Announcement Announcement Module
Collapse
No announcement yet.
Load testing problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Load testing problem

    Hi all,

    I'm trying to load test my app with JMeter - a tool I know somewhat and is part of our requirements. The app has acegi 1.0.3 and running from the browser does the following:

    1) Splash page, gets cookie.
    2) Does login via acegi, passes cookie from splash.
    3) Does further requests and passes same cookie, as acegi has now authenticated the user.

    Here's the problem: JMeter does pass the same cookie from the splash page to the login at j_acegi_security check. However, the request returns a different cookie - that is different than what the browser does. So while acegi does the login, on subsequent requests I get AuthenticationCredentialsNotFoundException . NOTE: I posted this question to the JMeter list and a fine fellow there helped me confirm JMeter is working as expected.

    So I'm trying to solve this via Firefox's Live HTTP Header when the app runs from the browser, and running wireshark on the server when testing via JMeter.

    From JMeter running the splash page I get from wireshark on the server:

    Code:
    HTTP/1.1 200 OK\r\n
           Request Version: HTTP/1.1
           Response Code: 200
       Server: Apache-Coyote/1.1\r\n
       X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build:
    CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5\r\n
       Set-Cookie: JSESSIONID=53D5A82C4A04FBD90031EB0B9F059664; Path=/\r\n
       Content-Type: text/html;charset=ISO-8859-1\r\n
       Content-Length: 5929
       Date: Wed, 14 Mar 2007 16:47:37 GMT\r\n
    From JMeter running the Login page I get from wireshark on the server:

    Code:
    POST /at/j_acegi_security_check HTTP/1.1\r\n
           Request Method: POST
           Request URI: /at/j_acegi_security_check
           Request Version: HTTP/1.1
       Connection: keep-alive\r\n
       Cookie: JSESSIONID=53D5A82C4A04FBD90031EB0B9F059664\r\n
       Content-Length: 93
       Content-Type: application/x-www-form-urlencoded\r\n
       User-Agent: Java/1.5.0_08\r\n
       Host: penguin.myserver.net:8080\r\n
       Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n
       \r\n
    Line-based text data: application/x-www-form-urlencoded
       j_username=xxx%40yahoo.com+&j_password=yyy1&submit.x=18&submit.y=5&submit=Login
    So as expected JMeter sends the cookie to j_acegi_security_check. However, the result from the the login returns a different cookie!!! While that is permitted by the server, that is a difference from running in the browser. This is wireshark on the server showing the cookie reset after the login has been processed

    Code:
    HTTP/1.1 200 OK\r\n
           Request Version: HTTP/1.1
           Response Code: 200
       Server: Apache-Coyote/1.1\r\n
       X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build:
    CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5\r\n
       Set-Cookie: JSESSIONID=4A2565D99C4B5F82A8B1056FC938D326; Path=/\r\n
       Content-Type: text/html;charset=ISO-8859-1\r\n
       Content-Length: 5929
       Date: Wed, 14 Mar 2007 16:47:42 GMT\r\n
    Here's the firefox live headers results comming from the login via the browser which works fine:

    Code:
    http://penguin.myserver.net:8080/at/j_acegi_security_check?section=
    
    POST /at/j_acegi_security_check?section= HTTP/1.1
    Host: penguin.myserver.net:8080
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1)
    Gecko/20061023 SUSE/2.0-30 Firefox/2.0
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,pt-br;q=0.8,en;q=0.5,pt;q=0.3
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://penguin.myserver.net:8080/at/public/index.jsp
    Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 92
    j_username=xxx%40yahoo.com&j_password=yyy1&submit.x=22&submit.y=9&submit=Login
    HTTP/1.x 302 Moved Temporarily
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
    date=200610162339)/Tomcat-5.5
    Location: http://penguin.myserver.net:8080/at/
    Content-Length: 0
    Date: Wed, 14 Mar 2007 17:13:58 GMT
    ----------------------------------------------------------
    http://penguin.myserver.net:8080/at/
    
    GET /at/ HTTP/1.1
    Host: penguin.myserver.net:8080
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1)
    Gecko/20061023 SUSE/2.0-30 Firefox/2.0
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,pt-br;q=0.8,en;q=0.5,pt;q=0.3
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://penguin.myserver.net:8080/at/public/index.jsp
    Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C
    
    HTTP/1.x 200 OK
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
    date=200610162339)/Tomcat-5.5
    I tried setting the 'Referer' header, with no luck. Any ideas?
    Robert

  • #2
    Let me try and rephrase my question: After acegi authenticates, what information is needed to be passed by the next http request to get acegi to associate the request with credentials already authenticated ? It seems to be more than just the cookie and the 'Referer' header. What am I missing, ie, what needs to be passed in after login to prevent AuthenticationCredentialsNotFoundException ? Something subtle seems to be happening and staring at wireshark results for 2 days haven't found it yet. Any clues?

    Thanks,
    Robert

    Comment


    • #3
      Solved the problem! For whatever reason, the app on tomcat when run via JMeter was returning a different cookie than acegi authenticated against. So for example. acegi in debug will show:

      SessionId: 37906410A26808E32C1E758B44ABA91C

      Alternatively to passing cookies, the http spec supports the semicolon and in tomcats case you can pass ;jessionid=cookie . So writing the url this way works - in my case *smartclient* is caught by filterChainProxy:

      /at/smartclient.form;jsessionid=37906410A26808E32C1E75 8B44ABA91C?is_isc_rpc=true&isc_clientVersion=5.6b2 &iscTNum=0

      News to me. Maybe it'll help someone. Cheers,
      Robert

      Comment

      Working...
      X