0

I'm attempting to test REST APIs authenticated by tokens. The process is:

  1. Provide username and password to get a token
  2. Extract the token and save it into a variable in Jmeter (AUTH_TOKEN)
  3. Set the header 'Authorization' with the extracted token value.
  4. Send a request using the token.

This is my test plan:

enter image description here

I could extract tokens successfully. However, sending requests in step 4 is failing because of missing authorization. The View Result Tree shows that the requests contains authorization headers, but the server couldn't find authorization headers. As showed in the figure below, I added 2 headers Authorization and Content-Type and they appeared in the request. The server returned the headers it had actually received, but there wasn't Authorization:

enter image description here

Can anyone help me to fix this issue? Thanks so much.

P/S: the server implements RESTful APIs by Python and Flask framework. I deployed the server with Apache HTTP Server.

==========[UPDATED]========================

The server code is implemented with Flask in Pycharm. Everything is perfect when sending requests from JMeter to the server run with the embedded Flask server. The problem only appears when the server code is deployed with Apache HTTP Server. The configurations of JMeter in the above cases are exactly the same except the port. But if the cause is from Apache server, it doesn't seem reasonable.

==========[UPDATED & SOLVED]========================

I found the reason of my problem here Missing authorization header. Because of deploying the web application with Apache and mod_wsgi, Authorization headers are not passed to the application by default. I have to add this line WSGIPassAuthorization On into my virtual host configuration.

Nana
  • 11
  • 2
  • Response data tab doesn't show headers so I don't think this is the problem – user7294900 Sep 27 '17 at 04:27
  • Response Headers are shown in the sampler results tab. So, you might want to check over there – Varun Sharma Sep 27 '17 at 04:39
  • @user7294900, Varun Sharma: I know Response Data tab shows the response body. Because the server returned the error of 'Missing token' so I modified the server code to return all headers of requests. Hence the Response Data tab in the figure returns the headers of the request which has been received by the server. – Nana Sep 27 '17 at 07:54

2 Answers2

0

Please check if your api endpoint needs a request body with the "GET /regions" request. In your 2nd screenshot of the "Request" section "GET data:" section is blank. It mostly means that the server is expecting a request body along with your GET request.

Sai_S
  • 13
  • 3
  • The API "GET /regions" just returns a list of regions so it doesn't require any data in the request body. However, the API requires a token provided in the request header ''Authorization'' for authentication. This API works when I test it in Pycharm using Python Requests library for sending requests. – Nana Sep 27 '17 at 11:03
  • Can you try passing in the port number in your GET request's url at which your new Apache Server is listening for new requests. – Sai_S Sep 27 '17 at 15:34
0

My expectation is that your Extract token works incorrectly, i.e. your ${BEARER} variable has a blank line before the actual value as it evidenced by your screenshot.

Double check your ${BEARER} variable value using Debug Sampler and View Results Tree Listener combination: it should not contain blank lines. If it does - review your Extract token configuration and amend it to return solely header value.

It is recommended to use JSON Extractor for getting values from JSON data type.

Dmitri T
  • 119,313
  • 3
  • 56
  • 104
  • The extractor I used is JSON Extractor. I don't think the problem is about the extractor. This is the extracted value I got from Debug Sampler: `JMeterVariables: AUTH_TOKEN=eyJhbGciOiJIUzI1N...` (I cut the rest of the token) – Nana Sep 27 '17 at 11:28