Spring security Gatling test CSRF Spring安全性通过web表单阻止我的帖子
我想做一个Gatling测试,并通过带有表单参数的Post发送表单,但我得到了403,因为spring Security生成了一个CSRF令牌,我的场景如下:Spring security Gatling test CSRF Spring安全性通过web表单阻止我的帖子,spring-security,token,csrf,gatling,csrf-protection,Spring Security,Token,Csrf,Gatling,Csrf Protection,我想做一个Gatling测试,并通过带有表单参数的Post发送表单,但我得到了403,因为spring Security生成了一个CSRF令牌,我的场景如下: val sentHeaders=Map( “内容类型”->“应用程序/x-www-form-urlencoded”, “用户代理”->“Mozilla/5.0(Windows NT 10.0;WOW64;rv:52.0)Gecko/20100101 Firefox/52.0”, “接受”->“text/html,application/
val sentHeaders=Map(
“内容类型”->“应用程序/x-www-form-urlencoded”,
“用户代理”->“Mozilla/5.0(Windows NT 10.0;WOW64;rv:52.0)Gecko/20100101 Firefox/52.0”,
“接受”->“text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8”,
“接受语言”->“fr,fr-fr;q=0.8,en-US;q=0.5,en;q=0.3”,
“连接”->“保持活动状态”)
val rechercheavancescn=scenario(“RechercheAvanceeAgent”)。在(TestsPerfConfiguration.dureeTest,“RechercheAvanceeAgentDuration”,true)期间{
//第一阶段:认证
执行官(
http(“身份验证”)
.get(“/authlogin?sid=1&app=999&code\u teleservice=DELTA-T”))
//第2阶段:表格Recherche Avanceée
行政长官(
http(“rechercheavanceform”)
.get(“/recherche/avancee/form”)
.检查(状态为(200))
)
/阶段3:
行政长官(
http(“RechercheAvanceAgentPost”)
.post(“/recherche/avancee/result”)
.标题(sentHeaders)
.formParam(“mrn.comparateur”、“EGAL”)
.formParam(“mrn.value”,“”)
.formParam(“typeDeclaration.value”,“”)
.formParam(“Date处子秀.比较器”,“EGAL”)
.formParam(“DateFirst.value”,“”)
.formParam(“DateFirst.valueMax”和“”)
.formParam(“DateLimitePresentationArchandises.Comparator”,“EGAL”)
.formParam(“DateLimitePresentationArchandises.value”,“”)
.formParam(“DateLimitePresentationArchandises.valueMax”,“”)
.formParam(“modeTransmission.value”,“TOUS”)
.formParam(“TypeProceduredPart.value”,“”)
.formParam(“typeProcedureDestination.value”,“”)
.formParam(“dateFin.Comparator”、“EGAL”)
.formParam(“dateFin.value”和“”)
.formParam(“dateFin.valueMax”,“”)
.formParam(“dateDepotDeclaration.Comparator”、“EGAL_HEURE_MINUTES”)
.formParam(“dateDepotDeclaration.value”和“”)
.formParam(“heuredpotdeclaration.value”,“00:00”)
.formParam(“dateDepotDeclaration.valueMax”和“”)
.formParam(“heuredpotdeclaration.valueMax”,“00:00”)
.formParam(“DonneeSureteSecurite.value”,“”)
.formParam(“PaySepedition.value”,“”)
.formParam(“命名法比较法”、“EGAL”)
.formParam(“nomencatureMarchandises.value”,“”)
.formParam(“paysDestination.value”和“”)
.formParam(“ValeFactureTotal.Comparater”、“EGAL”)
.formParam(“ValeFactureTotale.value”和“”)
.formParam(“ValeSurfactureTotale.valueMax”,“”)
.formParam(“bureauDepart.value”和“”)
.formParam(“bureaudestimation.value”,“”)
.formParam(“bureauPassage.value”和“”)
.formParam(“circuitBureauDepart.value”和“”)
.formParam(“ResultatControlsDeep.value”,“”)
.formParam(“circuitBureauPassage.value”,“”)
.formParam(“resultatControlesPassage.value”,“”)
.formParam(“circuitbreaaudestination.value”,“”)
.formParam(“resultatControlesDestination.value”,“”)
.formParam(“typeGarantie.value”、“TYPE_1”)
.formParam(“dateDebutGarantie.Comparator”、“EGAL”)
.formParam(“dateDebutGarantie.value”和“”)
.formParam(“dateDebutGarantie.valueMax”,“”)
.formParam(“montantDetteSusceptibleNaitre.comparator”、“EGAL”)
.formParam(“montantdetesusceptiblenaitre.value”,“”)
.formParam(“montantdetesusceptiblenaitre.valueMax”,”)
.formParam(“grn.Comparator”、“EGAL”)
.formParam(“grn.value”和“”)
.formParam(“dateFinGarantie.comparateur”、“EGAL”)
.formParam(“dateFinGarantie.value”和“”)
.formParam(“dateFinGarantie.valueMax”,“”)
.formParam(“_suiteNonLiberationService.booleanValue”,“on”)
.formParam(“_suiteControlArantie.booleanValue”,“on”)
.formParam(“etadeclaration.value”,“VALIDEE_MRN”)
.formParam(“结果”、“”)
.检查(状态为(200))
)
}您可以通过检查从页面获取令牌,然后保存并稍后使用。csrf令牌将在服务器的响应中发送。您只需要找到它被发送到的位置,并使用营火所说的
check().saveAs()