Introduction:
For load testing we use Apache JMeter, a free open source tool. It supports recording actions through the UI and repeating these on multiple threads to simulate load on a web application. The tool also allows the user to build up a test suite based on HTTP (also HTTPS, FTP etc.) calls to a server and supports mimicking browser cookies and local storage.
JMeter is an essential tool in any web developers arsenal. Get it here: http://jmeter.apache.org/download_jmeter.cgi
Specifically we will talk about integrating with the commonly used enterprise authentication provider CAS but first we’ll walk through a basic project.
Example Project Setup:
When JMeter is started up, a blank project is created. This will contain a Test Plan node and a WorkBench node. Most of what we will do in JMeter will involve the Test Plan node. To begin setting up our project right click on the Test Plan node go to: Add > Threads (Users) > Thread Group. This element allows us to specify the concurrent looping behavior of the test execution. By default, this will create a single user thread that will execute once. For this example leave the default values as they are.
The next element we need is a Cookie Manager, to add this right click on the Thread Group element and go to: Add > Config Element > HTTP Cookie Manager. This will add the Cookie Manager as a subnode of the Thread Group. This element allows JMeter to store cookies in the same way as the browser does.
You do not need to adjust any of the default settings on the screen unless you wish to hardcode your own cookies into the test plan. However, for reusability this is not advised.
JMeter handles cookies in the background and there is no way to view a list of cookies present within JMeter during test runs.
And Next
The next element we will add is an HTTP Request Default element. Add this to the project the same way as the Cookie Manager. This element will allow us to specify properties such as domain, server path, port number etc. which will be shared between all requests to follow in the Test Plan. For this test we will simply set the Server Name property to “www.anyurlhere.com” and the Protocol field to “HTTP” (default protocol).
The next part we will add is the actual HTTP request element. This is the element that will actually be executed by the test. Right click on the Thread Group and go to: Add > Sampler > HTTP Request. This adds a blank HTTP Request element under the Thread Group. Given that we have already set up defaults for the basic HTTP Request the only field we need to set for the request is the Path property. For this example add “/maps” to the path. Leave the method field set to the default of “GET”.
From this screen, it is also possible to add Parameters and Body Data to the request. Parameters will be added the URL string whereas Body Data will be added to the request Body (used by form ‘Posts’)
Adding an HTTP Header Manager
While not strictly needed for this example, for completeness we will now add an HTTP Header Manager to the HTTP Request. To do this, right click on the HTTP Request element and go to: Add > Config Element > HTTP Header Manager. This allows the user to specify HTTP request headers that are specific only to that request. For this example, these headers may be left blank.
You can view the raw text from a request using the developer tools in Chrome/Firefox etc. With these copied, you can add them to the HTTP Header Manager by clicking the Add from Clipboard option. This will correctly parse and format the raw text into the JMeter format.
Specifying an HTTP Header Manager at the Thread Group level will assign this as the default for all request unless overridden by a header specified at the request level.
Ready to Run
Our test is now in a runnable state and will execute the above-specified HTTP request against our URL. However, in its current configuration, we will not get any feedback on the success or failure of the request. At the Thread Group level, we must add a View Results Tree element. To add this right click on the Thread Group element and go to: Add > Listeners > View Results Tree. This element requires no configuration and will automatically track the result of any and all HTTP Request elements in the Thread Group.
The test is now ready to execute. To run the test, click the green play button at the top of the JMeter window. Navigate to the View Result Tree element and you can observe the successful result in the window. You can also see the full raw versions of the HTTP Request and Response.
Congratulations! You just completed your first JMeter HTTP Test! As an exercise try adding more HTTP Requests to the basic project, add some custom headers etc and increase the loop time and concurrent users. As a further exercise, look at the other types of Graphs in the Listeners for the Thread Group. Experiment by looking at their output and try to make sense of the graphs you can generate.
Authentication with CAS
The Central Authentication Service (CAS) is a commonly used authentication provider for large-scale enterprise applications. With CAS configured as the authentication provider for your website or API, any unauthenticated attempt to access your services will be redirected to CAS. Due to the relatively complex login flow present with CAS, using JMeter on an endpoint requiring authentication is slightly more involved than a website with self-hosted authentication.
Authentication with CAS – Setup:
For authenticating with CAS we will need to add some extra steps which were not covered in the above tutorial. To begin, set up the project as above. Then, in the Request Defaults element set the Server Name to be the base address for the service that CAS is authenticating.
Create an HTTP Request inside the Group Thread. Within this request, the path should be something like “/cas/login”. Given that the domain has already been configured in the Request Defaults nothing more needs to be set on this request. The method should be left as GET and there are no custom headers needed. The response of this request is very important for the CAS auth flow. From this response, we need to parse the “lt” value from the response body. We can do this in JMeter by adding a Regular Expression Extractor Post Processor to the request. To do this, right click on the request and to go: Add > Post Processors > Regular Expression Extractor. Within the Regular Expression Extractor ensure that “Main sample only” is checked under “Apply to”. Under “Field to check”, select “Body”. Then fill in the remaining fields as below:
Reference Name : lt
Regular Expression : name="lt" value="(.+)"
Template : $1$
Match No. : 1
What Will This Do?
This will parse the value for “lt” from the response body and assign it to the global variable “${lt}” which can be used later in the request.
Now that we have extracted the “lt” value from the GET request to the CAS login page, we need to post our credentials to CAS for authentication. To do this we need to create another HTTP Request element and place it immediately after the above request. For this request set the Method to be “POST” and the Path to be the same as the previous request. Next, select the parameters tab on the request and copy in the following parameters:
_eventId=submit
execution=e1s1
lt=${lt}
submit=Sign In
password=xxxxxxxx
username=xxxxxxxx
For each parameter ensure that the encoded checkbox is ticked. The above may need modification depending on how CAS is configured however the eventId, execution and lt are all required. Assuming the username and password are correct, CAS will respond with an authentication successful message and a cookie which will be stored in the HTTP Cookie Manager setup earlier.
Finally, your test has now successfully authenticated with CAS. Now any further requests made within the domain will be able to use the cookie from CAS to authenticate the request and allow access to secured endpoints.
Has all this talk about Apache JMeter got you thinking? Greenfinch Technology has been developing custom software for many years for a wide range of industries.
An experienced staff member will be happy to give you a no-obligation consultation. They will go through what you require and put together the most efficient and cost-effective solution for you.