IBM Worklight with IBM Rational Performance Tester

0
votes

I require some clarification based on the written in this question: IBM Worklight 6.0 - wl_antiXSRFRealm error after deploying adapter to Worklight Server

I have recorded the mobile application traffic via 'IBM Rational Performance Tester'. The app is developed in the worklight platform.

When i see the home page launch, I could note that the response is 401 - Unauthorized. I understood from the post that it is an authentication mechanism used by worklight server.

In my script it is captured as below,

/-secure- {"challenges":{"wl_deviceNoProvisioningRealm":{"token":"59klbrq39geha0kuvknita262n"},"wl_antiXSRFRealm":{"WL-Instance-Id":"qsft4t6g6c3tc1k1lud66hfg1r"}}}/

Is there a way to overcome it? Since my tool considers 401 as error code, it actually is not proceeding from that step. Please suggest me if that same logic explained in the question would be the way forward to solve this issue. Also please suggest how the above script to be modified, since the XML tag suggested could not be added.

1
androidibm-mobilefirstperformance-testingrational-performance-test
Which tool are you using? Did you try adding wl_unprotected in order to continue with the tests? does it damage the tests in any way? - Idan Adar
Hi Adar,I am using IBM Rational Performance Tester. On a brief note, my application which am recording with IBM RPT tool is mobile native app developed in worklight platform. Since 401 - Unauthorized error arrives in recorded script, I could not proceed. Kindly suggest a workaround. Script: Req : xx/apps/services/api/xx/android/query Data: adapter=account&procedure=requireAuthentification&compressResponse&parameters=%5B%5D&__wl_deviceCtx=xxx&isAjaxRequest=true&x=xxx Res: -secure- {"challenges":{"wl_deviceNoProvisioningRealm":{"token":"xxx"},"wl_antiXSRFRealm":{"WL-Instance-Id":"xxx"}}}*/ - MK.
To answer your question, I am using IBM Rational Performance Tester, Load testing tool. Tried adding WL_Unprotected instead of {"challenges":{"wl_deviceNoProvisioningRealm":{"token":"5hjp2gp230c2eja6qgfoepuno2"},"wl_antiXSRFRealm":{"WL-Instance-Id":"a9c7l7ou9el5193ql2k9c8bdq"}}}. And for the third question, Yes it damages and it does stop me from proceeding to the next step - MK.
What do you mean "instead of" You add this security test to your adapter procedures in the adapter XML file. - Idan Adar
Hi Ivan,The issue was that IBM RPT is not capturing auth request headers, for which a defect ‘APAR PI25188’ has been raised about : RPT TEST GENERATOR DISCARDS NON-STANDARD AUTHORIZATION REQUEST HEADERS. Per IBM RPT dev team suggestion, We have manually added the request headers, RPT missed to capture from the recsession data. Thanks for your timely revert!! - MK.

1 Answers

0
votes

From the comments (as the user is no longer available):

The issue was that IBM RPT is not capturing auth request headers, for which a defect ‘APAR PI25188’ has been raised about : RPT TEST GENERATOR DISCARDS NON-STANDARD AUTHORIZATION REQUEST HEADERS. Per IBM RPT dev team suggestion, We have manually added the request headers, RPT missed to capture from the recsession data.