JSON web token generator for JMeter
Unfortunately there is at the moment no out-of-box solution for processing JWT-signed requests in JMeter.
Looks like you have at least the following options:
Try to use gatling instead of JMeter. Gatling has already implemented extension for this payload - gatling-jwt - but seems that it supports currently only GET requests.
Possibly you can try to extend standard HTTP Request Sampler or custom REST Sampler with JWT signing using any java implementation of JWT - like it's done in OAuth Sampler plugin for OAuth payload.
But it may appear quite complex way which requires a bit of development experience as well as will be not error-prone - inaccurate implementation may cause performance degradation and affect your test-results.Approach with Pre- and Post-processors for JWT-signing and response verification you've mentioned in your question seems to be reasonable compromise.
When I've stuck on the same issue my first and quite successful approach with Pre- and PostProcessors usage too.
Several points to note:- use JSR233 (both PreProcessor and PostProcessor) + Groovy instead of Beanshell for performance reasons (for details you can look into this article);
- select any stable java implementation of JWT from list of available;
I've used jjwt and find it good enough as well simple to use; - perform request body JWT-signing in PreProcessor, store signed body into variable, send it along with HTTP request as Body Data and decode response in PostProcessor;
HTTP Request // your http callBody Data = ${jwtSignedBody} // variable with request body already signed in pre-processor JSR233 PreProcessor // sign here your body data and put into variable JSR233 PostProcessor // decode JWT-signed response - it may be extremely useful for debugging and further processing to update in PostProcessor response body with decoded response like in the script above.
You can use a BeanShell PreProcessor to calculate the JWT bearer token prior to the HTTP Request sampler.
Here is the script that can generate a JWT bearer token for use in HTTP requests:
import io.jsonwebtoken.JwtBuilder;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.SignatureAlgorithm;String jwtIssuer = "your-issuer-here";String signingKey = "your-signing-key-here";String subject = "your-subject-here";// Additional parts of payload here if you likeString groups = "[]";//The JWT signature algorithm we will be using to sign the tokenSignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;JwtBuilder builder = Jwts.builder() .setPayload("{\n" + " \"iss\": \"" + jwtIssuer + "\",\n" + " \"iat\": " + new Date(System.currentTimeMillis()).getTime() / 1000 + ",\n" + " \"sub\": \"" + username + "\",\n" + " \"groups\": " + groups + "\n" + "}") .setHeaderParam("typ", "JWT") .signWith(signatureAlgorithm, signingKey.getBytes());vars.put("bearerToken", builder.compact());Obviously hard coding the subject is not too valuable, because otherwise you could just hard code the bearer token in the http request. So you can use vars.get to get jmeter variables. In my case I load the subject from a "CSV Data Set config" and then set String subject = vars.get("subject");
Now you can create an HTTP Header Manager on your HTTP Request sampler to add the bearer token:
<HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true"> <collectionProp name="HeaderManager.headers"> <elementProp name="" elementType="Header"> <stringProp name="Header.name">Authorization</stringProp> <stringProp name="Header.value">Bearer ${bearerToken}</stringProp> </elementProp> </collectionProp> </HeaderManager>Run your test and you should see your bearer token is present, and your request is authenticated.
JMeter doesn't have direct JWT processing capabilities. But we can write a custom JMeter extension for this purpose.We can use generic JWT token processing libraries for our implementation.
I did one such implementation for my testing requirements. You can access that code on Github and get an idea as well.https://github.com/gvasanka/jwt-builder-jmeter-ext