JMeter Basic Authentication
JmeterAuthorizationHttp AuthenticationJmeter Problem Overview
I am trying to imply the basic authentication process for a web service using JMeter. But everytime it throws out an error 401:Unauthorized. I tried using the HTTP Header manager to add a header Authorization and value to it. Still it does not work. I have also tried using the HTTP Authorization manager. Still no luck. Can someone help.
Jmeter Solutions
Solution 1 - Jmeter
I've found through debugging requests coming in from JMeter that the HTTP Authorization Manager module doesn't encode the username and password correctly. It puts a newline character after the username.
To run a JMeter test against a Basic Auth protected endpoint, include the HTTP Header Manager and add the Basic Auth header yourself:
Manually Encoding Credentials
-
From MacOS or Linux:
echo -n "username:password" | base64
-
From Windows:
Go here and encode your "username:password" string
Adding the Authorization Header
In the HTTP Header Manager, add an entry with the name "Authorization" and the value "Basic [encoded credentials from above]"
Solution 2 - Jmeter
Edit 19 august 2017 for JMeter 3.2:
- Use answer https://stackoverflow.com/a/12563623/460802
Basically to bypass a Basic Authorization you need to add the Authorization header with the value Basic base64(username:password). The problem is that JMeter has no base64 function embedded.
The solution is :
Step1 Add BeanShell PreProcessor (PreProcessor --> BeanShell Preprocessor)
Step2 Add the following script to the PreProcessor
import org.apache.commons.codec.binary.Base64;
byte[] encodedUsernamePassword = Base64.encodeBase64("neo4j:1234".getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));
Step3 Add HTTP Header Manager
Step4 Add Authorization header with correct value
header name Authorization
header value Basic ${base64HeaderValue} (base64HeaderValue variable is initialized by the BeanShell Preprocessor)
So in the end when you create a http request Authorization header will be passed to the server with base64 encoded string
Solution 3 - Jmeter
Do the following:
-
1/ Configure HTTP Authorization Manager correctly with all required fields
-
2/ Option 1 : Using HTTP 4 : (default)
-
it is possible since JMeter 3.2 without any further configuration using Authorization Manager
Option 2 : Using HTTP 3.1 : (deprecated)
-
in jmeter.properties , uncomment:
httpclient.parameters.file=httpclient.parameters
-
in httpclient.parameters, uncomment:
http.authentication.preemptive$Boolean=true
If you're looking to learn JMeter, this book by 3 developers of the project will help you
Solution 4 - Jmeter
Make sure to provide a protocol for the base URL, i.e.: "http://localhost" instead of "localhost"
Solution 5 - Jmeter
Like Ryan T said, in the HTTP Header Manager, add an entry with the name "Authorization"
and the value "Basic [encoded credentials from above]"
but without []
.
Solution 6 - Jmeter
Solution 7 - Jmeter
I am using Jmeter 3.3
GO to Jmeter on User choose add then HTTP Authorization Manager
Then add ur url , userid,password
If response type is json then add HTTP Header manager
Solution 8 - Jmeter
Adding a slight variation of @yurko which uses the username & password from User defined variables. (for Jmeter prior to 3.2)
import org.apache.commons.codec.binary.Base64;
String username = vars.get("USERNAME");
String password = vars.get("PASSWORD");
String combineduserpass = username + ":" + password;
byte[] encodedUsernamePassword = Base64.encodeBase64(combineduserpass.getBytes());
vars.put("base64HeaderValue",new String(encodedUsernamePassword));
Solution 9 - Jmeter
In reference to the first answer above, the incorrect encoding problem you mention must be now fixed, as Apache 3.1 does appear to encode the username:password correctly in HTTP Auth Manager
Solution 10 - Jmeter
You can easily use JSON Extractor for authentication inside the auth request to store the token in a variable, then you will just need to use it whenever the token is needed, in order to use that you will need an HTTP header manager using that variable you can follow the screenshots for clear instructions.
JSON Extractor configuration: HTTP header manager configuration:
Solution 11 - Jmeter
Updating good findings from your 2013 answers:
The HTTP4 option also works under current Jmeter version 2.13 after adding HTTP Header Manager row containing:
name="Authorization", value="Basic [base64-encoded user/password string]"
Verified on current host amazon linux having reverse proxy from apache 2.4 to tomcat8; tomcat8 recognized the user credentials instead of throwing 401 status.