struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasserzam...@apache.org>
Subject Re: Struts2 login action class seems to be reused
Date Wed, 07 Mar 2018 10:22:36 GMT


On 3/5/2018 7:48 PM, Prasanth wrote:
> For replicating the issue I was directly accessing /context2/Login.action. So /context1
was not used in testing.

Please let me repeat what I understood; When some users are signed in
into /context1, you browses /context2/Login.action via JMeter empty
requests, but about 2 percent of them, successfully sign in into /context2!

Did I understand the issue correctly? If so, it's very odd ... and I
like strange issues :)

Does this issue also happen even when no one is signed in into
/context1? If so, does this issue also happen when /context1 is stopped
(i.e. /context2 never get any forwarded request from /context1 so far)?
I ask these to know if this issue is dependent to the app on /context1
or not.

I see you use Undertow web server and I reviewed it and saw it's highly
non-blocking async web server. Then ... please add a hidden field to
your login.jsp which it's value will be
request.getParameter("testIfStrutsReusesAction"). In JMeter add
testIfStrutsReusesAction=JMeter to your request parameters. Then re-run
JMeter and see if those two successful requests have a hidden field with
value "JMeter" in their response?? (also see that other requests must
have this hidden field elsewhere there is a problem in your impl of
these). I ask these to know if that successful response is really a
response for your JMeter request!

If none of above were helpful, then could you please share
/context2/Login.action? I need to see how do you authenticate? Only via
request params? Or session or something else makes sense also?

Regards.
Mime
View raw message