name: credentials http: - host: https://localhost:8084 phases: - use-cookie: atOnce: users: 1 scenario: # Make sure that without the cookie (before login) the request fails with 401 - before-login: - httpRequest: GET: /howto/credentials/secure handler: autoRangeCheck: false # Don't fail with 4xx-5xx status: range: 401 - login-with-form: - randomCsvRow: file: credentials.csv columns: 0: username 1: password - httpRequest: POST: /howto/credentials/login body: form: - name: username fromVar: username - name: password fromVar: password # Here we already have the cookie set to a httpRequest will succeed - after-login: - httpRequest: GET: /howto/credentials/secure - use-bearer-token: atOnce: users: 1 scenario: - request-login-page: # This first request will response with WWW-Authenticate header - httpRequest: GET: /howto/credentials/login handler: autoRangeCheck: false status: range: 401 - login-with-basic-auth: - randomCsvRow: file: credentials.csv columns: 0: username 1: password - template: pattern: ${username}:${password} toVar: concatenated - httpRequest: GET: /howto/credentials/login headers: # Our example runs over HTTP2 and that mandates lower-case header names authorization: Basic ${base64encode:concatenated} # With Authorization header the server will reply with token # and redirect us to the secured page. `httpRequest` implements # automatic redirection through `handler.followRedirect` but that # wouldn't send the token, so we'll do that manually handler: header: - filter: header: x-token processor: - store: token status: range: 30x - after-login: - httpRequest: GET: /howto/credentials/secure headers: authorization: Bearer ${token}