0
votes

Investigating a web resource's behavior I found out that there is a POST request (as it is stated in Web Inspector) made as XHR (AJAX) with some parameters and request headers. Among others there is a X-Requested-With: XMLHttpRequest meaning that the request is AJAX.

When I try to make the same request with JMeter or Curl I get an error telling the following (providing all necessary headers) :

Request method 'POST' not supported

I have source of the app and service of my interest has the following definition:

@Controller
@RequestMapping(value = "/myrestservice")
public class MyRestServiceController {
// some code goes here

    @RequestMapping(value = "/get", method = RequestMethod.POST, produces = "application/json")
    @ResponseBody
    public Map<String, DataDTO> getRestServiceResponse(@RequestParam("list") final List<String> itemsList, final Model model)

So it has to accept POST requests. And it does when it comes in runtime, but it doesn't for me trying to make such a request manually.

Any ideas why this kind of discrepancy happens?JMeter screenshot web inspector headerweb inspector requestweb inspector response

This is the Request snipped from View Results Tree: POST https:${address-goes-here}/productstock/get/

POST data: CSRFToken=720fe025-d511-4a5e-ab17-d1ea8e0b0aa3&productList=productList%3D000000000010000545%2C000000000010000553%2C000000000010012169

Cookie Data: JSESSIONID=60409DB1AFD720283100BCA212CD42DE.app11; megapolisstorefrontRememberMe=cGV0cjE0NzhAbWFpbC5ydToxNTIwMjQzMjExMzc5Ojk2Z> TkzN2FlNzY5MDk5NmY4ZDk5N2JhMTQ5MmEzYmI5; > acceleratorSecureGUID=ca22a2f520a00f5cc3efa3acb6599a5f0e081c85

Request Headers: Connection: keep-alive Accept: application/json, text/javascript
X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: ${address-goes-here}
Referer: ${address-goes-here}/%D0%9A%D0%B0%D1%82%D0%B0%D0%BB%D0%BE%D0%B3/%D0%9D%D0%B0%D0%BF%D0%B8%D1%82%D0%BA%D0%B8/%D0%AD%D0%BD%D0%B5%D1%80%D0%B3%D0%B5%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B5-%D0%BD%D0%B0%D0%BF%D0%B8%D1%82%D0%BA%D0%B8/c/2006
Content-Length: 147
Host: ${address-goes-here}
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_112)

2
I guess you must put the right content-type header Content-Type: application/jsonAngelo Immediata
can you show your working (in web inspector) and not working in JMeter request?user7294900
Well, as I wrote - all necessary headers are there, including "Accept: application/json" and "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"SergeZ
Can you show a screenshot of JMeter (Ctrl+G). It could be a typo or a misunderstanding in header variablesuser7294900

2 Answers

0
votes
  1. Make sure you add HTTP Cookie Manager to your Test Plan
  2. Make sure to perform correlation of the CSRFToken dynamic parameter. Check out How to Load Test CSRF-Protected Web Sites article for more details.

My expectation is that you try to perform a request directly, however you need to be logged in (have valid cookie and CSRF token). If you have login sequence in place examine response details using View Results Tree listener - most probably your test hits login page only and it doesn't support POST request types.

0
votes

So, the whole point was in wrong csrftoken sent to the service.

As long as I provided the correct one, request succeeded.