Handling Access Token in JMeter

     Most of the people facing the problem of handling Access Toke in JMeter during the performance testing activities. First we will see how the Access Token works?

     When a secured site (HTTPS) is accessed by another site then it requires an Access Token for validation and subsequent communication purpose. The following chain of events occurs in order to Site 1 to access User X’s information on Site 2.

  1. Site 1 registers with Site 2 and obtains a Secret and an ID.
  2. When User X tells Site 1 to access Site 2, User X is sent to Site 2 where it tells Site 2 that the person would indeed like to give Site 1 permissions to specific information.
  3. Site 2 redirects User X back to Site 1, along with an Access Code or Token.
  4. Then Site 1 passes that Access Token along with it’s Secret back to Site 2 in return for a Security Token.
  5. Site 1 then makes requests to Site 2 on behalf of User X by bundling the Security Token along with requests.

     Now, we will see the solution to solve Access Token issue in JMeter by following below steps as part of the correlation activity:

  1. While launching Home (Login page) server generates unique code ID and execution ID. These IDs are sent back as a response of first request (homepage URL)
  2. These IDs need to be captured in two separate RegExs.
  3. The next request contains Username, Password, code ID and execution ID. This request is redirected to the authorization server (to get access token).
  4. The redirected request having access token which needs to be captured in another RegEx.
  5. Add a Regular Expression Extractor post-processor in the request referred in step 3. Give a reference name (say accessToken), select “Field to Check” as “URL” or “Response Header” (as per application) and write the regular expression access_token=([\S]+).
  6. Use this access token (generally passes in request header) wherever is required.
    e.g. Authorization: Bearer ${accessToken}.

I hope you got a basic idea on working of Access Token and handling the Access Token in JMeter.

Ref: PerfMatrix

make it perfect!

Execute JMeter Scripts Behind the VPN

     One of my colleague had some issue while running the JMeter scripts behind the VPN or proxy. I proposed four solutions. I would like to share those four solutions here, two of them within the JMeter UI itself, another one we can do along with launching JMeter, and the final one is a static configuration within the system.properties file that available within JMeter/bin. We will discuss below more on different solutions.

Solution 1: Configure the Proxy Server into each HTTP Request

     In the HTTP Request, we can find out the Proxy Server section at the Advanced tab of the HTTP Request element. There we can add the proxy server name or IP address, port number, username, and password. In some cases, username and password are optional. Below is the screenshot details,

Solution 2: Configure the Proxy Server into HTTP Request Defaults

     Suppose if we have 50 or more HTTP Requests, then it will be difficult to configure the Proxy Server details in each HTTPT Request that we discussed in Solution 1. And also, in future your proxy settings changed, we may have to change those 50 and more requests. So the idea is to configure the Proxy Server into HTTP Request Defaults. In this case, we will not input anything into the HTTP Requests, just open HTTP Request Defaults, find out the Proxy Server at the Advanced tab, and configure the details. You can add HTTP Request Defaults under Test Plan and at the Thread Group level like a global declaration. Below is the screenshot details,

Solution 3: Launch JMeter from the command line with the following parameters

-H
[proxy server hostname or IP address]
-P
[proxy server port]
-N
[nonproxy hosts] (e.g. *.apache.org|localhost)
-u
[username for proxy authentication – if required]
-a
[password for proxy authentication – if required]

Following are some examples in the Windows system:

jmeter -H [proxyAddress] -P [portNumber]

Or you can use the IP instead of the Server name
jmeter -H [IPAddress] -P [portNumber]

If your Proxy Server required a username and password, use the command below
jmeter -H [proxyAddress] -P [portNumber] -u [username] -a [password]

If a non-proxy host list is provided, use this command
jmeter -H [proxyAddress] -P [portNumber] -u [username] -a [password] -N [proxyAddress]

In he above method, no need to worry about the proxy server configuration at the JMeter UI level.

Solution 4: Setup the proxy properties into the system properties file

     Open the system.properties in edit mode, this file is located under \apache-jmeter-5.1.1\bin directory (I am using JMeter 5.1.1). Add the following properties to the end of the file,

http.proxyHost
http.proxyPort
https.proxyHost
https.proxyPort

For example:

http.proxyHost=localhost
http.proxyPort=8887
https.proxyHost=localhost
https.proxyPort=8887

Suppose if a non-proxy host list is provided, then JMeter sets the following system properties:

http.nonProxyHosts
https.nonProxyHosts

     We can use one of the above solutions to run the JMeter script behind the VPN or proxy. We can ignore the first method if you have more HTTP Requests to execute. In some situations, we may need to work on the scripts without VPN or proxy, in that case, we can go ahead with solution 2 (need to disable HTTP Request Defaults component) or solution 3.

     Please try to utilize any of the above solution if you have a situation of running JMeter scripts behind the VPN or proxy.

make it perfect!