View on GitHub

Testing authorization using jMeter

testing FOSUserBundle, jMeter Cookie Manager, jQuery Extractor

Download this project as a .zip file Download this project as a tar.gz file

‹ back to table of content

Here you've got lessons' files.

Log in into Symfony2 app

Remember! The most important think is to add jMeter cookie manager. Without it - you never won't logged in. You can find this element in "Config Elements". The element simulates browser behaviour. If you don't know a HTTP protocol pretty well, after this lesson you will see how internet browsers work.

jmeter cookie manager

It was simple cookie manager. I'm not going to write a lot about the element, because it works without any additional configuration. For more information, please visit documentation.

CSS/jQuery extractor

Symfony2 applications' forms are secured by csfr token (Cross-site request forgery). Each form contains additional hidden field (_token). We need to extract the token from response, this is why we're using jQuery extractor. If you send form without token or with invalid token you receive "invalid csrf token" exception. You can disable this protection.. but it's not recommended. Dollar separator works exactly the same as in extract information from response. Now I need the value of input with a name "_csfr_token" input[name=_csrf_token]

The value will be available in variable TOKEN (use ${TOKEN})

jmeter jquery extractor

Send POST request with parameters

On the screen you can see how to add parameters to request. You can't send login credentials as first step. Symfony2 application needs to handle some request before you will be able to log in (security). If you'll see "Your session has timed out, or you have disabled cookies" it means that you've forgotten about it. Extracting token without requesting app is imposible :)

send post request in jmeter

Here you can find this scenario file.
Integration FOSUserBundle with Symfony2 and MongoDB was implemented in this commit

‹ back to table of content

comments powered by Disqus