专栏首页Jerry的SAP技术分享如何使用jMeter对需要CSRF token验证的OData服务进行并发性能测试

如何使用jMeter对需要CSRF token验证的OData服务进行并发性能测试

In my previous blog JMeter beginner – how to use JMeter to measure performance of OData service accessed parallelly I have demonstrate the way how to generate a large number of parallel request to a given OData service endpoint to measure the performance how this OData service implementation behaves via:

  • Write a Java program by yourself, using standard API HttpClientBuilder provided by JDK.
  • Use Open source tool JMeter

In that blog, the type of HTTP request I perform is “GET”, in that simple case no XSRF token generation and validation is necessary. Now in this blog we will deal with more complex stuff: initiate a large number of Service request creation request via HTTP post. In this case it is necessary to:

  • get a valid XSRF token from server
  • send the actual HTTP post request to server by appending the XSRF token in request header field which is got from previous step I will show two different approaches to achieve the goal.

Develop a Java Program to send HTTP post request

In the past I have once developed a ABAP program to create Opportunity via OData service. The main logic is still very clear as already explained above:

  • get a valid XSRF token from server
  • send the actual HTTP post request to server by appending the XSRF token in request header field which is got from previous step The source code of that ABAP program could be found from my blog Consume standard C4C OData service via ABAP code.

Now I just simply translate the code using Java language, and enhance it a little bit so that a given number of parallel HTTP request could be sent via separate thread to perform the Service request creation via OData service.

In my example, I send three parallel request to server and could see the average response time printed out in console.

And since in my Java code, I use “Jerry OData Ticket” plus uuid as postfix for Service Request Name:

So finally I could find the created Service Requests with given name in UI:

Use JMeter to handle with XSRF Token stuff

First let us have a look how JMeter could archive the same without even one line of programming.

My project in JMeter is displayed with the following hierarchy. I have configured with “Number of 5 threads” in my thread group, so once executed, the response time of these 5 threads are displayed in result table together with average response time.

Some key points for this JMeter project creation

(1) Since now one thread should cover both XSRF token fetch via HTTP get and Service request creation via HTTP post, so a transaction controller is necessary to include both request.

(2) Create the first HTTP request to fetch XSRF token. The setting could be found below: adding a http header field with name as x-csrf-token and value as “fetch”:

Create a Regular Expression Extractor to parse the XSRF token from response header and stored it to a variable named “jerrycsrftoken”.

Before you continue, please make sure that the XSRF token is correctly parsed from request header, which could be confirmed by printing it out in a debug sample:

(3) Create another HTTP request with type POST.

Just paste the following text to the tab “Body Data”:

--batch_1
Content-Type: multipart/mixed; boundary=changeset_1

--changeset_1
Content-Type: application/http
Content-Transfer-Encoding: binary

POST ServiceRequestCollection HTTP/1.1
Content-Length: 5000
Accept: application/json
Content-Type: application/json

{
   "ServicePriorityCode": "2",
  "Name": {"content": "Jerry Testing ticket creation via JMeter ${uuid} "},
  "ServiceRequestDescription": [
    {
      "Text": "Piston Rattling 1 - Generic OData Test Create", 
      "TypeCode": "10004"
    }, 
    {
      "Text": "Piston Rattling 2 - Generic OData Test Create", 
      "TypeCode": "10007"
    }
  ]
}
--changeset_1--

--batch_1--

In the body text I use a user-defined variable ${uuid} which we could create it in last step. And for this post request, use the XSRF token fetched from previous HTTP get request.

(4) As the last step, create a user variable by using JMeter built-in function __Random, to create a random number between 1 ~ 100 as a fragment of created Service Request description.

Now execute the Thread group, and the execution detail for these three HTTP request could be reviewed separately in tree view:

For example, the XSRF token is successfully fetched in the first request: rdPy7zNj_uKDYvQLgfQCFA== And used as one header field in second HTTP Post request as expected:

And finally in UI we could find the created Service request with random number between 1 ~ 100 as postfix:

Further reading

You can find a list of all other blogs related to OData written by Jerry.

  • Consume standard C4C OData service via ABAP code
  • Leverage C4C Odata notification to monitor C4C Opportunity change in CRM system
  • OData Service backend implementation in C4C, CRM and S4 HANA
  • JMeter beginner – how to use JMeter to measure performance of OData service accessed parallelly
  • Regarding cookie manipulation in CL_HTTP_CLIENT to avoid CSRF token validation failure issue
  • OData service parallel performance measurement – how to deal with XSRF token in Java Program and JMeter
  • Expose TextCollection data belonging to a Custom BO via OData service

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • 如何为ABAP类创建隐式增强

    Jerry Wang
  • 如何使用Chrome扩展应用postman发送SAP UI5 batch操作

    There is a standard Gateway client tool ( transaction code /IWFND/GW_CLIENT ) wh...

    Jerry Wang
  • SAP云平台的trial账号不具备成员管理的功能

    Neo里的成员管理帮助文档: https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Clo...

    Jerry Wang
  • Sublime 部分问题解决

    将控制台界面(console)调出(在view选项中),使用如下命令安装包控制器。

    用户2657851
  • 如何使用Chrome扩展应用postman发送SAP UI5 batch操作

    There is a standard Gateway client tool ( transaction code /IWFND/GW_CLIENT ) wh...

    Jerry Wang
  • 从 WebAPI Beta 更新到WebAPI RC

    The official word on changes from Beta to RC for Web API-related topics (filtere...

    张善友
  • Uva 11729 Commando War (简单贪心)

    Uva 11729  Commando War (简单贪心) There is a war and it doesn't look very promising...

    Angel_Kitty
  • react项目预渲染开发

    react越来越火了,是开react开发的人员而是越来越多。但是因为单页应用SEO的问题,我们也不得不去解决这个问题。不管是哪里,都提供了两种方案,一种是SSR...

    踏浪
  • 22个黑客练习的2网站

    信息技术的需求量现在很高。随着世界继续将一切变成应用程序,甚至连最基本的设备都连接到互联网,需求只会增长,所以现在每个人都想学习黑客也就不足为奇了。 然而,几...

    网e渗透安全部
  • 统计学习导论 Chapter8 -- Tree-Based Methods

    Book: An Introduction to Statistical Learning with Applications in R http:...

    用户1148525

扫码关注云+社区

领取腾讯云代金券