I have a Http request to get a user level token and I got it to work in Jmeter using Script recorder then , I just copied all values headers and parameters as in Jmeter to SoapUi and created the variables for sessionDataKey to get the same token in SoapUi and it actually don't retrieve the same results on the Soapui Response headers.
I see two differences between the responses in Soap and Jmeter.
For Authorize test step:
In jmeter I can see a Response header " Location " in Soap not (notice this one has the value I need)
example:
Location: https://The Url of the customer/path/path1/#access_token=fdcfb626b142cc1c3575f4eae154f38a&token_type=Bearer&expires_in=70871
For get SessionDataKey test step:
In jmeter I can see a Response header
Set-Cookie: dtCookie=3$C726269DFD45081379EC3D044AEDE19C
meanwhile I cant seem to get those two response headers in Soapui
I dont mind if I dont get the dtCookie value what I really need its the token , but I suspect I need to get the dtCookie value to the Authpart as In jmeter dynamically takes it its not a problem but SoapUi does not make this job
I believe its about some setting in SoapUi preferences
Any Ideas guys ?
Resolved by using another method for token
Yes, you can disable de custom property Follow Redirects:
enter image description here
Related
I'm currently trying to replicate a https request with the following headers.
The authentication is based on a Session Cookie.
However, there is also a header field called :authority,
which I'm not able to replicate in Postman.
Also, couldn't I find any solution for that problem
or what exactly the :authority header means on the Internet.
This header seems to be required, as I'm getting a 400 error code back
as soon as I send my replicated request.
I've proxied the request sent from Postman and can confirm that the only difference at the first glance is the missing :authority header.
Thanks ^^
Alright, taking a closer look at the Raw Request, I noticed that the actual header is called Host and is mapped in the UI to :autority. Now its working. cheers
i have a fairly simple testplan with following steps recorded
Thread Group
Recording Controller
HTTP Authorization manager
GET https://xxxx/user/login
GET https://xxxx/accounts/list
GET https://xxxx/user/settings
GET https://xxxx/partners/list
GET https://xxxx/user/logout
When i run this, i see jmeter adding the authorization header in the first user/login request and server responds with 200 OK. This is OK
i extract the session token from the login response and put it as a variable into the subsequent http requests.
jmeter is not adding the authorization header in the subsequent accounts/list request - this is OK
but then jmeter is adding the authorization header into the subsequent user/settings request - this is not needed as it defeats the purpose of sending the session token.
Again jmeter is not sending the auth token in partners/list but is sending it again in user/logout request.
So question is how jmeter determines when to add the auth header and when not?
The desired behaviour i want is for jmeter to send the auth header in the first user/login request but not in any of the subsequent http requests.
Any pointers appreciated.
thanks
HTTP Authorization Manager will add Authorization header to all the HTTP Request samplers it its scope, if you place it at the same level with the HTTP Request samplers - it will add the header to all of them.
If you need to apply the HTTP Authorization Manager to 1st sampler only - move it to be the child of the first sampler.
More information: JMeter Scoping Rules - The Ultimate Guide
Recording any scenario adds up the Header Manager in all the Http requests.
You are doing it in correct way, however still you have to make few changes in your scripts to run seamlessly.
Delete all the subsequent Header Manager under the accounts/list,user/settings,partners/list & logout.
Post the Login Request > extract the session > Add a Header Manager after Login request and pass the session there.
All the further request should be in the same thread so that the session get passed to each request.
Also while recording there are multiple requests that gets captured and for each scenario Jmeter maintains the session under Header Manager, hence this should never be the case that one request is getting the session while others not.
Thanks for the answer that helps.
What i did and worked well in the mean time is add an explicit authorization header to the user/login request with a beanshell preprocessor to base64 encode the username / password.
thanks anyways
I have a problem with the x-csrf-token validation with regard to a HTTPS-Post-Request. The request comes from a Lambda function triggered by an Amazon Alexa skill and is sent to a XSO Data file running on the SAP Cloud Platform in an SAP HANA Database. I use Javascript/Node.js.
A valid token is set in the request header (see code in the first picture below) but the response header shows for the x-csrf-token "required" (see code in the second picture below). So there is an error with the validation. The same post request with POSTMAN works correctly, but when I try it via a JS File as a Lambda function (in the first picture) there it comes this error with HTTP status code 403 (see code in the second picture below). The POST request itself does work, but the token validation not. GET requests work fine.
Does anybody know a possible solution?
Thank you very much!
1.picture: request
2.picture: response
Please try to get the csrf token first before setting it to the request body. CSRF token changes from device to device as well as the timeframe. I also had a similar issue, and upon implementing the above solution, it started working perfectly.
I am writing this as a separate answer as I had an issue in Spring Boot RestTemplate call. I could arrive at a solution after going through this article.
SAP CSRF Issue
Basically the "set-cookie" header is instructing the browser to set the "Cookie" header. All one has to do (apart from x-csrf-token) is to replace the comma in the string of the cookie with a semicolon. Then set the header "Cookie" to this replaced value;
I have proprietary http based API to test from JMeter. Unfortunately some of the endpoints of the API are expecting http DELETE method with a request body (I know its questionable API design to use DELETE with request body, but I have no ability to change that API and need to test it).
How can I test it from JMeter? It seems that standard HttpRequest sampler silently ignores my body payload without any warnings. (When I try it in POSTMAN its sending a request body for DELETE method)
I did find an old JMeter plugin called HTTP Raw Request that somewhat helps but still doesn't auto-calculate "Content-Length:" http header for my body payload...so I have to do it manually for every test case - which is a pain for dynamically generated data payloads.
So my question still remains: How can I test HTTP DELETE with request body from JMeter?
Here is the screenshot:
NOTE1: Starting from jMeter ver. 3.1 (see bugzilla #60358) it was fixed for Http GET request to be able to send body in the request...but DELETE was not added.
NOTE2: See bugzilla #61443 for the DELETE request with body.
NOTE3: I'm using client implementation called "Java".
As per reference docs:
http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Request
There are 2 implementations for http request sampler. The non default one called "Java" has this issue with not passing DELETE request body.
Luckily the default implementation called "HttpClient4" that correctly passes request payload for DELETE operation as per JMeter data entry screen.
To change implementations for http request sampler you have to go to "advanced" tab of the HTTP Request Sampler and select client implementation "HttpClient4" instead of "Java". Here is the screenshot:
After that when executed it correctly sends request payload for DELETE operation. Here is the screenshot:
I don't understand how to create a custom report based on a StatisticsCollector Policy.
I want to retrieve statistic about my API being called from different clients by checking the content of the request header called "referer".
As from the doc, I created a Statistic Collector Policy, adding it to my pre-flow.
Trying to create a variable named "referer" looking at the request header "referer", I added
<Statistic name="referer" ref="request.header.referer" type="STRING">undefined</Statistic>
to the policy.
Now, as I can understand from the doc, I should found, while creating a "Custom Report", a not-better-specified "Dimension" called "referer":
"You will find that a new dimension called location is available in the UI for you to use in generating reports."
I can't find such dimension while creating a Custom Report.
I find a Custom Dimension called "name", and I have no idea where does it come from.
How am I supposed to do it? Should I try to do it by calling Apigee API?
EDIT: Apparently, the Statistic Collector does not work for free organizations on Apigee because of a "tech glitch". Srikanth from Apigee intends to open a ticket for solving this. If this is not the case, another request to update the documentation on Apigee, stating that the Collector does not work for free org, will be raised by Archendra Yadav.
Here the few things to note.
Browsers are very careful about Referer headers. They do not send it even if you set them. Even Postman client on chrome does not send the Referer header when specified. This is a valid security gate - HTTP 1.1 RFC talks about it. You can read about the same behaviour in other places on web.
So as Divya mentioned use curl request. Use the trace session to figure out what was the original request received by Edge from client. This way you figure out the existence of the referer header. You will see that its missing when sent from browser manually. Curl works fine.
Are you using a free org or paid org on Apigee. The statistic collector fails to work on the free org at times. I had a chat with an internal expert who gave me this insight.
Emas -- Thanks for the suggestion. I'll raise a request with documentation team to update the documentation accordingly.
The field referer will be added under Drilldown --> Custom Dimensions after you send some requests to the API where yyou have added the below statics collector policy.This policy needs to be executed once to add the new field to the Custom dimension
You say that you are using the following:
<Statistic name="referer" ref="request.header.referer" type="STRING">undefined</Statistic>
I believe the type is case sensitive. Try type="string" and see if that works.
The request header name is 'Referer' and not 'referer'.
So, your StatisticsCollector policy should look something like this :
StatisticsCollector-1
request.header.Referer
Try some calls and make sure the request has a header named Referer. Then it would come up as a Custom Dimension in your custom report.
For me I had to explicitly mention the Referer header in my request like this :
curl -v "https://product-support-test.apigee.net/" -H "Referer: foo"
Please send me your bundle if you still face issues(divya#apigee.com).