basicAuth when following redirects

789 views
Skip to first unread message

Ben Peters

unread,
Aug 21, 2014, 9:07:29 AM8/21/14
to gat...@googlegroups.com
Hi all,

I'm trying to use Gatling to test a site that has basicAuth configured for all access (testing environment). I can successfully make a request using the http.basicAuth call, but when I try a request that results in a re-direct, Gatling automatically follows it, and I get a 401 error page in the log. Looking at the server logs, it seems as though on the second request (the redirect follow), Gatling is not providing the username/password that it used for the first request. Is there any way to control this that I'm missing?

val httpProtocol = http
.baseURL("http://mysite.com")
.inferHtmlResources()
.acceptHeader("""text/css,*/*;q=0.1""")
.acceptEncodingHeader("""gzip, deflate""")
.acceptLanguageHeader("""en-US,en;q=0.5""")
        .connection("""keep-alive""")
.userAgentHeader("""Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0""")

val headers_0 = Map("""Accept""" -> """text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8""")

val scn = scenario("BasicSimulation")
.exec(http("Landing Page")
                        // Generates a 302 redirect
.get("""/""")
.headers(headers_0)
.basicAuth("""username""","""password""")
.check(regex("""input name="authenticity_token" type="hidden" value="(.*)">""").saveAs("auth_token")))


Thanks!
-Ben

Pierre DAL-PRA

unread,
Aug 21, 2014, 9:56:36 AM8/21/14
to gat...@googlegroups.com
Hi Ben,

If you're using basicAuth at the request level, only the request on which you used it will be authentified.
What you need is specifying basicAuth at the protocol level, so that all requests will be authentified.
Just move basicAuth so that it set on your httpProtocol rather than on the Landing Page request and it'll work :)

Cheers,

Pierre

Ben Peters

unread,
Aug 21, 2014, 10:21:21 AM8/21/14
to gat...@googlegroups.com
Hi Pierre,
Thanks for the quick response. I had that thought, and tried moving the basicAuth call - but it doesn’t seem to fix things? It works on the first call (the request to “/“), but then I still get a 401 on the redirect.

Updated code:

val httpProtocol = http
.inferHtmlResources()
.acceptHeader("""text/css,*/*;q=0.1""")
.acceptEncodingHeader("""gzip, deflate""")
.acceptLanguageHeader("""en-US,en;q=0.5""")
.connection("""keep-alive""")
.userAgentHeader("""Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0""")
.basicAuth(“""username""",”""password"”")

--
You received this message because you are subscribed to a topic in the Google Groups "Gatling User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gatling/ixhbiYHwRnE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gatling+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Pierre DAL-PRA

unread,
Aug 21, 2014, 1:00:35 PM8/21/14
to gat...@googlegroups.com
That's strange...
Could you share your simulation ?

Ben Peters

unread,
Aug 21, 2014, 1:17:34 PM8/21/14
to gat...@googlegroups.com
Sure. I've attached the .scala file with password/usernames cleaned.

Here's the output log:

Select simulation id (default is 'basicsimulation'). Accepted characters are a-z, A-Z, 0-9, - and _




Select run description (optional)




Simulation consumer.BasicSimulation started...


09:20:42.774 [INFO ] i.g.h.c.HttpProtocol - Start warm up


09:20:43.095 [INFO ] i.g.h.c.HttpProtocol - Warm up done


09:20:43.231 [INFO ] i.g.h.a.HttpRequestAction$ - Sending request=Landing Page uri=http://mysite.com/: scenario=BasicSimulation, userId=1429584253802008026-0




================================================================================


2014-08-21 09:20:43                                           0s elapsed


---- BasicSimulation -----------------------------------------------------------


[                                                                          ]  0%


          waiting: 1      / running: 0      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=0      KO=0     )




================================================================================




09:20:43.622 [INFO ] i.g.h.a.HttpRequestAction$ - Sending request=Landing Page uri=http://mysite.com/users/sign_in: scenario=BasicSimulation, userId=1429584253802008026-0


09:20:43.705 [WARN ] i.g.h.a.AsyncHandlerActor - Request 'Landing Page Redirect 1' failed: regex(input name="authenticity_token" type="hidden" value="(.*)">).exists, found nothing


09:20:43.708 [DEBUG] i.g.h.a.AsyncHandlerActor -


>>>>>>>>>>>>>>>>>>>>>>>>>>


Request:


Landing Page Redirect 1: KO regex(input name="authenticity_token" type="hidden" value="(.*)">).exists, found nothing


=========================


Session:


Session(BasicSimulation,1429584253802008026-0,Map(gatling.http.cookies -> CookieJar(Map()), gatling.http.cache.redirects -> Map(http://mysite.com/ -> http://mysite.com/users/sign_in), gatling.http.referer -> http://mysite.com/users/sign_in),1408634443154,0,KO,List())


=========================


HTTP request:


GET http://mysite.com/users/sign_in


headers=


Accept: [text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]


Accept-Encoding: [gzip, deflate]


Accept-Language: [en-US,en;q=0.5]


User-Agent: [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0]


=========================


HTTP response:


status=


401 Unauthorized


headers=


Server: [nginx/1.4.6]


Date: [Thu, 21 Aug 2014 15:20:47 GMT]


Content-Type: [text/html]


Content-Length: [194]


Connection: [keep-alive]


WWW-Authenticate: [Basic realm="Restricted"]




body=


<html>


<head><title>401 Authorization Required</title></head>


<body bgcolor="white">


<center><h1>401 Authorization Required</h1></center>


<hr><center>nginx/1.4.6</center>


</body>


</html>




<<<<<<<<<<<<<<<<<<<<<<<<<




================================================================================


2014-08-21 09:20:48                                           5s elapsed


---- BasicSimulation -----------------------------------------------------------


[--------------------------------------------------------------------------]  0%


          waiting: 0      / running: 1      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=1     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (100.0%)


)">).exists, found nothing


================================================================================






================================================================================


2014-08-21 09:20:53                                          10s elapsed


---- BasicSimulation -----------------------------------------------------------


[--------------------------------------------------------------------------]  0%


          waiting: 0      / running: 1      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=1     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (100.0%)


)">).exists, found nothing


================================================================================




09:20:53.717 [ERROR] i.g.h.a.HttpRequestAction - No attribute named 'auth_token' is defined




================================================================================


2014-08-21 09:20:53                                          10s elapsed


---- BasicSimulation -----------------------------------------------------------


[##########################################################################]100%


          waiting: 0      / running: 0      / done:1    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=2     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


> request_10                                               (OK=0      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (50.00%)


)">).exists, found nothing


> No attribute named 'auth_token' is defined                          1 (50.00%)


================================================================================




Simulation finished


Generating reports...


Parsing log file(s)...


Parsing log file(s) done




================================================================================


---- Global Information --------------------------------------------------------


> request count                                          3 (OK=1      KO=2     )


> min response time                                      0 (OK=73     KO=0     )


> max response time                                     73 (OK=73     KO=66    )


> mean response time                                    46 (OK=73     KO=33    )


> std deviation                                         32 (OK=0      KO=33    )


> response time 95th percentile                         72 (OK=73     KO=62    )


> response time 99th percentile                         72 (OK=73     KO=65    )


> mean requests/sec                                   0.28 (OK=0.09   KO=0.19  )


---- Response Time Distribution ------------------------------------------------


> t < 800 ms                                             1 ( 33%)


> 800 ms < t < 1200 ms                                   0 (  0%)


> t > 1200 ms                                            0 (  0%)


> failed                                                 2 ( 67%)


---- Errors --------------------------------------------------------------------


> No attribute named 'auth_token' is defined                          1 (50.00%)


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (50.00%)


)">).exists, found nothing


================================================================================




Reports generated in 0s.


Please open the following file: results/basicsimulation-1408634443111/index.html

BasicSimulation.scala

Pierre DAL-PRA

unread,
Aug 21, 2014, 4:04:54 PM8/21/14
to gat...@googlegroups.com
Hi Ben,

After some investigation, I found that Gatling didn't propagate the Authorization header on redirects, which caused your bug.
It has been fixed on master : https://github.com/gatling/gatling/issues/2116
Could you grab the latest snapshot on Sonatype (should be available in a few minutes) and check that it has been fixed ?

Cheers,

Pierre
<p class="p2"
...

Ben Peters

unread,
Aug 22, 2014, 12:15:09 PM8/22/14
to gat...@googlegroups.com
Hi Pierre,
I just tried it again, but it still is failing to me with the newest snapshot. I just downloaded it from:

Any thoughts?

-ben

Stéphane Landelle

unread,
Aug 23, 2014, 7:56:20 PM8/23/14
to gat...@googlegroups.com
I think I got this fixed.
Could you give it a try, please?


Cheers,

Stéphane


--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.

Ben Peters

unread,
Aug 25, 2014, 10:10:28 AM8/25/14
to gat...@googlegroups.com
Is this in the latest snapshot build yet? I just downloaded the snaptshot, and it doesn't seem to be working. (I don't have a gatling build environment set up)

-ben

Stéphane Landelle

unread,
Aug 25, 2014, 10:15:53 AM8/25/14
to gat...@googlegroups.com
Could you provide debug logs, please?

Ben Peters

unread,
Aug 25, 2014, 10:23:50 AM8/25/14
to gat...@googlegroups.com

Select simulation id (default is 'basicsimulation'). Accepted characters are a-z, A-Z, 0-9, - and _

Select run description (optional)

Simulation subtextconsumer.BasicSimulation started...

08:19:13.809 [INFO ] i.g.h.c.HttpProtocol - Start warm up

08:19:14.177 [INFO ] i.g.h.c.HttpProtocol - Warm up done

08:19:14.286 [INFO ] i.g.h.a.HttpRequestAction$ - Sending request=Landing Page uri=http://mysite.com/: scenario=BasicSimulation, userId=3435566742843572270-0

================================================================================


2014-08-25 08:19:14                                           0s elapsed


---- BasicSimulation -----------------------------------------------------------


[                                                                          ]  0%


          waiting: 1      / running: 0      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=0      KO=0     )


================================================================================

08:19:14.730 [INFO ] i.g.h.a.HttpRequestAction$ - Sending request=Landing Page uri=http://mysite.com/users/sign_in: scenario=BasicSimulation, userId=3435566742843572270-0


08:19:14.817 [WARN ] i.g.h.a.AsyncHandlerActor - Request 'Landing Page Redirect 1' failed: regex(input name="authenticity_token" type="hidden" value="(.*)">).exists, found nothing


08:19:14.820 [DEBUG] i.g.h.a.AsyncHandlerActor -


>>>>>>>>>>>>>>>>>>>>>>>>>>


Request:


Landing Page Redirect 1: KO regex(input name="authenticity_token" type="hidden" value="(.*)">).exists, found nothing


=========================


Session:


Session(BasicSimulation,3435566742843572270-0,Map(gatling.http.cookies -> CookieJar(Map()), gatling.http.cache.redirects -> Map(http://mysite.com/ -> http://mysite.com/users/sign_in), gatling.http.referer -> http://mysite.com/users/sign_in),1408976354225,0,KO,List())


=========================


HTTP request:


GET http://mysite.com/users/sign_in


headers=


Accept: [text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]


Accept-Encoding: [gzip, deflate]


Accept-Language: [en-US,en;q=0.5]


User-Agent: [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0]


=========================


HTTP response:


status=


401 Unauthorized


headers=


Server: [nginx/1.4.6]


Date: [Mon, 25 Aug 2014 14:19:24 GMT]


Content-Type: [text/html]


Content-Length: [194]


Connection: [keep-alive]


WWW-Authenticate: [Basic realm="Restricted"]




body=


<html>


<head><title>401 Authorization Required</title></head>


<body bgcolor="white">


<center><h1>401 Authorization Required</h1></center>


<hr><center>nginx/1.4.6</center>


</body>


</html>




<<<<<<<<<<<<<<<<<<<<<<<<<




================================================================================


2014-08-25 08:19:19                                           5s elapsed


---- BasicSimulation -----------------------------------------------------------


[--------------------------------------------------------------------------]  0%


          waiting: 0      / running: 1      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=1     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (100.0%)


)">).exists, found nothing


================================================================================






================================================================================


2014-08-25 08:19:24                                          10s elapsed


---- BasicSimulation -----------------------------------------------------------


[--------------------------------------------------------------------------]  0%


          waiting: 0      / running: 1      / done:0    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=1     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (100.0%)


)">).exists, found nothing


================================================================================




08:19:24.824 [ERROR] i.g.h.a.HttpRequestAction - No attribute named 'auth_token' is defined




================================================================================


2014-08-25 08:19:24                                          10s elapsed


---- BasicSimulation -----------------------------------------------------------


[##########################################################################]100%


          waiting: 0      / running: 0      / done:1    


---- Requests ------------------------------------------------------------------


> Global                                                   (OK=1      KO=2     )


> Landing Page Redirect 1                                  (OK=1      KO=1     )


> request_10                                               (OK=0      KO=1     )


---- Errors --------------------------------------------------------------------


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (50.00%)


)">).exists, found nothing


> No attribute named 'auth_token' is defined                          1 (50.00%)


================================================================================




Simulation finished


Generating reports...


Parsing log file(s)...


Parsing log file(s) done




================================================================================


---- Global Information --------------------------------------------------------


> request count                                          3 (OK=1      KO=2     )


> min response time                                      0 (OK=115    KO=0     )


> max response time                                    115 (OK=115    KO=67    )


> mean response time                                    60 (OK=115    KO=33    )


> std deviation                                         47 (OK=0      KO=33    )


> response time 95th percentile                        110 (OK=115    KO=63    )


> response time 99th percentile                        114 (OK=115    KO=66    )


> mean requests/sec                                   0.28 (OK=0.09   KO=0.19  )


---- Response Time Distribution ------------------------------------------------


> t < 800 ms                                             1 ( 33%)


> 800 ms < t < 1200 ms                                   0 (  0%)


> t > 1200 ms                                            0 (  0%)


> failed                                                 2 ( 67%)


---- Errors --------------------------------------------------------------------


> No attribute named 'auth_token' is defined                          1 (50.00%)


> regex(input name="authenticity_token" type="hidden" value="(.*      1 (50.00%)


)">).exists, found nothing


================================================================================




Reports generated in 0s.


Please open the following file: results/basicsimulation-1408976354191/index.html

Stéphane Landelle

unread,
Aug 25, 2014, 11:38:43 AM8/25/14
to gat...@googlegroups.com
Weird.
Are your sure you grabbed the latest snapshot?

I just added some debug info, please grab a fresh snapshot in a few minutes.
Reply all
Reply to author
Forward
Message has been deleted
Message has been deleted
0 new messages