jMeter is a great tool to perform several load and stress tests on websites, ftp servers, database servers and more. I use it to see how much end-users can log in to their banking environment and check their current account details, to validate how much inserts/sec can be handled by a database, the maximum amount of ldap lookups, etc.
During testing, the most interesting things usually happen during the load test. It’s funny to see how a site behaves (or dies) when the system is running out of resources. My ultimate goal is not to find the moment where the site breaks, but to tune the site to a level where it actually never breaks, but only becoming slow, without collapsing via some snowball effect on system resources. I’d rather have a slow web site where 8 web servers are running at 95% cpu, than a collapsed farm because end-users hit the F5 button after receiving a system error.
In one of my last assignments to benchmark a site, the site turned out to use java classes, with browser-based functions to create an encrypted password which in turn was sent to the web site for authentication.
There I was, with a need for executing a custom java class, and a clear FAQ on the jMeter site telling me explicitely “Does JMeter process dynamic pages (e.g. Javascript and applets): No. JMeter does not process Javascript or applets embedded in HTML pages.”.
But jMeter does support a way to execute JavaScript functions, via the “BSF assertion”. And here’s the trick: JavaScript provides a bridging function towards java libraries, via the Packages method. If you have a custom class in a JAR file provided by the website, the regular path to that class would be com.Company.Custom.Classname, and the function can be called “FunctionName”. Using this function from within JavaScript is can be done by calling the function with it’s full path, and by adding “Packages.” in front of it.
Example java class function use within jMeter, e.g. by using a class file to encrypt a username/password combination by using a custom java function:
- download the website’s JAR file, and put it in the jMeter java classpath
- Create your regular jMeter test
- Add a “user definded variable” test component, and add a field called “PASSWORD” with variable “secret”, and an empty field “HASHEDPASSWORD”.
- Add the “BSF sampler” to the HTTP request sampler containing the username/password login page
- Put “javascript” in the “script language” field of the BSF assertion
This is how the JavaScript code within the BSF assertion could look like:
//Get the jMeter variable and put it in a Javascript variable
var password = vars.get(‘PASSWORD’);
//the actual magic: the calling of a Java class function from within JavaScript
//This is not an actual password encryption, only an example by help of a jMeter class available
//You can find this class in ~jmeter/lib/soap.jar
var hashedpassword = Packages.org.apache.soap.Utils.cleanString(password);
//Put the result back into a jMeter variable for further processing
vars.put(‘HASHEDPASSWORD’,hashedpassword);
//and since we’re not testing anything in this “BSF assertion”, we will always call it a success:
AssertionResult.setFailure(false);
And that’s it! Read more…
