Url Encoded Variables

[Igor Galić <i....@brainsware.org>]

Hi folks,

yesterday I tried putting together a load test against Alfresco
by simply recording a session.

Alfresco uses a special Header for CSRF protection. Its value
by comes from a Cookie of the same name. We tried inserting that
value into the header, first by simply using

<Header.value>${CSRFToken}</..>

Then via ${COOKIE_Alfresco-CSRFToken}, and finally via

 ${__urldecode(${COOKIE_Alfresco-CSRFToken})}

neither of those gave us the desired result. If we used a Variable
the value would always be URL-encoded. If we didn't use a variable
then alfresco would complain that we're trying to forge a request,
because the token was already used.

Any advise and how to solve this problem would be greatly appreciated.

Thank you in advance, 

-- i
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

Re: Url Encoded Variables

[sebb <se...@gmail.com>]

On 5 March 2014 15:58, Igor Galić <i....@brainsware.org> wrote:
>
>
> ----- Original Message -----
>> On 5 March 2014 10:04, Igor Galić <i....@brainsware.org> wrote:
>> >
>> > Hi folks,
>> >
>> > yesterday I tried putting together a load test against Alfresco
>> > by simply recording a session.
>> >
>> > Alfresco uses a special Header for CSRF protection. Its value
>> > by comes from a Cookie of the same name. We tried inserting that
>> > value into the header, first by simply using
>> >
>> > <Header.value>${CSRFToken}</..>
>>
>> The variable reference won't work unless you use a Regex PostProcessor
>> to extract the cookie yourself.
>>
>> I've no idea what you mean by <Header.value>.
>
> Header.value This was mostly pseudo-code to simplify what it would be
> in the resulting XML to configure it. (Mostly because I didn't have the actual
> code in front of me while writing this)

Why are you configuring the XML?

JMeter uses a GUI to create the test plans, and may need to set
several related items.

>> > Then via ${COOKIE_Alfresco-CSRFToken}, and finally via
>>
>> That won't work unless you define the JMeter property
>>
>> CookieManager.save.cookies=true
>>
>> Please see:
>>
>> http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager
>>
>> >  ${__urldecode(${COOKIE_Alfresco-CSRFToken})}
>> >
>> > neither of those gave us the desired result. If we used a Variable
>> > the value would always be URL-encoded. If we didn't use a variable
>> > then alfresco would complain that we're trying to forge a request,
>> > because the token was already used.
>> >
>> > Any advise and how to solve this problem would be greatly appreciated.
>>
>> It's not clear to me what you are expecting and what you are actually
>> getting.
>
> expected result:
>
> A Header that contains:
>
> Alfresco-CSRFToken: OGMxNTBkM2NjNjVmMmU0YzgyYzd/kOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo=
>
> Actual result:
>
> A Header that contains the URL encoded value from above:
>
> Alfresco-CSRFToken: OGMxNTBkM2NjNjVmMmU0YzgyYzd%2fkOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo%3d

What is the value of the variable?
Use the Debug Sampler.
Is the variable value encoded?
How are you deriving the variable?

> --
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.galic@brainsware.org
> URL: http://brainsware.org/
> GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

Re: Url Encoded Variables

[Igor Galić <i....@brainsware.org>]

----- Original Message -----
> On 5 March 2014 10:04, Igor Galić <i....@brainsware.org> wrote:
> >
> > Hi folks,
> >
> > yesterday I tried putting together a load test against Alfresco
> > by simply recording a session.
> >
> > Alfresco uses a special Header for CSRF protection. Its value
> > by comes from a Cookie of the same name. We tried inserting that
> > value into the header, first by simply using
> >
> > <Header.value>${CSRFToken}</..>
> 
> The variable reference won't work unless you use a Regex PostProcessor
> to extract the cookie yourself.
> 
> I've no idea what you mean by <Header.value>.

Header.value This was mostly pseudo-code to simplify what it would be
in the resulting XML to configure it. (Mostly because I didn't have the actual
code in front of me while writing this)
 
> > Then via ${COOKIE_Alfresco-CSRFToken}, and finally via
> 
> That won't work unless you define the JMeter property
> 
> CookieManager.save.cookies=true
> 
> Please see:
> 
> http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager
> 
> >  ${__urldecode(${COOKIE_Alfresco-CSRFToken})}
> >
> > neither of those gave us the desired result. If we used a Variable
> > the value would always be URL-encoded. If we didn't use a variable
> > then alfresco would complain that we're trying to forge a request,
> > because the token was already used.
> >
> > Any advise and how to solve this problem would be greatly appreciated.
> 
> It's not clear to me what you are expecting and what you are actually
> getting.

expected result:

A Header that contains:

Alfresco-CSRFToken: OGMxNTBkM2NjNjVmMmU0YzgyYzd/kOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo=

Actual result:

A Header that contains the URL encoded value from above:

Alfresco-CSRFToken: OGMxNTBkM2NjNjVmMmU0YzgyYzd%2fkOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo%3d

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org

Re: Url Encoded Variables

[sebb <se...@gmail.com>]

On 5 March 2014 10:04, Igor Galić <i....@brainsware.org> wrote:
>
> Hi folks,
>
> yesterday I tried putting together a load test against Alfresco
> by simply recording a session.
>
> Alfresco uses a special Header for CSRF protection. Its value
> by comes from a Cookie of the same name. We tried inserting that
> value into the header, first by simply using
>
> <Header.value>${CSRFToken}</..>

The variable reference won't work unless you use a Regex PostProcessor
to extract the cookie yourself.

I've no idea what you mean by <Header.value>.

> Then via ${COOKIE_Alfresco-CSRFToken}, and finally via

That won't work unless you define the JMeter property

CookieManager.save.cookies=true

Please see:

http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager

>  ${__urldecode(${COOKIE_Alfresco-CSRFToken})}
>
> neither of those gave us the desired result. If we used a Variable
> the value would always be URL-encoded. If we didn't use a variable
> then alfresco would complain that we're trying to forge a request,
> because the token was already used.
>
> Any advise and how to solve this problem would be greatly appreciated.

It's not clear to me what you are expecting and what you are actually getting.

> Thank you in advance,
>
> -- i
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.galic@brainsware.org
> URL: http://brainsware.org/
> GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org