I have recorded script in jmeter for login into system. However, there is a security question page is displayed once user login with correct credential. When user click on login button, system post the data but on second page when user answer and click on button, system post data using ajax/js script and this is not recorded in jmeter. As per my understanding, js is not supported in jmeter. Now the question is how should I record second page to post security question using ajax/jmeter? Is there any solution for this?
I would appreciate your inputs.
Thanks,
JMeter, when testing web services, basically does not matter whether you are using java, javascript or ajax at client side. JMeter will record HTTP requests including request headers and responses from clients and during testing it will simulate the same requests for the specified number of users(threads). You can easily reproduce the web services if you know all the details of the web-request(host, method(get/post), request parameters, request headers, etc.). If you don't know the details or facing problems then you can use Developer tools>Network (press f12 in Chrome) to get the details of web requests. In your case, you closely observe the web request in ajax call using developer tools and provide the details in JMeter.
If you want to pass login credentials, you can make use of user defined variables in jmeter. You can set values in variables and make use it in requests as ${variable_name}
If you need to do some computations,you can use beanshell components or BSF samplers.
If you want extract value(to a variable) from the response data sent from the server and reuse them, then use regular expression extractor.
Related
I need to do logging in JMeter. In Firefox, i go to the website, enter username and passwort and press the login button. Then i check in console which POSTs are shown. I take login data from xml and give it to HTTPRequest as a parameteres in JMeter. And right now i have a problem. This website, before going to the first page after logging, shows JS PopUp with warning (yes or no to choose). JS code to this popup is shown in console as a Response in this POST method. This popup blocked going further - a content from the URL from this POST is "Acces Denied".
How to fix it? I was thinking about some If Controller but I don't have any specific idea.
I would be greatful ;-)
Forget about JavaScript. JMeter is not a browser.
As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages.
So JMeter won't be able to "see" the popup or to "type" anything in it. However JMeter can mimic the relevant request just like it is originated from the browser. So instead of building your request manually I would suggest to record it. Even record 2 times so if there are any differences caused by dynamic parameters you could identify and work them around.
Also as JMeter is not a browser it requires some extra configuration in order to be more browser-like, i.e.:
HTTP Cookie Manager - to represent browser cookies and deal with cookie-based authentication
HTTP Header Manager - to represent browser headers e.g. User-Agent
HTTP Cache Manager - to mimic browser cache so in case of subsequent requests to the same URL JMeter wouldn't re-download all associated images
See How To Make JMeter Behave More Like A Real Browser article for detailed explanation of the aforementioned configuration suggestions and few more tips.
Thanks ! I recorded it and it helps me a lot. But now a have further issue:
This popup is optional and it is shown when more than 1 user is logged in with the same username. If this happens - I get as a POST response a js code like "new Popup(....etc... ". But when the PopUp won't appear - i get a piece of URL(POST response) which is sticked to a normal URL when there is only 1 user logged. Now I want to consider this two cases. How to do it in JMeter? I made a Response Assertion and as a Pattern to Test I put this piece of URL. If this second condition appers - everything is fine but when this PopUp apers - I would like to stick this piece of URL to the main address and go further.
I have tried to record it but it is just a JavaScript operation and I can't find this moment in JMeter recording. As You said - i have to forget about JavaScript ;)
So, is there any possibility to do it?
I am using this web-app - 'http://podaac-uat.jpl.nasa.gov/mcc/' and I want to know the url of the server to which the request is sent to when I am hitting the submit button. I am writing an API that needs to send the request directly to the server with the required parameters set rather than using the web-app.
Thanks for the help in advance. :)
If I understood correctly what you are trying to do, one way to find out what the Compliance Checker is trying to do is to capture the traffic when submitting. This can be done using various tools such as Fiddler, but all modern browsers allow this.
As a test, I have used Google Chrome to check the request made by that submit form:
POST request includes uploaded data in its body. However, it is very likely that the site will not allow POST calls from another domain (i.e. your application) - see here and here for references.
I'm building client server REST application.
Client side is based on Angular while server is PHP (not that it matters much anyhow).
What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.
I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).
thanks
When google captcha approves one user, it provides you a token.
So imagine this scenario. A User is about to save, and uses the captcha, the captcha does its business and gives you a token, it is all that matters.
If you want to see a "tentative" flow of requests for this.
The User should pass the captcha before registering and retrieve the token that it provides in the front end.
User clicks save, you receive the captcha token in the backend as form data. You validate the token with Google via an API. If Google verifies the token as valid, you can save the user or reject if Google returns an error.
The frontend listens for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
Backend receives a new token in form data and repeats step 2.
You can have a look on google-recaptcha. Its angular implementation is here
vcRecaptcha
Google's new-ish reCaptcha is pretty slick. They have several easy to understand examples and usage scenarios.
https://www.google.com/recaptcha/intro/index.html
Edit: To address your specific question of how to implement this in a RESTful application, I'd make two files. One would be a public-facing file like index.php and the other would be a back-end file that would hold the private information.
I could copy/paste my previously-written how-to here, or I could just link you to the article I wrote 2 months ago.
I want to send a request (or any response or notification) from the server side to the browser without a browser request to the server.
I use JSP and the Struts framework in my Java EE application. When some one is on my page, and when some processing in done in my action class/servlets, I want to send a notification or message or request to the browser to be appeared on the page. Here the relevant page cannot be refreshed or reloaded and it may be handled on the browser side with javascript or jquery. I use Http.
Is there a way to do this?
EDIT: Example: The application is an online inventory system. An Admin has logged in. If one of the items is out of stock, the admin should be notified saying that that particular item is out of stock without the admin searching the stores and do nothing (when he is on his account page, a pop up may be displayed to him).
I am not so sure what you meant but according to my understanding you can do this.I guess Comet is the thing you are looking for.Comet is the technique where in server pushes the data to the browser.
Try Pushlet concept which might address your requirement
http://www.javaworld.com/jw-03-2000/jw-03-pushlet.html
In my Google App Engine app I want to pass this user information
user = users.get_current_user()
to the Chrome extension in a url paramenter when the user clicks a button in the app.
How can I do this?
I read about Cross-Origin HMLHttpRequest but that seems about sending info to the app not about receiving.
This is a follow up to my other questions on this subject.
You can't pass information to the background via a URL parameter like this, but you've got a couple of options.
Probably the easiest way to do this would be to have the extension inject a content script in to your app. Since the content script runs in the context your your web app, it has access to the user details and any other information you might want to pass.
Then, via Message Passing (see http://code.google.com/chrome/extensions/messaging.html), you could send a message to the background page with the information that you're trying to send.
This is from a while ago, but just in case someone stumbles upon it as I did today.
Sending the user email as a URL parameter is totally unsafe. Anyone using curl or their browser can make requests pretending to be any random user. If users can alter data with their requests, or if they should not be able to see each others data then you shouldn't follow this approach.
You should use GAE's cookie based user's service instead:
python version
java version