Liferay provides you a platform to build powerful and robust web applications. With arrival of latest version, Liferay DXP(Digital Experience Platform) they aim to help software companies to create and deliver experiences that end up in end-to-end customer relationship. When doing Liferay performance testing of Login scenario, the View Result Tree listener in Jmeter will give you all Green. Ideally it means all your requests are passing successfully. But wait, have you checked the response of Login Post request?
Look closely at the response of a Post Request in which we are providing Username/Email & Password. The Login did not happen. weird, right? Well, in this article we are going to focus on understanding occurrence of this issue and solving it. Before we move ahead towards solving this issue, I would like to talk about “Authentication Token”, a cool mechanism provided by Liferay to prevent CSRF(Cross Site Request Forgery).
What is Authentication Token in Liferay?
Authentication Token is a new feature Liferay implements to provide more security in URLs for CSRF protection. Liferay implements this feature to verify the user’s identity before he or she is granted access to the portal. Hence, for every sign-in request there must be a unique auth token generated. There are two types of Auth Tokens:
p_auth: Portal Authentication Token for CSRF protection
p_p_auth: Portlet authentication token for add-default-resource protection
In our example of Liferay Performance Testing we are dealing with portal authentication. This token is included in every action request in the portal as a parameter “p_auth” in the URL. Let’s see,
As you can see in above image, “p_auth” parameter has a value 5uh1S8bY which was captured when I recorded the script. So now when I run the script, the same old p_auth is appended along with User credentials. That becomes the reason for unsuccessful Login.
Solution of Authentication issue in Liferay Performance Testing
Now we completely understand why authentication is failing when we run the script. In our example there are 2 HTTP requests for Sign In flow. First one is for accessing Sign In screen and in second request we pass User credentials and p_auth as parameters. Let’s look at the response of First request.
As you can see we are getting fresh p_auth value from the response of 1st request every-time. So, why don’t we extract the value from the response of 1st request and pass it on to 2nd request? This mechanism is called Correlation. In Correlation we fetch the dynamic value from response and supply to subsequent requests. We will achieve Correlation by using Regular Expression Extractor in our example.
Below are the steps to achieve Correlation with use of Regular Expression Extractor:
1) Add Regular Expression Extractor under Request #1.
2) Provide below mentioned values to the fields mentioned:
Reference Name: auth_token (you can give any parameter name here.)
Regular Expression: p_auth=(.+?)” (This expression is applicable for given example & response structure only.)
Match Number: 1
Default Value: Failed
You can check your regular expression from View Result Tree. Refer below image:
3) Now we will supply the Reference Name in the next request where the parameter p_auth is stored and it’s Done.
Let’s Run the Test again:
Well, as you can see in above image that Login was successful.
Please note that we have recorded only 2 request covering Sign In flow for demo purpose. In real time when you are doing Liferay Performance Testing, you will need to pass this Authentication Token to many subsequent requests.
Also, for different response structures the format of Regular Expression varies. So make sure to check your expression before supplying it to next requests.
So guys, thank you for reading this article and please don’t forget to share your experience.