Login Form With Cookie From Login Page
Like the previous route, this template route intercepts the login page request, replaces it with the login form, and logs the user into the target application with hard-coded username and password. This route also adds a CookieFilter to manage cookies.
The route uses a default CookieFilter
to manage cookies. In this default configuration, cookies from the protected application are intercepted and stored in the IG session. They are not sent to the browser. For information, see "CookieFilter".
{ "heap": [ { "name": "ReverseProxyHandler", "type": "ReverseProxyHandler", "comment": "Testing only: blindly trust the server cert for HTTPS.", "config": { "tls": { "type": "ClientTlsOptions", "config": { "trustManager": { "type": "TrustAllManager" } } }, "hostnameVerifier": "ALLOW_ALL" } } ], "handler": { "type": "Chain", "config": { "filters": [ { "type": "PasswordReplayFilter", "config": { "loginPage": "${request.uri.path == '/login'}", "request": { "method": "POST", "uri": "https://app.example.com:8444/login", "form": { "username": [ "MY_USERNAME" ], "password": [ "MY_PASSWORD" ] } } } }, { "type": "CookieFilter" } ], "handler": "ReverseProxyHandler" } }, "condition": "${matches(request.uri.query, 'demo=cookie')}" }
To try this example with the sample application:
Add the following route to IG:
$HOME/.openig/config/routes/22-cookie.json
%appdata%\OpenIG\config\routes\22-cookie.json
Replace
MY_USERNAME
withkramer
, andMY_PASSWORD
withN3wman12
.Add the following route to serve static resources, such as .css, for the sample application:
$HOME/.openig/config/routes/static-resources.json
%appdata%\OpenIG\config\routes\static-resources.json
{ "name" : "sampleapp_resources", "baseURI" : "http://app.example.com:8081", "condition": "${matches(request.uri.path,'^/css')}", "handler": "ReverseProxyHandler" }
Go to http://openig.example.com:8080/login?demo=cookie.
The sample application page is displayed.
Method POST URI /login Cookies Headers content-type: application/x-www-form-urlencoded content-length: 31 host: app.example.com:8444 connection: Keep-Alive user-agent: Apache-HttpAsyncClient/... (Java/...)
Refresh your connection to http://openig.example.com:8080/login?demo=cookie.
Compared to the example in "Login Form With Cookie From Login Page", this example displays additional information about the session cookie:
Cookies session-cookie=123...
To use this as a default route with a real application:
Replace the test ReverseProxyHandler with one that is configured to trust the application's public key server certificate. Otherwise, use a ReverseProxyHandler that references a truststore holding the certificate.
Configure the ReverseProxyHandler to strictly verifiy hostnames for outgoing SSL connections.
In production, do not use
TrustAllManager
for TrustManager, orALLOW_ALL
for hostname verification. For information, see "ReverseProxyHandler".Change the
uri
andform
to match the target application.Remove the route-level condition on the handler that specifies a
demo
query string parameter.