I'm very new to JMeter, but I have some ideas of what JMeter could be used for. Also I have a Tomcat application with form authentication enabled. The thread I'm trying to use consists of:

• HTTP Request Defaults
• HTTP Cookie Manager
• HTTP Header Manager

and the following set of HTTP samplers:

• logout page (/app/logout.jsp)
• login page (/app/login.jsp)
• j_security_check (/app/j_security_check)

where Follow Redirects and Use KeepAlive are enabled. I cannot figure out why the j_security_check request response redirects to logout.jsp. After checking the HTTP response in Chrome, I've noticed that such request redirects to index.jsp, but never to the log out page if the credentials are fine. First of all, I had an idea that I didn't imitate all browser HTTP headers, but I've failed after I added all of them to HTTP Header Manager:

User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.859.0 Safari/535.2
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding gzip,deflate,sdch
Accept-Language en-US,en;q=0.8
Host    localhost:8080
Referer http://localhost:8080/whapp/index.jsp

But even after specifying all of them, I cannot simulate the authentication... Any ideas? Thanks in advance.

Did you try recording the login process, or were these all done manually?

If manually, there could be a parameter missing from one of your requests.

If recorded, there could be a hardcoded parameter that needs to be dynamic (JSessionID, etc.) You may need to add a GET with a regex to retrieve this value and pass to your POST.

If the JSessionID is expected as a parameter, you won't be able to pass it through the cookie manager, you'll need to do it as an HTTP parameter.

For a rundown on recording, please see http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.pdf