Load testing problem

[iksrazal]

Hi all,

I'm trying to load test my app with JMeter - a tool I know somewhat and is part of our requirements. The app has acegi 1.0.3 and running from the browser does the following:

1) Splash page, gets cookie.
2) Does login via acegi, passes cookie from splash.
3) Does further requests and passes same cookie, as acegi has now authenticated the user.

Here's the problem: JMeter does pass the same cookie from the splash page to the login at j_acegi_security check. However, the request returns a different cookie - that is different than what the browser does. So while acegi does the login, on subsequent requests I get AuthenticationCredentialsNotFoundException . NOTE: I posted this question to the JMeter list and a fine fellow there helped me confirm JMeter is working as expected.

So I'm trying to solve this via Firefox's Live HTTP Header when the app runs from the browser, and running wireshark on the server when testing via JMeter.

From JMeter running the splash page I get from wireshark on the server:

Code:

HTTP/1.1 200 OK\r\n
       Request Version: HTTP/1.1
       Response Code: 200
   Server: Apache-Coyote/1.1\r\n
   X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build:
CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5\r\n
   Set-Cookie: JSESSIONID=53D5A82C4A04FBD90031EB0B9F059664; Path=/\r\n
   Content-Type: text/html;charset=ISO-8859-1\r\n
   Content-Length: 5929
   Date: Wed, 14 Mar 2007 16:47:37 GMT\r\n

From JMeter running the Login page I get from wireshark on the server:

Code:

POST /at/j_acegi_security_check HTTP/1.1\r\n
       Request Method: POST
       Request URI: /at/j_acegi_security_check
       Request Version: HTTP/1.1
   Connection: keep-alive\r\n
   Cookie: JSESSIONID=53D5A82C4A04FBD90031EB0B9F059664\r\n
   Content-Length: 93
   Content-Type: application/x-www-form-urlencoded\r\n
   User-Agent: Java/1.5.0_08\r\n
   Host: penguin.myserver.net:8080\r\n
   Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n
   \r\n
Line-based text data: application/x-www-form-urlencoded
   j_username=xxx%40yahoo.com+&j_password=yyy1&submit.x=18&submit.y=5&submit=Login

So as expected JMeter sends the cookie to j_acegi_security_check. However, the result from the the login returns a different cookie!!! While that is permitted by the server, that is a difference from running in the browser. This is wireshark on the server showing the cookie reset after the login has been processed

Code:

HTTP/1.1 200 OK\r\n
       Request Version: HTTP/1.1
       Response Code: 200
   Server: Apache-Coyote/1.1\r\n
   X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build:
CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5\r\n
   Set-Cookie: JSESSIONID=4A2565D99C4B5F82A8B1056FC938D326; Path=/\r\n
   Content-Type: text/html;charset=ISO-8859-1\r\n
   Content-Length: 5929
   Date: Wed, 14 Mar 2007 16:47:42 GMT\r\n

Here's the firefox live headers results comming from the login via the browser which works fine:

Code:

http://penguin.myserver.net:8080/at/j_acegi_security_check?section=

POST /at/j_acegi_security_check?section= HTTP/1.1
Host: penguin.myserver.net:8080
User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1)
Gecko/20061023 SUSE/2.0-30 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,pt-br;q=0.8,en;q=0.5,pt;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://penguin.myserver.net:8080/at/public/index.jsp
Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
j_username=xxx%40yahoo.com&j_password=yyy1&submit.x=22&submit.y=9&submit=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
date=200610162339)/Tomcat-5.5
Location: http://penguin.myserver.net:8080/at/
Content-Length: 0
Date: Wed, 14 Mar 2007 17:13:58 GMT
----------------------------------------------------------
http://penguin.myserver.net:8080/at/

GET /at/ HTTP/1.1
Host: penguin.myserver.net:8080
User-Agent: Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.8.1)
Gecko/20061023 SUSE/2.0-30 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,pt-br;q=0.8,en;q=0.5,pt;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://penguin.myserver.net:8080/at/public/index.jsp
Cookie: JSESSIONID=8EF794277593CDAE19A765619417894C

HTTP/1.x 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0
date=200610162339)/Tomcat-5.5

I tried setting the 'Referer' header, with no luck. Any ideas?
Robert

[iksrazal]

Let me try and rephrase my question: After acegi authenticates, what information is needed to be passed by the next http request to get acegi to associate the request with credentials already authenticated ? It seems to be more than just the cookie and the 'Referer' header. What am I missing, ie, what needs to be passed in after login to prevent AuthenticationCredentialsNotFoundException ? Something subtle seems to be happening and staring at wireshark results for 2 days haven't found it yet. Any clues?

Thanks,
Robert

[iksrazal]

Solved the problem! For whatever reason, the app on tomcat when run via JMeter was returning a different cookie than acegi authenticated against. So for example. acegi in debug will show:

SessionId: 37906410A26808E32C1E758B44ABA91C

Alternatively to passing cookies, the http spec supports the semicolon and in tomcats case you can pass ;jessionid=cookie . So writing the url this way works - in my case *smartclient* is caught by filterChainProxy:

/at/smartclient.form;jsessionid=37906410A26808E32C1E75 8B44ABA91C?is_isc_rpc=true&isc_clientVersion=5.6b2 &iscTNum=0

News to me. Maybe it'll help someone. Cheers,
Robert