前端使用JMeter测试JSEncrypt加密登录

简介:前端开发时会接触到用户登录,登录时为了数据的安全会使用到jsencrypt加密工具,同时我们需要使用jmeter来进行压测,帮助我们了解Web应用程序在高负载情况下的性能表现,从而为优化应用程序性能提供参考

环境:

1.JMeter: 5.5
2.JDK: 8.0
3.插件:
安装插件:jmeter-plugins-manager-1.3.jar

1.创建线程组

2. 创建HTTP信息头管理器

Content-Type :application/json

3. 创建HTTP请求


3.1请求接口说明requestBody:
loginType登录类型,phone登录的手机号,password加密后的密码

{"loginType":0, "phone":"${username}","password":"${rsa_pwd}"}

4. 添加前置处理器

4.1 添加csv文件


4.2 添加JSR223预处理程序

4.2.1 获取公钥并保存


脚本:

// 导入必需的类import org.apache.http.client.methods.HttpGetimport org.apache.http.impl.client.HttpClientsimport org.apache.http.util.EntityUtils// 创建一个 HTTPS 连接def httpClient = HttpClients.createDefault()// 创建一个 HTTP GET 请求def httpRequest = new HttpGet("https://XXXXX.com/auth-server/oauth/publickey")// 发送 HTTP GET 请求并获取响应def httpResponse = httpClient.execute(httpRequest)// 获取响应数据def response = EntityUtils.toString(httpResponse.getEntity())// 将响应数据保存到 JMeter 变量中vars.put("response", response)// 关闭连接httpClient.close()
4.2.2 加密用户的密码

var log = org.apache.logging.log4j.LogManager.getLogger();var response = vars.get("response");var navigator = this;var window = this;// 引用在线jsencrypt.min.js包,也可以下载到本地再引用load("https://passport.cnblogs.com/scripts/jsencrypt.min.js");log.info("==================================开始加密==============================");// 获取公钥var pubKey = JSON.parse(response).data; log.info("公钥:"+pubKey);// 使用JSEncrypt库对数据进行加密var encrypt = new JSEncrypt();encrypt.setPublicKey(pubKey);// 用户名var username = '${phone}'; log.info("用户名:"+username);// 将用户名保存到 JMeter 变量中vars.put("username", username)// 获取密码var password = '${password}'; log.info("密码:"+password);// 获取当前时间戳var currentTime = new Date().getTime(); log.info("当前时间戳:"+currentTime);// 将密码和当前时间进行拼接var data = password + "," + currentTime;var rsa_pwd = encrypt.encrypt(data);log.info("加密后数据:"+rsa_pwd);// 将加密后数据保存到 JMeter 变量中vars.put("rsa_pwd", rsa_pwd)log.info("==================================结束加密==============================");

5. 添加-断言-JSON断言

6.添加-后置处理器-JSON提取器

提取登录成功后,后端返回的token

7.添加-监听器-察看结果树

8.添加-监听器-聚合报告

9.开始测试

9.1接口响应结果:

9.2聚合报告:


补充:你也可以直接使用我配置好的jmx文件,在jmeter中直接打开即可:

falsetruefalsefalsesaveConfigtruetruetruetruetruetruetruetruefalsetruetruefalsefalsefalsetruefalsefalsefalsetrue0truetruetruetruetruetruefalsesaveConfigtruetruetruetruetruetruetruetruefalsetruetruefalsefalsefalsetruefalsefalsefalsetrue0truetruetruetruetruetruefalsesaveConfigtruetruetruetruetruetruetruetruefalsetruetruefalsefalsefalsetruefalsefalsefalsetrue0truetruetruetruetruetrue1000falsefalsefalsexxxxxx.comCPUxxxxxx.comMemoryxxxxxx.comNetwork I/Ocontinuefalse1101falsetrueContent-Typeapplication/jsontruefalse{"loginType":0,"phone":"${username}","password":"${rsa_pwd}"}=xxxxxx.comhttps/auth-server/oauth/loginPOSTtruefalsetruefalse,UTF-8C:/Users/chenhongxin/Desktop/20用户.csvtruefalsefalseshareMode.alltruephone,passwordgroovytrue// 导入必需的类import org.apache.http.client.methods.HttpGetimport org.apache.http.impl.client.HttpClientsimport org.apache.http.util.EntityUtils// 创建一个 HTTPS 连接def httpClient = HttpClients.createDefault()// 创建一个 HTTP GET 请求def httpRequest = new HttpGet("https://xxxxxx.com/auth-server/oauth/publickey")// 发送 HTTP GET 请求并获取响应def httpResponse = httpClient.execute(httpRequest)// 获取响应数据def response = EntityUtils.toString(httpResponse.getEntity())// 将响应数据保存到 JMeter 变量中vars.put("response", response)// 关闭连接httpClient.close()javascripttruevar log = org.apache.logging.log4j.LogManager.getLogger();var response = vars.get("response");var navigator = this;var window = this;// 引用在线jsencrypt.min.js包,也可以下载到本地再引用load("https://passport.cnblogs.com/scripts/jsencrypt.min.js");log.info("==================================开始加密==============================");// 获取公钥var pubKey = JSON.parse(response).data; log.info("公钥:"+pubKey);// 使用JSEncrypt库对数据进行加密var encrypt = new JSEncrypt();encrypt.setPublicKey(pubKey);// 用户名var username = '${phone}'; log.info("用户名:"+username);// 将用户名保存到 JMeter 变量中vars.put("username", username)// 获取密码var password = '${password}'; log.info("密码:"+password);// 获取当前时间戳var currentTime = new Date().getTime(); log.info("当前时间戳:"+currentTime);// 将密码和当前时间进行拼接var data = password + "," + currentTime;var rsa_pwd = encrypt.encrypt(data);log.info("加密后数据:"+rsa_pwd);// 将加密后数据保存到 JMeter 变量中vars.put("rsa_pwd", rsa_pwd)log.info("==================================结束加密==============================");//// 将加密后的密码和用户名添加到HTTP请求参数中//vars.put("rsa_pwd", rsa_pwd);//vars.put("username", username);////$.code200truefalsefalsetruetoken$.data.token1falsetruefalse