What is the 'secret' parameter in URL while trying to delete durable Subscriber from the ActiveMQ WebConsole?

Question

I need to delete durable subscribers after each JMeter's test run using JMeter.

I would like to create HTTP request to the ActiveMQ Web Console as it is shown on browser WebConsole.

But I need to know:

1. What is the "secret" parameter in URL?
2. How it can be generated?
3. If it will be valid for JMeter's HTTP request?

Answer 1

The "secret" parameter was introduced to stop Cross Site Request Forgery (CSRF) attacks on the web console. See AMQ-2613 for more details on that.

You will not be able to generate your own "secret" in order to send a valid request to that URL from JMeter.

You should instead use ActiveMQ's integration with the Jolokia JMX-HTTP bridge to interact directly with ActiveMQ's JMX management beans. For example, the DurableSubscriptionViewMBean has a destroy method you can invoke.

That said, the best option would be to simply invoke javax.jms.Session#unsubscribe() from your JMS client. This is the normal way subscriptions are supposed to be deleted.

Answer 2

You don't need to "generate" this value, you need to "extract" this value from the previous response using a suitable Post-Processor (CSS Selector Extractor is a good choice)

Just inspect the immediately previous response source and you will see this "secret" value there. Fetch it, store into a JMeter Variable and you should be good to go.

More information: How to Load Test CSRF-Protected Web Sites