Simple Login Form
This template route intercepts the login page request, replaces it with a login form, and logs the user into the target application with hard-coded username and password:
{ "heap": [ { "name": "ReverseProxyHandler", "type": "ReverseProxyHandler", "comment": "Testing only: blindly trust the server cert for HTTPS.", "config": { "tls": { "type": "ClientTlsOptions", "config": { "trustManager": { "type": "TrustAllManager" } } }, "hostnameVerifier": "ALLOW_ALL" } } ], "handler": { "type": "Chain", "config": { "filters": [ { "type": "PasswordReplayFilter", "config": { "loginPage": "${request.uri.path == '/login'}", "request": { "method": "POST", "uri": "https://app.example.com:8444/login", "form": { "username": [ "MY_USERNAME" ], "password": [ "MY_PASSWORD" ] } } } } ], "handler": "ReverseProxyHandler" } }, "condition": "${matches(request.uri.query, 'demo=simple')}" }
To try this example with the sample application:
Add the following route to IG:
$HOME/.openig/config/routes/21-simple.json
%appdata%\OpenIG\config\routes\21-simple.json
Replace
MY_USERNAME
withdemo
, andMY_PASSWORD
withCh4ng31t
.Add the following route to serve static resources, such as .css, for the sample application:
$HOME/.openig/config/routes/static-resources.json
%appdata%\OpenIG\config\routes\static-resources.json
{ "name" : "sampleapp_resources", "baseURI" : "http://app.example.com:8081", "condition": "${matches(request.uri.path,'^/css')}", "handler": "ReverseProxyHandler" }
Go to http://openig.example.com:8080/login?demo=simple.
The sample application profile page for the demo user displays the following information about the request:
Method POST URI /login Cookies Headers content-type: application/x-www-form-urlencoded content-length: 31 host: app.example.com:8444 connection: Keep-Alive user-agent: Apache-HttpAsyncClient/4.1.2 (Java/1.8.0_144)
To use this as a default route with a real application:
Replace the test ReverseProxyHandler with one that is configured to trust the application's public key server certificate. Otherwise, use a ReverseProxyHandler that references a truststore holding the certificate.
Configure the ReverseProxyHandler to strictly verifiy hostnames for outgoing SSL connections.
In production, do not use
TrustAllManager
for TrustManager, orALLOW_ALL
for hostname verification. For information, see "ReverseProxyHandler".Change the
uri
,form
, andbaseURI
to match the target application.Remove the route-level condition on the handler that specifies a
demo
query string parameter.