMeter gets, so I
> think JMeter is not storing the cookie at all.
JMeter only processes cookies if you add a Cookie Manager to the plan,
but I think you have done that ...
> I have tried this test using the non-gui version on a Linux box and
> the results were the same. I tried not listing any cookies, making them
> secure and not secure, and that changed nothing. I can access the
> application using both http, and https, so I don't think SSL is involved
> with this problem.
>
> How can I get past the login page so I can proceed with the benchmark
> tests?
>
> Thank you.
>
> Test Plan
> Thread Group
> Login Prompt (HTTP Request)
> server name: foo.nmmcc.com
> port number:
> protocol: http
> path: /theapp/news.jsp
> method: get
> redirect automatically: checked
> follow redirects: checked
Might be easier to see what is happening if you don't enable redirects.
You may then have to add an extra sampler or two to the plan, but at least
you then have control.
> use keepalive: checked
Use Keepalive does not work very well with the default HTTP implementation
[this is not the fault of JMeter!]
> retrieve all embedded resources: checked
> use as monitor: checked
Don't check monitor
> Login Form (HTTP Request)
> server name: foo.nmmcc.com
> port number:
> protocol: http
> method: post
> path /theapp/j_security_check
> redirect automatically: checked
> follow redirects: checked
> use keepalive: checked
> retrieve all embedded resources: checked
> use as monitor: checked
See above
> parameters:
> j_username value: steved
> encode: checked
> include equals: checked
> j_password value: steved
> encode: checked
> include equals: checked
> Test Page (HTTP Request)
> server name: foo.nmmcc.com
> port number:
> protocol: http
> method: get
> path /theapp/my_struts_page.do
> redirect automatically: checked
> follow redirects: checked
> use keepalive: checked
> retrieve all embedded resources: checked
> use as monitor: not checked
> parameters:
> summary value: test summary
> encode: checked
> include equals: checked
> subject value: test subject
> encode: checked
> include equals: checked
> descrip value: test descrip
> encode: checked
> include equals: checked
> HTTP Cookie Manager
> clear cookies each iteration: not checked
> cookies:
> JSESSIONID value:
> domain: foo.site.com
> secure: not checked
> expiration: 120000
I think this may be the problem - Cookie Manager automatically manages
cookies sent by the web server - you don't have to add them to the
test plan
Only additional cookies need to be added to the Cookie manager.
> View Results in Table
> filename: C:\jmeter.txt
> log errors only: checked
Might be better to log everything initially.
S.
>
> Response:
> <html><head><title>
> Apache Tomcat/4.0.6 - Error report</title><STYLE><
> !--H1{font-family : sans-serif,Arial,Tahoma;color :
> white;background-color : #0086b2;}
> BODY{font-family : sans-serif,Arial,Tahoma;color :
> black;background-color : white;}
> B{color : white;background-color : #0086b2;}
> HR{color : #0086b2;} --></STYLE>
> </head><body><h1>
> Apache Tomcat/4.0.6 - HTTP Status 400 - Invalid direct reference to form
> login page<
> /h1><HR size="1" noshade><p><b>type</b>
> Status report</p><p><b>message</b> <u>
> Invalid direct reference to form login
> page</u></p><p><b>
> description</b> <u>
> The request sent by the client was syntactically incorrect (Invalid
> direct reference to form login page).</u>
> </p><HR size="1" noshade></body></html>
>
> I am using JMeter 2.0.1 running on Windows XP (SP2) with Java
> 1.4.2_05-b04. The application is using jboss-3.0.5_tomcat-4.0.6, running
> on Red Hat Linux release 9, kernel 2.4.20-31.9 with Java 1.3.1_07.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org