0

The requirement is to make a POST request to a particular URL with a given JSON payload. The URL will only respond if the payload is correct and the request is via POST.

This is my code:

request1 = HTTPRequest()
control = HTTPPluginControl.getConnectionDefaults()
httpUtilities = HTTPPluginControl.getHTTPUtilities()
control.setProxyServer("proxy.example.com", 1234)

payload = JSONObject({
  "uaaURL": "https://com-example.something.com",
  "sampleID": "admin",
  "sampleSecret": "password",
  "sampleID2": "example-sample-el",
  "sampleSecret2": "ssenjsoemal/+11=",
  "username": "test",
  "someAttributes": {
    "Groups": [
      "example_com-abc"
    ],
    "attribute": [
      "value1"
    ]
  }
})
payload = str(payload)

url = "https://example-something.com:6443/getvalues"
headers = [
    NVPair('Content-Type', 'application/json'),
    NVPair('Charset', 'UTF-8'),]

class TestRunner:
    def __call__(self):
        result = request1.POST(url, payload, headers)
        print payload, headers

Now the issue with this is that my POST request gives me a 403 forbidden. However, when I use the same payload and send the request using DHC, it gives me a 200. So I'm sure of the payload and the link I'm connecting to. The proxy also I've tested in another script and works fine. Besides, if the proxy didn't work, I wouldn't get a 403 either. Lastly, I'm parsing it as a string because POST requires the second argument to be string that it will internally convert into byte[].

I'm really not able to understand what's happening so any insight would be immensely helpful. Thanks in advance

EDIT: Fiddler's catch of DHC's Request

POST https://example-something.com:6443/getvalues HTTP/1.1
Host: example-something.com:6444
Connection: keep-alive
Content-Length: 688
Origin: chrome-extension://aejoelaoggembcahagimdiliamlcdmfm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

{
                "uaaURL": "https://com-example.something.com",
                "sampleID": "admin",
                "sampleSecret": "password",
                "sampleID2": "example-sample-el",
                "sampleSecret2": "ssenjsoemal/+11=",
                "username": "test",
                "someAttributes": {
                                "Groups": [
                                  "example_com-abc"
                                ],
                                "attribute": [
                                  "value1"
                                ]
                }
}

I even edited my Grinder request headers to so

headers = (
    NVPair('Content-Type', 'application/json'),
    NVPair('Charset','UTF-8'),
    NVPair('Accept', '*/*'),
    NVPair('Accept-Encoding', 'gzip, deflate, br'),
    NVPair('Accept-Language', 'en-US,en;q=0.8'),
    NVPair('Connection', 'keep-alive'),
    )
Izy-
  • 1,041
  • 2
  • 16
  • 29

2 Answers2

0

Best guess? You are likely missing a header with some credential information to pass a proxy/firewall/access gate to the application. Your REST Client, DHC, likely is passing this additional data but grinder is not. Grab a proxy (Fiddler, Charles, etc...) and check out the handshake from DHC to your destination and then match that with Grinder. My guess is you will find the delta.

James Pulley
  • 5,606
  • 1
  • 14
  • 14
  • Thanks for the idea. Am doing the same using Fiddler but not exactly able to understand the result. In Fiddler, when the request is done via DHC, Fiddler picks up 2 things, i.e, a tunnel to the url and then a https call to the function "getvalues". And in the second https call, I see the POST data. However, for the grinder request, I see one /script/api/validate call to the IP of the machine my grinder is running on and that's showing as 200 OK. In the raw column, it shows me the result grinder shows in it's log box. Not able to see my request data or even the 403 for that matter. – Izy- Sep 19 '16 at 05:30
  • In other words, I'm able to see DHC's request to the website clearly. But am able to see Grinder's response only. I thought it was because I was sending it via a proxy but removing that line also I'm not able to see anything but grinder's response. – Izy- Sep 19 '16 at 05:46
  • So, for some reason you have apples/tangelos on the request. The one coming from grinder is not matching that of DHC. Have you considering converting the DHC requests to grinder test code so they match? – James Pulley Sep 19 '16 at 14:17
  • I don't know if the one from Grinder is even matching with DHC because I can't see the call from Grinder. I checked Wireshark too, can only see the response. DHC atleast I can see via these sniffers. And what do you mean by convert the DHC req to grinder code? – Izy- Sep 19 '16 at 14:40
  • If the request streams are different between the two tools then you should not expect similar behavior. My suggestion is to use a proxy trace from DHC as the basis for building your test code in grinder so the exact same sequence of requests is made (including all headers). Then if you have a deviation in expected results it is down to tool and no dissimilar requests – James Pulley Sep 19 '16 at 19:45
  • Thanks James, have edited to show what DHC's request was sending out according to Fiddler. Please do have a look, everything essential from that is what I'm sending as headers via grinder as well. – Izy- Sep 21 '16 at 13:42
0

The issue was that Grinder was not able to access the port. It had nothing to do with the JSON. The URL, which runs on port 6443 was the problem and Grinder couldn't access that (don't know why). I changed my URL itself to run on the default port 8080 and instantly my script worked. Thanks for the help!

Izy-
  • 1,041
  • 2
  • 16
  • 29