【求助】关于JMeter 测试登录验证的问题

yifeiluodi

最近在测试一个新的协议，需要实现以下的问题：
基本流程：client--->http get--->server, server-->401 with www-authenticate---> client， client--->htt get with authorization--->server, server---->200 Ok-----client

>第一次请求，未携带验证码
> GET Server/pagedisplay.do?pub=bor
>
> [no cookies]
>
> Request Headers:
> Host: Server
> Accept-Language: en-us
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
> CLR 1.1.4322; .NET CLR 2.0.50727)
> Cookie: BIGipServerbookstore_10.254.243.61_80=1089732106.20480.0000
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/x-shockwave-flash, application/vnd.ms-excel,
> application/vnd.ms-powerpoint, application/msword, */*
>
> 服务器判断请求未携带验证码，返回401错误+验证码
> HTTP response headers:
> HTTP/1.1 401 Authorization Required
> Date: Tue, 25 Sep 2007 05:11:16 GMT
> Server: Apache
> WWW-Authenticate: Digest realm="realm",
> nonce="ZKFAxO46BAA=6771f0ede4e1b7f8944575fa7d0695190cc604bd", algorithm=MD5,
> domain="/ http://server/", qop="auth"
> Vary: Accept-Encoding
> Content-Length: 401
> Keep-Alive: timeout=4, max=99
> Connection: Keep-Alive
> Content-Type: text/html; charset=iso-8859-1
>
> 第二次请求，携带验证码>
> GET Server/pagedisplay.do?pub=bor >
> [no cookies]
>
> Request Headers:
> Authorization: Digest username="admin", realm="realm", qop="auth",
> algorithm="MD5", uri="/BookStore/pagedisplay.do",
> nonce="ZKFAxO46BAA=6771f0ede4e1b7f8944575fa7d0695190cc604bd", nc=00000001,
> cnonce="c8bb506b9e009888b80c3501fac26142",
> response="1e5e62f9e7c31a703c7ea87e8697cd7a" > Host: server
> Accept-Language: en-us
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
> CLR 1.1.4322; .NET CLR 2.0.50727)
> Cookie: BIGipServerbookstore_10.254.243.61_80=1089732106.20480.0000
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/x-shockwave-flash, application/vnd.ms-excel,
> application/vnd.ms-powerpoint, application/msword, */*
>
> 服务器判断请求已经携带验证码，返回200OK>
> HTTP response headers:
> HTTP/1.1 200 OK
> Date: Tue, 25 Sep 2007 05:11:17 GMT
> Server: Apache
> Authentication-Info: rspauth="49a7f7e7c79d2fd8d83ae5842527c132",
> nextnonce="AA9UxO46BAA=5223a6ee6668f9bacbe64c226d9858baba10d213",
> cnonce="c8bb506b9e009888b80c3501fac26142", nc=00000001, qop=auth
> X-Powered-By: MPS Tech. WS
> Set-Cookie: JSESSIONID=53DDE066F8C6A61A20FBD62F05BD0E13.node1; Path=/
> Pragma: No-cache
> Cache-Control: no-store
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_BOR=null;
> Expires=Thu, 01-Jan-1970 00:00:10 GMT
> Set-Cookie: JSESSIONID=DE61FC350B16BE48BAB8DB184A097453.node1; Path=/
> Vary: User-Agent,Accept-Encoding
> Keep-Alive: timeout=4, max=98
> Connection: Keep-Alive
> Content-Type: text/html;charset=UTF-8

第一次返回的错误消息的消息头已经返回了验证码nonce,运用JMeter 的后置处理器--正则表达式可以获取这个节点的值。
问题的关键在于：如何让第二次请求的消息头包括 cnonce 和 response这两个节点的值，即上文协议中红色字体的内容。
请求大侠们帮助，在线等待！

[ 本帖最后由 yifeiluodi 于 2010-1-12 11:00 编辑 ]

yifeiluodi

原来这个cnonce 和 response是随机生成的字符串，cnonce是自动生成的，response 是由nonce 和cnonce相加用MD5 digest 加密生成的。

新问题就是JMeter怎么来进行这个步骤，最后就想到 BeanShell Processor来做这一步。初学者对于BeanShell脚本来说是初学者，还不知道怎么写这个脚本代码。请各位大侠帮帮忙，看下怎么写BeanShell脚本代码。