You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by cal0y <ca...@orangeandbronze.com> on 2010/08/23 19:26:33 UTC
Jmeter gets response code 403 on post methods
Hi,
I am not a developer and i am new to Jmeter. I have recorded a simpe
testplan through jmeter proxy server and i think the steps were recorded
fine. When i run the test plan the post method returns a Response code
403(Forbidden) every time. This post method is simply a submit form that
requires values from the user and save them in the database. At first i
thought i just missed a cookie manager but it still returned a Response Code
403 after i added one. Am i missing something else? Any help would
appreciated.
My test plan looks like this:
Test Plan
Thread Group
Http Request Defaults
Http Cookie Manager
Http Request for main page load
Http Request for Submit page load
Http Request for Submit page submission (Post method)
Here are the header manager values of the post method:
Content-Type application/x-www-form-urlencoded
Accept-Language en-us,en;q=0.5
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Keep-Alive 300
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729)
Referer http://localhost:8080*********
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645078.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Sudip Kumar Bhattacharya <sk...@gmail.com>.
May be ur site is set up to use windows authentication mode. When u access it with a browser it uses ur windows login credentials to authorise ur access. But probably jmeter is not able to handle that.
Sent on my BlackBerry® from Vodafone
-----Original Message-----
From: Deepak Shetty <sh...@gmail.com>
Date: Mon, 23 Aug 2010 10:35:10
To: JMeter Users List<jm...@jakarta.apache.org>
Reply-To: "JMeter Users List" <jm...@jakarta.apache.org>
Subject: Re: Jmeter gets response code 403 on post methods
This is asked and answered in various forms on these mail archives - But
basically you need to compare what is being sent by your browser (fiddler -
live http headers etc) to what your test script sends . This usually needs
you to
a. Ensure that Follow redirects are sent on all samplers (instead of
redirect automatically)
b. Figure out how your application manages session ids (if by cookie , you
should be ok , if by parameter in URL then your script wont work)
c. Figure out which parameters are dynamic and use extractors to extract
them into variables and send them as part of the next request.
Take a look at what your browser does for the 3 steps you mention and
compare with Jmeter. Use the View Results Tree Listener in Jmeter
regards
deepak
On Mon, Aug 23, 2010 at 10:26 AM, cal0y
<ca...@orangeandbronze.com>wrote:
>
> Hi,
>
> I am not a developer and i am new to Jmeter. I have recorded a simpe
> testplan through jmeter proxy server and i think the steps were recorded
> fine. When i run the test plan the post method returns a Response code
> 403(Forbidden) every time. This post method is simply a submit form that
> requires values from the user and save them in the database. At first i
> thought i just missed a cookie manager but it still returned a Response
> Code
> 403 after i added one. Am i missing something else? Any help would
> appreciated.
>
> My test plan looks like this:
>
> Test Plan
> Thread Group
> Http Request Defaults
> Http Cookie Manager
> Http Request for main page load
> Http Request for Submit page load
> Http Request for Submit page submission (Post method)
>
> Here are the header manager values of the post method:
>
> Content-Type application/x-www-form-urlencoded
> Accept-Language en-us,en;q=0.5
> Accept
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Keep-Alive 300
> User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
> rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729)
> Referer http://localhost:8080*********
> Accept-Encoding gzip,deflate
> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645078.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
Yes, our app uses liferay and it has csrf protection. Is this a problem from
jmeter?
regards
caloy
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2800789.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Sudip Kumar Bhattacharya <sk...@gmail.com>.
Also check if the site has csrf protection.
Sent on my BlackBerry® from Vodafone
-----Original Message-----
From: Deepak Shetty <sh...@gmail.com>
Date: Mon, 23 Aug 2010 10:35:10
To: JMeter Users List<jm...@jakarta.apache.org>
Reply-To: "JMeter Users List" <jm...@jakarta.apache.org>
Subject: Re: Jmeter gets response code 403 on post methods
This is asked and answered in various forms on these mail archives - But
basically you need to compare what is being sent by your browser (fiddler -
live http headers etc) to what your test script sends . This usually needs
you to
a. Ensure that Follow redirects are sent on all samplers (instead of
redirect automatically)
b. Figure out how your application manages session ids (if by cookie , you
should be ok , if by parameter in URL then your script wont work)
c. Figure out which parameters are dynamic and use extractors to extract
them into variables and send them as part of the next request.
Take a look at what your browser does for the 3 steps you mention and
compare with Jmeter. Use the View Results Tree Listener in Jmeter
regards
deepak
On Mon, Aug 23, 2010 at 10:26 AM, cal0y
<ca...@orangeandbronze.com>wrote:
>
> Hi,
>
> I am not a developer and i am new to Jmeter. I have recorded a simpe
> testplan through jmeter proxy server and i think the steps were recorded
> fine. When i run the test plan the post method returns a Response code
> 403(Forbidden) every time. This post method is simply a submit form that
> requires values from the user and save them in the database. At first i
> thought i just missed a cookie manager but it still returned a Response
> Code
> 403 after i added one. Am i missing something else? Any help would
> appreciated.
>
> My test plan looks like this:
>
> Test Plan
> Thread Group
> Http Request Defaults
> Http Cookie Manager
> Http Request for main page load
> Http Request for Submit page load
> Http Request for Submit page submission (Post method)
>
> Here are the header manager values of the post method:
>
> Content-Type application/x-www-form-urlencoded
> Accept-Language en-us,en;q=0.5
> Accept
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Keep-Alive 300
> User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
> rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729)
> Referer http://localhost:8080*********
> Accept-Encoding gzip,deflate
> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645078.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
The other thing you can do is use LiveHttpHeaders in FF (clean browser , no
cache no cookies) and record these requests and send us a link to the file.
Then compare with View Results Tree. it might be that your application is
checking the referrer header or something and you are not passing this in
Jmeter.
regards
deepak
On Mon, Aug 23, 2010 at 11:53 AM, Deepak Shetty <sh...@gmail.com> wrote:
> Hi
> No you will get different session ids (the value in the ession id isnt
> important)- each session gets it s own. What you need to check is that
> Jmeter and Browser pass session ids correctly on each request (e.g. if the
> browser passes JSESSION=value1 for all three requests i.e. the value doesnt
> change between requests
> then JMeter should also pass the same value for all 3 requests (a
> different value but the value shouldnt change between requests). If the
> browser only got a single Set-Cookie then JMeter also should have got a
> single set-cookie.
>
> regards
> deepak
>
>
>
> On Mon, Aug 23, 2010 at 11:48 AM, cal0y <carlo.meneses@orangeandbronze.com
> > wrote:
>
>>
>> Follow redirects is selected in all requests and Our application uses
>> cookies
>> to manage session id's. I used firebug to monitor the cookies while
>> recording the post method and i compared the JSESSIONID's with the one in
>> the result tree after i ran the script, and they are not the same. Is this
>> a
>> problem?
>>
>> Thanks.
>> -cal0y
>>
>> --
>> View this message in context:
>> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645168.html
>> Sent from the JMeter - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
Ok ill post the contents of the http headers from the browser and the
response/request from the view results tree. Unfortunately i am only testing
it on my localhost.
regards
caloy
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2800785.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
hi
It would be useful to see your browser trace (using HTTP Headers ) for the 3
requests and the corresponding JMeter request/response from View Results
Tree. Alternately is your application accessible via the internet ?
regards
deepak
On Tue, Aug 24, 2010 at 7:54 PM, cal0y <ca...@orangeandbronze.com>wrote:
>
> We checked the server log and liferay returns "invalid authentication
> token".
> Do you need to see the server and jmeter log? Ill see if i can upload the
> files later.
>
> regards
> -cal0y
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2652129.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
We checked the server log and liferay returns "invalid authentication token".
Do you need to see the server and jmeter log? Ill see if i can upload the
files later.
regards
-cal0y
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2652129.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
hi
ok , if you have access to a developer then you can probably ask him whats
causing the 403 since he can see the logs and can see whats failing.
The browser doesnt generate any cookies by itself so any cookies have to
come from the app. You can have two cookies with the same name so long as
they are scoped to different paths or domains (you should see this in
set-cookie) - otherwise last one wins. Portals generally use a lot of
dynamic URLs and dynamic data so you should check that as well too. Beyond
this unless you send a trace from browser v/s a trace from Jmeter theres not
much more we can help you with.
regards
deepak
On Mon, Aug 23, 2010 at 8:54 PM, cal0y <ca...@orangeandbronze.com>wrote:
>
> I started with a clean browser and I'm still getting the 403, and the
> initial
> loading of the homepage does have a jsessionid. Not sure if the app sends
> it
> to the browser though. I have also checked the http headers and there are
> no
> authorization headers. Our application use portlets by the way.I have
> noticed in the cookie manager of firebug that the page has 2 jsessionid's.
> I
> asked one our developers about it and he said that the theme runs as a
> separate application and that probably causes the other jsessionid. Is this
> a problem?regards-cal0y
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2650714.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
I started with a clean browser and I'm still getting the 403, and the initial
loading of the homepage does have a jsessionid. Not sure if the app sends it
to the browser though. I have also checked the http headers and there are no
authorization headers. Our application use portlets by the way.I have
noticed in the cookie manager of firebug that the page has 2 jsessionid's. I
asked one our developers about it and he said that the theme runs as a
separate application and that probably causes the other jsessionid. Is this
a problem?regards-cal0y
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2650714.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
hi
Make sure you always start with a clean browser , clear cache , clear
cookies before you start.
>the loading of the homepage(http request 1) does not have any cookies but
it has some in the browser.
Not sure what this means . Are these cookies the browser is sending in the
Cookie Header in request (in which case you didnt clean the browser) or is
the application returning Cookies (in Set-Cookie in response) for browser
but not for Jmeter?
The other thing is check what other headers the browser passes (is there for
e.g. an Authorization Header?) in the request
regards
deepak
On Mon, Aug 23, 2010 at 12:25 PM, cal0y
<ca...@orangeandbronze.com>wrote:
>
> I've checked the behavior of the browser and jmeter, and they both use the
> same jsessionid accross the three requests. However in the view results
> tree
> in jmeter, the loading of the homepage(http request 1) does not have any
> cookies but it has some in the browser. Is this ok?
>
> regards
> -cal0y
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645220.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
I've checked the behavior of the browser and jmeter, and they both use the
same jsessionid accross the three requests. However in the view results tree
in jmeter, the loading of the homepage(http request 1) does not have any
cookies but it has some in the browser. Is this ok?
regards
-cal0y
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645220.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
Hi
No you will get different session ids (the value in the ession id isnt
important)- each session gets it s own. What you need to check is that
Jmeter and Browser pass session ids correctly on each request (e.g. if the
browser passes JSESSION=value1 for all three requests i.e. the value doesnt
change between requests
then JMeter should also pass the same value for all 3 requests (a different
value but the value shouldnt change between requests). If the browser only
got a single Set-Cookie then JMeter also should have got a single
set-cookie.
regards
deepak
On Mon, Aug 23, 2010 at 11:48 AM, cal0y
<ca...@orangeandbronze.com>wrote:
>
> Follow redirects is selected in all requests and Our application uses
> cookies
> to manage session id's. I used firebug to monitor the cookies while
> recording the post method and i compared the JSESSIONID's with the one in
> the result tree after i ran the script, and they are not the same. Is this
> a
> problem?
>
> Thanks.
> -cal0y
>
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645168.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: Jmeter gets response code 403 on post methods
Posted by cal0y <ca...@orangeandbronze.com>.
Follow redirects is selected in all requests and Our application uses cookies
to manage session id's. I used firebug to monitor the cookies while
recording the post method and i compared the JSESSIONID's with the one in
the result tree after i ran the script, and they are not the same. Is this a
problem?
Thanks.
-cal0y
--
View this message in context: http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645168.html
Sent from the JMeter - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: Jmeter gets response code 403 on post methods
Posted by Deepak Shetty <sh...@gmail.com>.
This is asked and answered in various forms on these mail archives - But
basically you need to compare what is being sent by your browser (fiddler -
live http headers etc) to what your test script sends . This usually needs
you to
a. Ensure that Follow redirects are sent on all samplers (instead of
redirect automatically)
b. Figure out how your application manages session ids (if by cookie , you
should be ok , if by parameter in URL then your script wont work)
c. Figure out which parameters are dynamic and use extractors to extract
them into variables and send them as part of the next request.
Take a look at what your browser does for the 3 steps you mention and
compare with Jmeter. Use the View Results Tree Listener in Jmeter
regards
deepak
On Mon, Aug 23, 2010 at 10:26 AM, cal0y
<ca...@orangeandbronze.com>wrote:
>
> Hi,
>
> I am not a developer and i am new to Jmeter. I have recorded a simpe
> testplan through jmeter proxy server and i think the steps were recorded
> fine. When i run the test plan the post method returns a Response code
> 403(Forbidden) every time. This post method is simply a submit form that
> requires values from the user and save them in the database. At first i
> thought i just missed a cookie manager but it still returned a Response
> Code
> 403 after i added one. Am i missing something else? Any help would
> appreciated.
>
> My test plan looks like this:
>
> Test Plan
> Thread Group
> Http Request Defaults
> Http Cookie Manager
> Http Request for main page load
> Http Request for Submit page load
> Http Request for Submit page submission (Post method)
>
> Here are the header manager values of the post method:
>
> Content-Type application/x-www-form-urlencoded
> Accept-Language en-us,en;q=0.5
> Accept
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Keep-Alive 300
> User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
> rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 (.NET CLR 3.5.30729)
> Referer http://localhost:8080*********
> Accept-Encoding gzip,deflate
> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
> --
> View this message in context:
> http://jmeter.512774.n5.nabble.com/Jmeter-gets-response-code-403-on-post-methods-tp2645078p2645078.html
> Sent from the JMeter - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>