This article is about how to load test OAuth2 secured rest service using Apache Jmeter.
Our requirement was to load test one of our REST microservice which is secured by OAUTH2. In order to load test the microservice the test should have the following steps,
Step 1 : Hit token endpoint with client id and client secret and obtain the security token.
Step 2 : Hit service endpoint with security token obtained in the step 1.
This can be done using Jmeter. JMeter is open source software from Apache, built on Java, designed to load test functional behavior of your application. The target application can be either simple application or SOAP/REST service, FTP, LDAP, TCP, JDBC etc etc.
JMeter can be downloaded from https://jmeter.apache.org/download_jmeter.cgi and it can be launched by executing ApacheJMeter.jar from the bin folder. Once the JMeter is launched, we could see default test plan. Follow the below instructions load test OAuth2 enabled rest service.
Right click on the default test plan, Add → Threads → Thread Group to create a new Thread Group. In the Thread Group configuration we can specify number of threads, loop counts, duration, delay etc etc.
Once the Thread Group is added we need to add step to hit the token endpoint. In our case token service is actually a http service. So right click on Thread Group → Add → Sampler → HTTP Request
Below is the actual curl command for token endpoint.
POST /auth/realms/ct-fly-master/protocol/openid-connect/token HTTP/1.1
Host: cloudbreaker.net
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials client_id=oclient client_secret=243f902f-8768-3456-a025-24868fa1e3b8
Rename the HTTP Request object to ‘Get Token’ and the above curl command can be configured like below in HTTP Request in JMeter
Content Type should be part of HTTP Header. So right click Get Token → Add → Config Element → HTTP Header Manager and add the content type as application/x-www-form-urlencoded
Also add View Results Tree object to view the request and response data by Right click on Get Token → Add → Listener → View Results Tree
Go ahead and click on Run to verify the configurations. If everything is correct you should see valid request and successful response in the View Results Tree Object. In response tab we should be something like below with access token and token type details
{
“access_token”: “eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqQnZVMENjek82R2E2cDFadDFRdllESjVxTz”,
“expires_in”: 300,
“refresh_expires_in”: 1800,
“refresh_token”: “eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqQnZVMENjek82R2E2cDF”,
“token_type”: “bearer”,
“not-before-policy”: 0,
“session_state”: “bf5fd878-80f6-4018-a039-0eaa477d1df4”
}
Now we need to extract the access token from the response which can be done using JSON Extractor by adding right click on Get Token → Add → Post Processor → JSON Extractor and assign the variable name.
Now we successfully completed the Step 1 of our test.
Next step is configuring the actual service. Follow the same above steps and add configuration for service endpoint. Here my actual service method is simple ping operation and it’s curl command would be like below
GET /v1/ping HTTP/1.1
Host: cloudbreaker.net
Respective JMeter configuration will be
Add HTTP Header Manager node and Include access token obtained in the step 1 in the http header.
That’s it. If everything configured correctly, we can start the load test. Results can be viewed in the View Results tree. Additionally we can also add nodes like Summary Report, Aggregate Report, Aggregate Graph, Graph results, Response Time Graph, View Results Table etc etc into our JMeter configuration to better analysis and reporting.
Cloud Breaker - Vinoth's Blog 