----- Original Message -----
> On 5 March 2014 10:04, Igor Galić <[email protected]> wrote:
> >
> > Hi folks,
> >
> > yesterday I tried putting together a load test against Alfresco
> > by simply recording a session.
> >
> > Alfresco uses a special Header for CSRF protection. Its value
> > by comes from a Cookie of the same name. We tried inserting that
> > value into the header, first by simply using
> >
> > <Header.value>${CSRFToken}</..>
>
> The variable reference won't work unless you use a Regex PostProcessor
> to extract the cookie yourself.
>
> I've no idea what you mean by <Header.value>.
Header.value This was mostly pseudo-code to simplify what it would be
in the resulting XML to configure it. (Mostly because I didn't have the actual
code in front of me while writing this)
> > Then via ${COOKIE_Alfresco-CSRFToken}, and finally via
>
> That won't work unless you define the JMeter property
>
> CookieManager.save.cookies=true
>
> Please see:
>
> http://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager
>
> > ${__urldecode(${COOKIE_Alfresco-CSRFToken})}
> >
> > neither of those gave us the desired result. If we used a Variable
> > the value would always be URL-encoded. If we didn't use a variable
> > then alfresco would complain that we're trying to forge a request,
> > because the token was already used.
> >
> > Any advise and how to solve this problem would be greatly appreciated.
>
> It's not clear to me what you are expecting and what you are actually
> getting.
expected result:
A Header that contains:
Alfresco-CSRFToken:
OGMxNTBkM2NjNjVmMmU0YzgyYzd/kOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo=
Actual result:
A Header that contains the URL encoded value from above:
Alfresco-CSRFToken:
OGMxNTBkM2NjNjVmMmU0YzgyYzd%2fkOTIwNWQ1MDQzYmY0MTk0ZDE4YiAgLQo%3d
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: [email protected]
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
