Monday, December 3, 2012

Apache JMeter along with jsf pages

Two days ago i was allocated a task from my team leader to load test our new web application after deploying it on the production environment. We used lots of open source technologies in this application but the main challenge was to configure JMeter to pass the JSF login page that contains a button posts to a JSF action.

If you don't know about JMeter, you may need to read this topic on my blog.

Step 1: Creating a Thread Group with the following configuration:

Name: Schindler Thread Group
Number of threads (Users): 300
Ramp-Up Period (In seconds): 2
Loop count: 2

Step 2: Creating Once Only Controller under the Thread Group with the following configuration:

Name: Schindler Login

Step 3: Creating an HTTP Request under the Once Only Controller with the following configuration

Name: Initial Login request
Server Name:
Port Number: 80
Path: /Schindler-web/login.xhtm
Implementation: Java
Protocol: HTTP
Method: GET
Follow Redirects: True

Step 4: Creating an XPath Extractor to extract the view state of the login button

Name: Xpath Extractor
ِApply to: Main sample only
Reference name: myViewState
XPath query: //input[@id='javax.faces.ViewState']/@value

Step 5: Creating an HTTP Request to submit credentials to the jsf login action with the following config

Name: Auth
Server Name:
Port Number: 80
Path: /Schindler-web/login.xhtml
Implementation: Java
Protocol: HTTP
Method: POST
Follow Redirects: True
Use KeepAlive: True

j_username : admin : encode = true : include equals = true
j_password : password : encode = true : include equals = true
javax.faces.ViewState : ${myViewState} : include equals = true
login : Login : include equals = true
loginForm : loginForm : include equals = true

Step 6: In the same level of the Once Only Controller create an HTTP URL Re-writing modifier to extract the session id with the following configuration

Name: HTTP URL Re-writing Modifier
Session Argument Name: JSESSIONID
Cache Session ID = true

Step 7: Create an HTTP Cookie Manager to save the session id and sending it along with all the requests

Name: HTTP Cookie Manager

Step 8: Create some listeners to view the results in my case i preferred to use View Results in Table, Graph Results, and View Results Tree.

Table View

Graph View

Tree View

Notes: To be able to survive any problems you face, use Firebug to check the request on your browsers and what are the parameters sent along with the request and make sure that your jmeter requests are configured with the same parameters and values.


  1. Hi Hussein,
    This post is really good. I was under the impression that "HTTP URL Re-writing" alone was enough, even jmeter documentation does not says about using "HTTP Cookie Manager" together with "HTTP URL Re-writing modifier". My doubt is whether "HTTP Cookie Manager" is really needed ?.I am testing a web application with a URL like "http:////Home.action;jsessionid=057552999A84A7EE1F82920FFGA99142.No cookie is used in the site.

    My guess is i just need to use "HTTP URL Re-writing modifier" alone.Could u plz give ur suggestions..

    1. Yes cookie manager is important to save your session ID and send it automatically along with all the requests after authentication..

      The way you send it is wrong because its dynamically changed after login

    2. Thank you for the quick reply. I agree with ur argument about cookie manager. But i think JSession id is somthing that is passed thru URL's.since my application also uses cookies (initially i thought otherwise)as well, i am using cookie manager and for jsessionid, i'm using url rewriting modifier.

    3. Correlation - Regular Expression Extractor
      I have the following POST data:

      and i need to extract : &sk=16dcc29ca6320a4583aa32fa0c5035f7eb9a

      The value is SK changes in every iternation(Session ID)

      I am using RegEx : &sk=(.*?) or &sk=(.+?) both are not working :(

  2. This comment has been removed by the author.

  3. Excellent Post. Also visit

  4. Also I don't understand how JSESSIONID is used in this case. How do you think don't you need IF Controller? Or add some assertions to check if login is working correctly.

  5. JSESSIONID is used to maintain the login session or the application will return the login page each time you fire a new request.. Also the application uses jsf along with spring security and you will not be able to request any page without doing authentication..

    The trick here is to extract the session id so that the application knows that you have already logged in, and extracting the jsf viewstate to bypass the view expired error of jsf..

  6. Hi there, Hussein.
    Thank you for the post.

    I used the Xpath to extract the ViewState variable and the HTTP Cookie Manager to manage it. Worked.

    When I add the HTTP URL Re-Writing Modifier to handle the jsessionid variable, I lost the ViewState... I mean, the javax.faces.ViewState variable became random again. Disabling the URL Re-Writing Modifier is enough to get it back.

    I noticed one difference: my cookier manager only works with policy rfc2965.

    Any hint? I'm kind lost here.7

    Thank you.

  7. Thanks for the post, very helpful. However it isn't recommended to use XPath Extractor for correlation as it builds DOM tree which consumes memory and is bad for JMeter-side performance so it's recommended to use Regular Expressions where possible. See guide for more details on how to optimize your JMeter test

  8. Hello, thanks very good post. I could extract and pass jsessionid and javax,faces,ViewState variable, but I have a problem. When my application (at server side) ask for a session attribute I get http 500 error, and throws the following exception com.sun.faces.mgbean.ManagedBeanCreationException.

    If I go to Tomcat Manager, I could see the session and the manage bean refered.

    Any ideas???

  9. Salam,

    This is a very interesting entry.

    I don't really know why XPath didn't work for me.

    I am using JMeter 3.0