There might be some use cases where a user wants to expose WSO2 API-Manager publisher over HTTP. This is not supported OOB in WSO2 API Manager.
And this is not recommended as well, if use Publisher over HTTP when authenticating the user credentials will be sent to the back-end as plain text. This can be a major sicurity issue when it comes to a production environment. So you should keep this in mind as well.
Since this is not supported by WSO2 API Manager we will have to do some code level changes. Just few lines.
WSO2 API Manager Version I'm Using : 1.8. You can read more about WSO2 API Manager from here.
So lets get started
Navigate to
"AM_HOME>/repository/deployment/server/jaggeryapps/publisher/site/themes/default/templates/user/login" and Open template.jag file.
Change the code to match the following. That's it :)
<% jagg.template("user/login", function(inputs, outputs, jagg) { %> <% ///if(request.isSecure()){ if(jagg.getUser() != null){ response.sendRedirect('index.jag'); } %> <div class="container-fluid login-container"> <div class="row-fluid"> <div class="span2 login-left"> <div class="left-side-col"> </div> </div> <div class="span6 login-content"> <div class="title-section"> <h2>Login</h2> </div> <div class="clear"></div> <div class="content-section shadow-up"> <div class="content-data"> <div class="alert alert-error" id="loginError" style="display:none"> <span id="loginErrorSpan"></span> </div> <form class="" action="index.jag" id="loginForm" autocomplete="off"> <label><%=i18n.localize("username")%>:<span class="requiredAstrix">*</span></label> <input type="text" id="username" autofocus="autofocus" validation="required" /> <label><%=i18n.localize("password")%>:<span class="requiredAstrix">*</span></label> <input type="password" id="pass" /> <input type="hidden" id="tenant" value="<%= encode.forHtml(request.getParameter("tenant"))%>"/> <div> <input type="button" class="btn btn-primary" onclick="login()" value="<%=i18n.localize("login")%>" id="loginButton" /> <input type="reset" class="btn" value="<%=i18n.localize("reset")%>" /> </div> </form> </div> </div> <style> .api-count-display { color: #747474; font-size: 15px; padding: 10px 20px 5px; } .api-count-display span { font-size: 16px; font-weight: bold; } </style> </div> <div class="span4"> </div> </div> <div id="push"></div> </div> <% /*} else { var mod,httpsUrl; mod = jagg.module("manager"); httpsUrl= mod.getHTTPsURL(); response.sendRedirect(jagg.getHttpsUrl("/")); }*/ %> <%});%>
As you can see I have commented out the Security check. So the page will not be redirected to HTTPS endpoint if you try to access the publisher via the HTTP endpoint. So after doing this change refresh your page and you should be able to access the Publisher via the HTTP URL.
http://localhost:9763/publisher
Please drop a comment if you have any queries.
0 comments:
Post a Comment