The Web Services Description Language (WSDL) is an XML-based format for describing the functionality of a web service. A WSDL web service is a web service that works according to rules described in a WSDL file.

Web services provide public information like the weather, converting and validating information and so on. In these cases, this information is available for anonymous users. However, information provided by a web service can also include private or personal information. In these cases information should be secured and provided only to authorized users. We already have an awesome blog post on how to work with Secured Web Services. I strongly recommend reading it.

In this blog post we will concentrate on load testing WSDL web services’ authentication methods with Apache JMeter™. The most popular approaches for user authentication are HTTP basic authentication and SoapHeader authentication, and we will test them both.

HTTP basic authentication is a common authentication method for HTTP requests, which requires the user to provide a username and password when making a request. You can read more about how to load test it, here.

The SoapHeader authentication works like this: the WSDL web service returns an access token if the correct login and password appear in the header of the request. This token is then valid for a certain amount of time, and should be sent with the other requests to access protected information.

Load Testing WSDL

Let’s say I have a WSDL web service that has these two levels of authentication: HTTP basic authentication and SoapHeader authentication. Let’s create a script that will pass both levels of authentication.

This web service also has three methods:

  1. The method ‘HelloWorld’ returns the string ‘Hello World’ and is protected with HTTP basic authentication.

  2. The method ‘Authentication’ returns an access token if the header of a request contains a valid username and password. In addition to SoapHeader authentication, this method is also protected with basic authentication.

  3. The method ‘HelloUser’ returns the string ‘Hello ${username}’ if the header of a request contains an active token. In addition to SoapHeader authentication, this method is also protected with basic authentication.

  1. Add a Thread Group to the Test plan.

Test plan -> Add -> Thread (Users) -> Thread Group

  1. Add the HTTP Authorization Manager to the Thread Group. This element is needed to pass HTTP Basic Authentication.

Thread Group -> Add -> Config Element -> HTTP Authorization Manager

5a1c102d539f8.jpg
We are using an incorrect username and password for demonstration purposes.

The HTTP Authorization Manager makes sure that the token will be used for all the subsequent requests.

  1. Add a HTTP Request which calls the HelloWorld method.

Thread Group -> Add -> Sampler -> HTTP Request

Increase imageperformance testing wsdl with jmeter

To fill this out yourself, you need to know the domain of your service (for the “Server Name or IP” field), the path of your method (for the “Path” field) and the structure of your request (for the “Body Data” field).

  1. Add a HTTP Header Manager to the HelloWorld sample. As I said above it must contain “SOAPAction” and “Content-Type” headers.

HelloWorld -> Add -> Config Element -> HTTP Header Manager

Increase imagehow do i load testing WSDL

Add two rows:
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/HelloWorld"

To fill this out yourself, you should know both headers’ Content-Type and SOAPAction. Both headers are defined by the web service developer.

  1. Add a View Results Tree listener to the Thread Group.

Thread Group -> Add -> Listener -> View Results Tree

Of course, we need a listener to see the results of our tests.

  1. Run the script!

Increase imagehow do i run a performance test for wsdl

As you can see the request failed basic authentication, because the username and password are incorrect. To pass Basic authentication we need to know the correct username and password. In my case it is ‘basicblazeuser’ and ‘basicblazepass’.

  1. Update the username and password in the HTTP Authorization Manager.

  2. Run the script and check the results again.

Increase imageHTTP basic authentication, jmeter, open source

The request passed authentication and we can see the token in the

The response correctly contains the string ‘Hello World’.

Load Testing WSDL SoapHeader Authentication

Another kind of authentication is SoapHeader authentication. SoapHeader is a custom way to protect your data. It could be implemented in different ways, but the essence of all implementations is the same. The client app should provide username and password to get a token which will be used to access private data.

In my case the username is ‘soapblazeuser’, password is ‘soapblazepass’.

  1. Add another Thread Group to the Test plan.

Test plan -> Add -> Thread (Users) -> Thread Group

  1. Copy and paste HTTP Authorization Manager to current Thread Group from first Thread Group.

  2. To pass this kind of authorization we need to send a username and password in the header of a SOAP request to the Authentication method.

Add an HTTP Request to call the Authentication method.

Thread Group -> Add -> Sampler -> HTTP Request

Increase imagesoapheader authentication with jmeter, wsdl

  1. Add a HTTP Header Manager to the HelloUser sample.
  1. Add a View Results Tree listener to the Thread Group.
  1. Let’s run the script and check results.

Increase imageperformance testing wsdl

The server returned a response, but with the field HelloUserResult which contains the string ‘Unauthorized’. This means the token is not correct since the username/password pair is incorrect.

  1. Update the Body Data for the Authentication request to have the correct username and password.

Increase imageload performance testing with jmeter

Update the fields UserName and Password with ‘soapblazeuser’ and ’soapblazepass’ values.

  1. Run the script and check results!

Increase imagecreate a wsdl test with jmeter

We got a response with the value ‘Hello soapblazeuser’ in the HelloUserResult field!

The Web Services Description Language (WSDL) is an XML-based format for describing the functionality of a web service. A WSDL web service is a web service that works according to rules described in a WSDL file. Web services provide public information like the weather, converting and validating information and so on. In these cases, this information is available for anonymous users. However, information provided by a web service can also include private or personal information. In these cases information should be secured and provided only to authorized users. We already have an awesome blog post on how to work with Secured Web Services. I strongly recommend reading it. In this blog post we will concentrate on load testing WSDL web services’ authentication methods with Apache JMeter™. The most popular approaches for user authentication are HTTP basic authentication and SoapHeader authentication, and we will test them both. HTTP basic authentication is a common authentication method for HTTP requests, which requires the user to provide a username and password when making a request. You can read more about how to load test it, here. The SoapHeader authentication works like this: the WSDL web service returns an access token if the correct login and password appear in the header of the request. This token is then valid for a certain amount of time, and should be sent with the other requests to access protected information. Load Testing WSDL Let’s say I have a WSDL web service that has these two levels of authentication: HTTP basic authentication and SoapHeader authentication. Let’s create a script that will pass both levels of authentication. This web service also has three methods: 1. The method ‘HelloWorld’ returns the string ‘Hello World’ and is protected with HTTP basic authentication. 2. The method ‘Authentication’ returns an access token if the header of a request contains a valid username and password. In addition to SoapHeader authentication, this method is also protected with basic authentication. 3. The method ‘HelloUser’ returns the string ‘Hello ${username}’ if the header of a request contains an active token. In addition to SoapHeader authentication, this method is also protected with basic authentication. 1. Add a Thread Group to the Test plan. Test plan -> Add -> Thread (Users) -> Thread Group 2. Add the HTTP Authorization Manager to the Thread Group. This element is needed to pass HTTP Basic Authentication. Thread Group -> Add -> Config Element -> HTTP Authorization Manager ![5a1c102d539f8.jpg](serve/attachment&path=5a1c102d539f8.jpg) We are using an incorrect username and password for demonstration purposes. The HTTP Authorization Manager makes sure that the token will be used for all the subsequent requests. 3. Add a HTTP Request which calls the HelloWorld method. Thread Group -> Add -> Sampler -> HTTP Request Increase imageperformance testing wsdl with jmeter To fill this out yourself, you need to know the domain of your service (for the “Server Name or IP” field), the path of your method (for the “Path” field) and the structure of your request (for the “Body Data” field). 4. Add a HTTP Header Manager to the HelloWorld sample. As I said above it must contain “SOAPAction” and “Content-Type” headers. HelloWorld -> Add -> Config Element -> HTTP Header Manager Increase imagehow do i load testing WSDL Add two rows: Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/HelloWorld" To fill this out yourself, you should know both headers’ Content-Type and SOAPAction. Both headers are defined by the web service developer. 5. Add a View Results Tree listener to the Thread Group. Thread Group -> Add -> Listener -> View Results Tree Of course, we need a listener to see the results of our tests. 6. Run the script! Increase imagehow do i run a performance test for wsdl As you can see the request failed basic authentication, because the username and password are incorrect. To pass Basic authentication we need to know the correct username and password. In my case it is ‘basicblazeuser’ and ‘basicblazepass’. 7. Update the username and password in the HTTP Authorization Manager. 8. Run the script and check the results again. Increase imageHTTP basic authentication, jmeter, open source The request passed authentication and we can see the token in the The response correctly contains the string ‘Hello World’. Load Testing WSDL SoapHeader Authentication Another kind of authentication is SoapHeader authentication. SoapHeader is a custom way to protect your data. It could be implemented in different ways, but the essence of all implementations is the same. The client app should provide username and password to get a token which will be used to access private data. In my case the username is ‘soapblazeuser’, password is ‘soapblazepass’. 9. Add another Thread Group to the Test plan. Test plan -> Add -> Thread (Users) -> Thread Group 10. Copy and paste HTTP Authorization Manager to current Thread Group from first Thread Group. 11. To pass this kind of authorization we need to send a username and password in the header of a SOAP request to the Authentication method. Add an HTTP Request to call the Authentication method. Thread Group -> Add -> Sampler -> HTTP Request Increase imagesoapheader authentication with jmeter, wsdl 18. Add a HTTP Header Manager to the HelloUser sample. 19. Add a View Results Tree listener to the Thread Group. 20. Let’s run the script and check results. Increase imageperformance testing wsdl The server returned a response, but with the field HelloUserResult which contains the string ‘Unauthorized’. This means the token is not correct since the username/password pair is incorrect. 21. Update the Body Data for the Authentication request to have the correct username and password. Increase imageload performance testing with jmeter Update the fields UserName and Password with ‘soapblazeuser’ and ’soapblazepass’ values. 22. Run the script and check results! Increase imagecreate a wsdl test with jmeter We got a response with the value ‘Hello soapblazeuser’ in the HelloUserResult field!
edited Nov 27 '17 at 6:47 pm
 
0
reply
51
views
0
replies
1
followers
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft