Hi Tom, I was trying to solve this same problem today and is frustrating. I got form-based auth working by adding a "HTTP Cookie Manager" and adding a request that passes j_username and j_password to /mywebappname/j_security_check. I have included the jmx below.
I included the request to j_security_check in a "Once only manager" so it doesn't do it N-times. Rgds, James <?xml version="1.0"?> <HttpTestSample type="org.apache.jmeter.protocol.http.control.HttpTestSample" name="security check" getImages="false"> <defaultUrl> <ConfigElement type="org.apache.jmeter.protocol.http.config.MultipartUrlConfig"> <property name="PROTOCOL">http</property> <property name="arguments"><Arguments> <argument name="j_username"> demo</argument> <argument name="j_password"> password</argument> </Arguments> </property> <property name="path">/testapp/j_security_check</property> <property name="method">POST</property> </ConfigElement></defaultUrl> <configElements> </configElements> <controllers> </controllers> </HttpTestSample> > List: jmeter-user > Subject: RE: Specifying login form input values in JMeter > From: "Stover, Michael" <[EMAIL PROTECTED]> > Date: 2002-02-27 13:56:25 > [Download message RAW] > > You might try running JMeter for a little while, and make sure all attempts > fail. As you said, you're having intermittent problems anyway. Also, which > jdk are you using? Some folks have found problems with jdk1.3 and above > with HTTP v1.1 (as opposed to 1.0). You might try jdk1.2. > > Make sure your login request is using the POST method. > > Add a Cookie Manager to your thread group. Otherwise, your not simulating > cookies. > > Also, try setting up a simple jsp page to test against. The static html > works, try a simple JSP page and get that working too. > > I'm trying to think of everything I can here. Otherwise, I can't see why > it's getting file not found. > > -Mike > >> -----Original Message----- >> From: Tom Lasseter [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, February 26, 2002 5:15 PM >> To: JMeter Users List >> Subject: RE: Specifying login form input values in JMeter >> > > Hi Mike! >> > Thanks for the help. I'm not able to test logging in at all, >> so the problem >> I encountered which I failed to specify is I didn't get >> JMeter running in >> that case. Below are some details based on your kind feedback and >> suggestions. >> > 1. j_security_check is a Realm feature of Tomcat4. The >> servlet mapping is >> specified by Tomcat somehow. I tried specifying the >> name-value pairs as you >> suggest: j_username:user, j_password:user, but that didn't >> work. I was >> presuming/guessing that these are associated with the FORM >> login, so should >> be prefixed by "login.". Perhaps they should be prefixed instead by >> "j_security_check.". >> > 2. When I request a protected page, I make only that request. >> I could fake >> it as you suggest by requesting login.html followed by >> protectedPage.html >> which should be successful if the login is successful. >> > 3. I setup the proxyServer as you suggested. It will be a >> big help when I >> get it all figured out. When I ran it, the requests generated are: >> > www.mysite.com/homePage.html >> www.mysite.com/protected/protected.jsp >> www.mysite.com/protected/j_security_check (post) >> > On the security_check, the name:value pairs are: j_username:user, >> j_password:user, submit:Submit. >> > so I set up: >> > TestPlan >> ThreadGroup >> HTTP Request Defaults (www.mysite.com) >> Home page ( /) >> Login (/protected/j_security_check with above name:value pairs) >> Protected (protected/protected.jsp) >> > Other than the home page request which connects ok, I get >> java.io.FileNotFoundExceptions for: >> > http://www.mysite.com/protected/j_security_check and >> http://www.nysite.com/protected/protected.jsp >> > As I mentioned at the top, I don't have a servlet mapping for >> j_security_check. Tomcat4 does somehow, but grepping the >> entire Tomcat >> directory doesn't reveal how/where this is done. >> > I'm currently having intermittent login failures which is why >> I'm interested >> in stress testing my configuration (I think it is >> mm.mysql-2.0.8 driver >> timing out. But perhaps the nice Realm features provided by >> Tomcat4 make >> the JMeter testing thereof too difficult. >> > Still hoping for a simple solution! Help is greatly appreciated!! >> > Tom >> > > -----Original Message----- >> From: Stover, Michael [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, February 26, 2002 11:55 AM >> To: 'JMeter Users List' >> Subject: RE: Specifying login form input values in JMeter >> > > One thing you can try is using JMeter's proxy server to >> record the steps you >> take in the browser. By doing this, you can then examine the >> HTTP Request >> sample that JMeter automatically creates for you. Doing so >> should help you >> understand how JMeter works. >> > For what you describe below, I'm confused about 2 things. >> > 1. Your form's action is "j_security_check", yet you don't >> say what you set >> the PATH to in the HTTP Request UI. These should match. >> 2. The paramters you enter should be "j_username", with a value of the >> username, and "j_password", with a value of the password. I >> don't know why >> you would append "login." to the beginning of these paramter names? >> > Also, you don't say what went wrong, which makes debugging from here >> difficult. I'm not sure what the problem is for your last >> question - why >> not just do it? You just need two requests, one to request >> the illegal >> page, the next one to login. >> > -Mike >> > > -----Original Message----- >> > From: Tom Lasseter [mailto:[EMAIL PROTECTED]] >> > Sent: Tuesday, February 26, 2002 2:55 PM >> > To: [EMAIL PROTECTED] >> > Subject: Specifying login form input values in JMeter >> > >> > >> > I have looked at the archives for info on how to handle a >> > FORM login. I'm >> > using Tomcat4.0 with JDBCRealm handling the authentication >> > process. I would >> > like to test performance with JMeter. >> > >> > The easiest test is to hit the login page with user/password. The >> > login.html is not protected by the realm, so it's only a >> > matter of posting >> > the user/password. The form looks like this: >> > >> > <form name="logIn" method="post" >> > action="j_security_check"> >> > <table cellpadding="10" height="20" width="300" >> > name="formLogin"> >> > <tr> >> > <td> >> > <div align="right"><font color="#000000">User >> > ID:</font></div> >> > </td> >> > <td> >> > <input type="text" name="j_username"> >> > </td> >> > </tr> >> > <tr> >> > <td> >> > <div align="right"><font >> > color="#000000">Password:</font></div> >> > </td> >> > <td> >> > <input type="password" name="j_password"> >> > </td> >> > </tr> >> > <tr> >> > <td colspan="2"> >> > <div align="center"> >> > <input type="submit" name="submit" >> > value="Submit"> >> > </div> >> > </td> >> > </tr> >> > </table> >> > </form> >> > >> > So how to I specify user/password in the JMeter HTTP request? >> > >> > on the HTTP Request UI, I have set the WebServerServerName >> (www.mysite.com), >> the HTTP request protocol (HTTP), the Method (POST), and the >> parameters: >> login.j_username (user) and login.j_password (user). I've tried it >> with/without "login.". >> > The second test I would like to perform is specify a >> protected page which >> would require a redirect to the login page (again >> Tomcat4/Realm are handling >> the details. so I would specify /protected/protected.html, >> but then knowing >> that I would be redirected, I need to supply the >> user/password for the new >> page (login.html). >> > Any suggestions on this would be greatly appreciated! >> > Tom >> > > Thomas J. Lasseter >> > [EMAIL PROTECTED] >> phone: 425-861-0446 >> mobile: 425-761-8948 >> FAX: 425-558-4181 >> > 4D Systems LLC >> 15325 189th Ave NE >> Woodinville, WA. 98072 >> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
