Logging In With Credentials From a File
The following figure illustrates the flow of requests when IG uses credentials in a file to log a user in to the sample app:
IG intercepts the browser's HTTP GET request, which matches the route condition.
The PasswordReplayFilter confirms that a login page is required, and
The FileAttributesFilter uses the email address to look up the user credentials in a file, and stores the credentials in the request context attributes map.
The PasswordReplayFilter retrieves the credentials from the attributes map, builds the login form, and performs the HTTP POST request to the sample app.
The sample application validates the credentials, and responds with a profile page.
The ReverseProxyHandler passes the response to the browser.
Before you start, prepare IG and the sample application as described in Getting Started Guide.
On your system, add the following data in a comma-separated value file called
/tmp/userfile(on WindowsC:\Temp\userfile):username,password,fullname,email george,C0stanza,George Costanza,george@example.com kramer,N3wman12,Kramer,kramer@example.com bjensen,H1falutin,Babs Jensen,bjensen@example.com demo,Ch4ng31t,Demo User,demo@example.com kvaughan,B5ibery12,Kirsten Vaughan,kvaughan@example.com scarter,S9rain12,Sam Carter,scarter@example.com
Add the following route to IG, to serve .css and other static resources for the sample application:
$HOME/.openig/config/routes/static-resources.json
%appdata%\OpenIG\config\routes\static-resources.json
{ "name" : "sampleapp_resources", "baseURI" : "http://app.example.com:8081", "condition": "${matches(request.uri.path,'^/css')}", "handler": "ReverseProxyHandler" }Add the following route to IG:
$HOME/.openig/config/routes/02-file.json
%appdata%\OpenIG\config\routes\02-file.json
{ "name": "02-file", "condition": "${matches(request.uri.path, '^/profile')}", "capture": "all", "handler": { "type": "Chain", "baseURI": "http://app.example.com:8081", "config": { "filters": [ { "type": "PasswordReplayFilter", "config": { "loginPage": "${matches(request.uri.path, '^/profile/george') and (request.method == 'GET')}", "credentials": { "type": "FileAttributesFilter", "config": { "file": "/tmp/userfile", "key": "email", "value": "george@example.com", "target": "${attributes.credentials}" } }, "request": { "method": "POST", "uri": "http://app.example.com:8081/login", "form": { "username": [ "${attributes.credentials.username}" ], "password": [ "${attributes.credentials.password}" ] } } } } ], "handler": "ReverseProxyHandler" } } }Notice the following features of the route:
The route matches requests to
/profile.The
PasswordReplayFilterspecifies aloginPagepage property:When a request is an HTTP GET, and the request URI path is
/profile/george, the expression resolves totrue. The request is directed to a login page.The
FileAttributesFilterlooks up the key and value in/tmp/userfile, and stores them in the context.The
requestobject retrieves the username and password from the context, and replaces the browser's original HTTP GET request with an HTTP POST login request, containing the credentials to authenticate.For other requests, the expression resolves to
false. The request passes to the ReverseProxyHandler, which directs it to the profile page of the sample app.
Go to http://openig.example.com:8080/profile/george.
Because the property
loginPageresolves totrue, the PasswordReplayFilter processes the request to obtain the login credentials. The sample app returns the profile page for George.Go to http://openig.example.com:8080/profile/bob, or to any other URI starting with
http://openig.example.com:8080/profile.Because the property
loginPageresolves tofalse, the PasswordReplayFilter passes the request directly to the ReverseProxyHandler. The sample app returns the login page.