Write directory title here
1. Information Header Manager
Adding method: Right-click on the HTTP request -> Add -> Configuration Element -> HTTP Information Header Manager
Function: Set the request header
After this configuration, in the HTTP request, the value of the Content-Type of the request header is application/json
1 Case, test development platform login interface
It can be found that the HTTP request cannot customize the request header here
Step 2: Add an HTTP header manager and add Content-Type configuration
Step 3: Add the view result tree and run to view the results
2 Case, test platform to obtain test case interface
Obtaining the test case interface needs to obtain the token after successful login
Add a JSON extractor
Add an HTTP information header manager, and add Content-Type configuration
and Authorization
Add a view result tree, and run to view the result
Two, HTTP request default value
Add method: Right click on thread group -> Add -> Configuration element -> HTTP request default value
Function: Set default values for HTTP requests, mainly including: protocol, domain name, port, path,
encoding, query parameters, request body;
Case 1: Realize the login interface test
Requirements: Use JMeter to complete the scripts of the following interface test cases.
Login is successful
, password is wrong,
account number is wrong,
username is empty
, password is empty.
Case conclusion: Using the default value of HTTP request can improve the speed of writing JMeter scripts
3. Cookie manager (problem)
Cookie: small text data stored on the client side, mainly used to manage user sessions
Cooke Manager: It is a component used by JMeter to manage cookies. After using the Cookie Manager
, cookies can be managed manually/automatically
Adding method: Right-click on the thread group -> Add -> Configuration Element -> HTTP Cookie Manager
Function:
You can use the Cookie Manager to manually manage static cookies
and you can use the Cookie Manager to automatically manage Cookies
. The meaning of automatic management: Automatically save the cookies returned by the server, And automatically
attach the Cookie to the HTTP request and pass it to the server.
Case 1: Open source project TPshop mall login case
Demonstrate login by manually managing cookies and manually filling in the verification code
Step 1: Obtain the verification code
Step 2: Login
Capture packets on the login page to obtain verification codes and cookies
Add HTTP login request
Add HTTP Cookie manager
View result tree
Principle
Case 2: (has a problem)
Demonstrate the function of automatically managing cookies.
Effect: After successful login, you can continue to access the internal interface without manually filling in the cookie.
Step 1: Login
Step 2: User management
Fourth, the relationship between authentication, authorization, authentication, and authority control
1. Certification
Mainly confirm the identity of the user, mainly including: verification code, face recognition, fingerprint recognition, device identification, etc.
Application method:
mobile phone verification code: authentication is operated by oneself
Picture verification code: authentication is operated by human beings, not robot program
equipment Verification: device lock, authentication is done by yourself
Fingerprint recognition: authenticate yourself
Face recognition: authenticate yourself
2. Authorization
Authorization means that the resource owner delegates the executor, and grants the executor a specified range of resource operation permissions, so that the executor can perform related operations on the resource on behalf of the executor.
Mainly include:
resource owner: who owns all the rights of the resource, and is generally the owner of the resource.
Resource Executor: Delegated to perform resource-related operations.
Operation authority: certain operations that can be performed on resources.
Resources: Valuable information or data, etc., are protected by security.
Application method:
successful login -> authorization to access personal user information page resources
3. Authentication
Authentication refers to the process of identifying and confirming the authenticity of a claimant's declared identity rights.
The main application methods are:
Access control card: through the access control card recognizer
Key: through the matching lock
Bank card: through the bank card recognizer
Internet web development session/cookie/token: verify the legitimacy and validity of the session/cookie/token effectiveness
Implementation method:
For example: JWT TOKEN, encrypt and sign data through fixed rules Encryption
: use algorithms to encrypt data, make data into ciphertext, so that humans cannot directly read;
signature: use algorithms to perform irreversible operations on data, so that The data not only becomes ciphertext, but also cannot be restored; the data generated by signature is unique and can be used to verify whether the data has been tampered with
4. Authority control:
Permission control refers to configuring various combinations of executable operations as a permission list, and then according to the permissions of the executor, if the operation is within the scope of permissions, it is allowed to execute, otherwise it is prohibited