Simon icon Simon
Flexible server monitoring

Authentication Failing with jsp

Hello-

Authentication is failing when username and password are input via POST using jsp.

Here's the behavior:
I set up the notification and use Preview to go through the authentication.
The password-protected page works fine until the authentication times out (a minute or so) and then fails until I hand log-in again.

I tried cookies but they get sent to the wrong page (the destination page, not the login page) and I don't know what else to try.

The server is Apache and all the pages are loaded via jsp (java server pages) calls (not html)

I don't know if it matters, but the site is secure: https.

Thanks for any help.

David Sinclair's picture

Re: Authentication Failing with jsp

Hi,

Tricky problem. I'd like to help, but I'm not sure how Simon can cope with that situation, if I understand it correctly.

Simon supports three forms of authentication: form (GET/POST) parameters, cookies stored from a form, and authentication challenges (i.e. where a web browser displays a username/password panel, rather than in the web page itself).

So if you can simulate the loading of the login form, that could be an option. But that probably isn't feasible with jsp.

If anyone else has any ideas (for either Simon as it stands, or ways I could enhance it to support this), let us know!

Need 2 URL's for Authentication

David-

Thanks for the speedy response. What I need is 2 URLs: One that does the jsp authentication and then the "real" url that is my destination. They both need to be in the same user session and happen within the 1-minute time-out (which shouldn't be a problem considering it would be automated.)

Any chance of getting something like that to try out?
Any other suggestions on how I might get something like that to work with the current tools?

Thanks,
Deb

David Sinclair's picture

Re: Need 2 URL's for Authentication

Not too easy to do that. You might be able to use two tests, set to be due in quick succession, but if it needs a session cookie to connect them, that won't work.

Otherwise, you could do it via a Script-based test, using the curl command. Not ideal, but might work. Again, cookies could be an issue.

Bad Cookie

I got it working with the tests in quick succession. Unfortunately that uncovered another problem: A cookie is created on the logon page and used on the target page. I faked the cookie for the target page and got it working. The problem is: after running once, the logon page is being passed back in the cookie intended for another page and choking big time. I can't figure out a way to disable the cookie in Simon (other than manually deleting it EVERY time the test runs. Obviously not a viable solution.) I know Simon is trying to do the right thing with cookies, but it's the wrong thing here.

I saw in another post that you have some new cookie stuff coming out. Is there any way to hack it in the current version?

Thanks for the help. :-)

David Sinclair's picture

Re: Bad Cookie

Yes, version 2.6 should have enhanced cookie management, so you'd be able to specify a cookie to not save, and other options.

I'm not sure that anything can be done in the meantime, though; there isn't any way to manage the cookies currently, other than manually editing the test each time. Sorry about that.

2.6 Beta?

Unfortunately, I'm dead in the water right now (and out fifty bucks.)

Do you have an ETA for 2.6?

Is there any way I can get a Beta copy of 2.6 to see if I can get it to work properly, please?

David Sinclair's picture

Re: 2.6 Beta?

I'm expecting the first 2.6 beta to be ready in about a month. Software development takes time; I haven't started the cookie changes yet.