Friday, June 26, 2015

WSO2 API Manager - Modify token API to return with Access-Control-Allow-Origin Response Header

By default API Manager is not returning Access-Control-Allow-Origin response header in token API.

You can easily do this by modifying the _TokenAPI_.xml at
<AM_HOME>/repository/deployment/server/synapse-configs/default/api/
by including the above property to the out sequence just before the send mediator.

I have tested this with AM 1.7.0 and please find the modified _TokenAPI_.xml as follows.

<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMTokenAPI_" context="/token">
    <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
        <inSequence>
            <send>
                <endpoint>
                    <address uri="https://localhost:9443/oauth2/token"/>
                </endpoint>
            </send>
        </inSequence>
        <outSequence>
                <property name="Access-Control-Allow-Origin"
value="http://192.168.1.5:80,http://192.168.10.200:80,https://dev.wso2.com,https://sup.wso2.com"
scope="transport"
type="STRING"/>
            <send/>
        </outSequence>
    </resource>
    <handlers>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
    </handlers>
</api>

I have tested by sending a cURL request to this token API as follows.

curl -vk -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic Vnc5cXhhWHE5WGo1Wl8xdWVvc3FEbFN0d1RBYTpJTVNsV0ZOQ01KN1JmRmtPT1RpZF9iTWpWZlFh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

cURL command console output is as follows.

Suhans-MacBook-Pro:bin suhanr$ curl -vk -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic Vnc5cXhhWHE5WGo1Wl8xdWVvc3FEbFN0d1RBYTpJTVNsV0ZOQ01KN1JmRmtPT1RpZF9iTWpWZlFh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* Server certificate: localhost
> POST /token HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:8243
> Accept: */*
> Authorization: Basic Vnc5cXhhWHE5WGo1Wl8xdWVvc3FEbFN0d1RBYTpJTVNsV0ZOQ01KN1JmRmtPT1RpZF9iTWpWZlFh, Content-Type: application/x-www-form-urlencoded
> Content-Length: 49
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 49 out of 49 bytes
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://192.168.1.5:80,http://192.168.10.200:80,https://dev.wso2.com,https://sup.wso2.com
< Content-Type: application/json
< Pragma: no-cache
< Cache-Control: no-store
< Date: Fri, 26 Jun 2015 06:08:36 GMT
* Server WSO2-PassThrough-HTTP is not blacklisted
< Server: WSO2-PassThrough-HTTP
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
{"scope":"default","token_type":"bearer","expires_in":3299,"refresh_token":"e8a1c130b372a0021f46bf9933a6a20","access_token":"e4fcf0346a647f10455b871630cba0fc"}
API Manager carbon log is as follows. To enable wirelogs on API Manager you can follow [1]. It is a similar process as ESB.
[2015-06-26 11:38:36,238] DEBUG - wire >> "POST /token HTTP/1.1[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "User-Agent: curl/7.37.1[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "Host: localhost:8243[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "Accept: */*[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "Authorization: Basic Vnc5cXhhWHE5WGo1Wl8xdWVvc3FEbFN0d1RBYTpJTVNsV0ZOQ01KN1JmRmtPT1RpZF9iTWpWZlFh, Content-Type: application/x-www-form-urlencoded[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "Content-Length: 49[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
[2015-06-26 11:38:36,238] DEBUG - wire >> "[\r][\n]"
[2015-06-26 11:38:36,239] DEBUG - wire >> "grant_type=password&username=admin&password=admin"
[2015-06-26 11:38:36,252] DEBUG - wire << "POST /oauth2/token HTTP/1.1[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Authorization: Basic Vnc5cXhhWHE5WGo1Wl8xdWVvc3FEbFN0d1RBYTpJTVNsV0ZOQ01KN1JmRmtPT1RpZF9iTWpWZlFh, Content-Type: application/x-www-form-urlencoded[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Content-Type: application/x-www-form-urlencoded[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Accept: */*[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Transfer-Encoding: chunked[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Host: localhost:9443[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "Connection: Keep-Alive[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "[\r][\n]"
[2015-06-26 11:38:36,253] DEBUG - wire << "31[\r][\n]"
[2015-06-26 11:38:36,254] DEBUG - wire << "grant_type=password&username=admin&password=admin[\r][\n]"
[2015-06-26 11:38:36,254] DEBUG - wire << "0[\r][\n]"
[2015-06-26 11:38:36,254] DEBUG - wire << "[\r][\n]"
[2015-06-26 11:38:36,349] DEBUG - wire >> "HTTP/1.1 200 OK[\r][\n]"
[2015-06-26 11:38:36,349] DEBUG - wire >> "Cache-Control: no-store[\r][\n]"
[2015-06-26 11:38:36,349] DEBUG - wire >> "Date: Fri, 26 Jun 2015 06:08:36 GMT[\r][\n]"
[2015-06-26 11:38:36,349] DEBUG - wire >> "Pragma: no-cache[\r][\n]"
[2015-06-26 11:38:36,350] DEBUG - wire >> "Content-Type: application/json[\r][\n]"
[2015-06-26 11:38:36,350] DEBUG - wire >> "Content-Length: 159[\r][\n]"
[2015-06-26 11:38:36,350] DEBUG - wire >> "Server: WSO2 Carbon Server[\r][\n]"
[2015-06-26 11:38:36,350] DEBUG - wire >> "[\r][\n]"
[2015-06-26 11:38:36,350] DEBUG - wire >> "{"scope":"default","token_type":"bearer","expires_in":3299,"refresh_token":"e8a1c130b372a0021f46bf9933a6a20","access_token":"e4fcf0346a647f10455b871630cba0fc"}"
[2015-06-26 11:38:36,352] DEBUG - wire << "HTTP/1.1 200 OK[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Access-Control-Allow-Origin: http://192.168.1.5:80,http://192.168.10.200:80,https://dev.wso2.com,https://sup.wso2.com[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Content-Type: application/json[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Pragma: no-cache[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Cache-Control: no-store[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Date: Fri, 26 Jun 2015 06:08:36 GMT[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Server: WSO2-PassThrough-HTTP[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "Transfer-Encoding: chunked[\r][\n]"
[2015-06-26 11:38:36,352] DEBUG - wire << "[\r][\n]"
[2015-06-26 11:38:36,353] DEBUG - wire << "9f[\r][\n]"
[2015-06-26 11:38:36,353] DEBUG - wire << "{"scope":"default","token_type":"bearer","expires_in":3299,"refresh_token":"e8a1c130b372a0021f46bf9933a6a20","access_token":"e4fcf0346a647f10455b871630cba0fc"}[\r][\n]"
[2015-06-26 11:38:36,353] DEBUG - wire << "0[\r][\n]"
[2015-06-26 11:38:36,353] DEBUG - wire << "[\r][\n]"

[1] http://suhan-opensource.blogspot.com/2015/03/how-to-get-wire-logs-from-wso2-esb.html