Handling bearer token for web application in Jmeter.

Purpose:

This article will help you to understand basic of Jmeter,Co-relation in jmeter,bearer token ( Used for security purpose) and how to deal with such token in jmeter.

Jmeter:

JMeter is an Open Source testing software. It is Java based application for load testing. jMeter covers categories of tests like load, functional, performance, regression, etc for the web application developed under various technologies.

Correlation:

Correlation is the most important aspect of scripting. It generally covers fetching dynamic data from preceding requests and posting it back to the subsequent requests for further operations.
Let’s take an example to find out why exactly we need correlation. Suppose we have recorded a scenario in which –
->User inputs login information and click OK button
->Dashboard/main page displays and user take further actions.

Now, if you just play such script, the test case will fail even for a single Thread. This is because of the authentication methods used here (Bearer token in this case).

For More Information visit: http://artoftesting.com/performanceTesting/correlation.html

What is Bearer token:

Bearer token.: A particular type of security token,with the property that anyone can use this token. In other words, a client doesn’t need a cryptographic key or other secret to use a bearer token. For that reason, bearer tokens should only to be used over a HTTPS, and should have relatively short expiration times too for security reason.

When valid user Log in successfully server generate on Unique token key (Bearer token) and send it as successful log in response (in JSON format)

So if we want to perform load testing for such angular based application for multiple users we have to extract this token from its creator request response (here log in request with valid credentials)

How token actually works in client server communication?

  • The user enters a name and password into the client.
  • The client sends user’s credentials to the respective authorization server.
  • The authorization server validate the credentials and returns back an secure token.
  • To access a protected resource, the client includes the access token in the Authorization header of the HTTP request.

abs

 

Problem:

In Our case We had to extract barer token from successful login request’s response message. Then it was requirement to append some fixed string prefix at starting for each bearer token value then it has to be passed in each request’s header.

Solution:

After lots of brain storm and lots of experiment We have successfully handled this situation. I explained those steps below.

1) If Jmeter was trying to access invalid or with out bearer token server responds with below message

a1

2) Example of bearer token:

a1

3) Where to extract token in jmeter( In this case token was available as part of response message of login sample in Jmeter.)

a1

4) How to extract token from Json response using regular expression extractor (post processor element)

av31

5) Passing extracted appending fixed string before passing bearer token to further request’s headers.

a1

6) Append prefix string and actual bearer token and add it to all required request.

a

b

Conclusion:

When we login to a web application (Mainly developed in .NET), session variables are dynamically generated. These session variables are passed to the subsequent requests and help validation and authentication of the further actions performed. So, one cannot just record and playback the requests having these variables. Here, we need to correlate the web requests with the dynamic variables. To deal with correlation, we need to use the “Regular Expression Extractor” component of the jmeter. which makes use of various regular expressions. That’s it how you can execute any request with above header manager parameter with any number of users.I hope this will help you to solve any co-relation related problem.

Author Bio

Raj Patel is Sr. QA Engineer at Ecosmob. He is an ISTQB certified QA Engineer with expertise in different areas of QA and testing.
Likes : Traveling, To Spend time with family, In-door games.
Connect with the author via: LinkedIn

Advertisements

Get Message on Receiving A New Email in Gmail Inbox

This Blog will showcase a small code snippet in a stepwise manner which will guide you to get a message in mobile from Google when you receive any new email in your Inbox.

Follow below mentioned steps :

1) Go to http://www.google.com/script/start/

2) Click on Start Script (You will be redirected to login page if you are not already logged in)

3) Create a Blank Project

blank-project

4) Replace the below mentioned code with the given replacement code below :

Code:

function myFunction() {

}

Replace above code with :

Replacement Code :

function Rcv_msg_Inbox(){
   var label = GmailApp.getUserLabelByName("Unread Inbox");  
   if(label == null){
     GmailApp.createLabel('Unread Inbox');
  }
  else{
   var message = GmailApp.getInboxThreads(0,1)[0];
   var now = new Date().getTime();
    if(message.isUnread()){
    // var message = threads[i].getMessages()[0];
      //var from = message.getFrom();
     var from = "From Inbox";
     var subject = "You have new mail in inbox";
      //var subject = message.getSubject();
      CalendarApp.createEvent(subject, new Date(now+60000), new Date(now+60000), {location: from}).addSmsReminder(0);
      message.markRead();
      label.addToThread(message);
   }
  }
}
Rcv_msg_Inbox();

replacement-code

5) Click on Run button, it will ask you to save.

runscript

6) Now, rename your project.

Rename Project

7) You will get notifications like ‘Saving Project’.

Saving Project
8) Again press on run button, it will ask for Authorisation required.

9) Authorised given app, It will access your calendar and mails.
Auth Required

10) Now, go to Resources -> Current project’s triggers

Proj Tri

11) Set your script triggers that when you want to run script in every minute or hour or daily.

12) Save triggers.

Now, whenever you will receive new mail in Inbox, you will get message in your mobile. After that you can see your mails under ‘Unread Inbox‘ label. (For every mail you get message will be moved to Unread Inbox label.)

Author Bio

Ghanshyam, Jr. Developer,Ecosmob

Ghanshyam, Jr. Software Developer, Ecosmob

Ghanshyam Katriya, is working as Jr. Software Developer in Ecosmob Technologies. He is a Blogger and avid learner of web development industry.

Likes : Reading, Back Campaigning, Day Dreaming, High Speed Driving
Connect with the author via:
Twitter | Google+ | LinkedIn

 

%d bloggers like this: