jmeter 实现token的解析与认证
jmeter 实现token的解析与认证
jmeter版本:4.0
问题描述:
1、当前系统通过token实现系统安全验证,登录成功后,token被存储在返回体中(reaponse body),后续服务器请求时,需要将该token添加到请求头部(request header)中;
2、当前web服务访问时,强制限制必须使用谷歌浏览器;
3、测试jemeter脚本时,提示错误:
{“flag”:false,”code”:401,”message”:”Unauthorized”}
问题分析:
对应谷歌浏览器,按F12进行http数据请求过程分析:
1、登录请求信息
header信息
POST http://192.168.0.1:8080/test/Auth/login HTTP/1.1
Host: 192.168.0.1:8080
Proxy-Connection: keep-alive
Content-Length: 40
Accept: application/json, text/javascript, /; q=0.01
Origin: http://192.168.0.1:8080
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3486.0 Safari/537.36
Content-Type: application/json
Referer: http://192.168.0.1:8080/test/index.html
请求参数:
{“userName”:”admin”,”password”:”123456”}
2、登录请求返回信息
header信息:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Content-Length: 1145
Date: Fri, 17 Aug 2018 17:49:06 GMT
body信息:
{
“code” : 200,
“message” : “操作成功”,
“name”:admin,
“token”:”3E78453A8B17F3A4EBA1B19D7F4D22D4-NKifP2w4mhXI9vl1YZynupr”
}
3、后续请求头部信息
对于后续请求的头部(Request Headers)中,都需要包含该token信息,对应属性:Authorization,如下所示
GET /test/gridcheck/getInitData?org=a1671ef7f43d41249552b5fb8118f169 HTTP/1.1
Host: 192.168.0.1:8080
Connection: keep-alive
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
Authorization: 3E78453A8B17F3A4EBA1B19D7F4D22D4-NKifP2w4mhXI9vl1YZynupr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3514.0 Safari/537.36
Referer: http://192.168.0.1:8080/test/gridcheck.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
解决办法:
jmeter提供正则表达式解析功能(Regular Expression Extractor),可以用于解析返回结果中的token值:
1、添加表达式解析
右键选择登录请求->add->Post Processors->Regular Expression Extractor:
2、填写token解析表达式
引用名称:token
模版:
匹配数字(0代表随机):1
正则表达式:”token”:”(.*?)”
默认值:null
3、后续请求添加请求头部信息
在后续的http请求头部(HTTP Header Manager)添加属性 Authorization
Authorization:${token}
4、查看结果树
可以看到,经过调整后,请求成功: