Wednesday, 16 April 2014

Add site authentication in tomcat


Browser Authentication in tomcat server

If we are in development phase of our application and want to deploy application for testing purpose. We need to provide some authentication for accessing our web application, want for make sure that, testing team only can access application. If give browser authentication , unauthorized user not able to access application (even our home page).

 Step for creating Browser authentication.

1.      Create user in tomcat server.

   For creating user we need to mention username, password and role in tomcat-users.xml file. Location of file is  :- */conf/tomcat-users.xml .

Example :-

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager"/>
  <user username="manager" password="m@n@g3r" roles="manager"/>
  <user username="admin" password="admin_1234" roles="manager"/>
            </tomcat-users>

2.      Put authentication entry on web.xml (either in application web.xml or server web.xml)

   Add following code inside of  <web-app> tag in web.xml file.

<security-constraint>
       <web-resource-collection>
             <web-resource-name>Rentokil Web App</web-resource-name>
             <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
              <role-name>manager</role-name>
       </auth-constraint>
       <user-data-constraint>
                <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
                <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
</security-constraint>
<login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>Rentokil Web App</realm-name>
</login-config>


While we accessing our application one prompt will come and asking for entering username and password. If we enter current password it will navigate to our application. If we click cancel button error msg will show in white page.


     



    

Handling mobile and desktop application with single URL in java.

Recent trend is to create two separate application that compatible for desktop browser and mobile browser.So user automatically switch to their URL according to the device from which they access the site .

Normally in mobile site we are include only necessary information due to space constrain. So data layer and business layer of the application also have some minor changes.that means we need to handle this separate.Checking user-agent and change logic according to user-agent in each page is very difficult.

We can create one application that switch URL according to the user-agent (field in HTTP request contain the client information like browser name ,device name,OS etc ) . Point this application to the domain name.


Example:- we have two application one for mobile device and another for desktop
Mobile URL :- IP:port/mobile/*
desktop URL :- IP:port/*
URL switching applicaion :- IP1:port
Domain name :- xxxx.com
Our Domain name pointing to the IP1:port that switch URL according to the user-agent. if the user type URL as xxx.com it goes to the IP1:port and switch the user to different URL according to the user-agent.

Problem is if user trying to access mobile site (IP:port/mobile/*) from desktop browser, mobile site will render in desktop browser. this is a bad practice in user point of view (look and feel of application will awful if we render mobile site in desktop browser).

To handling this scenario we can write filter for IP:port application.

1. Create filter that check user-agent field in HTTP request and if it is from mobile will goes to IP:port/mobile/
Example :-

public class DesktopFilter implements Filter{

/**
* properties
*/
private static Properties properties = new Properties();

/**
* IPAD_URL
*/
private static final String IPAD_URL = "abac.ipad.url";

@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
try {
String userAgent = ((HttpServletRequest)request).getHeader("User- Agent");
if(userAgent == null){
userAgent = "";
}
properties.load(getClass().getResourceAsStream ("redirectURL.properties"));
if(userAgent.contains("iPad")){
((HttpServletResponse)response).sendRedirect(properties.getProperty(IPAD_URL));
}else{
chain.doFilter(request, response);
}
} catch (Exception ex){
ex.printStackTrace();
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}




2. Create filter lib file and place this file either in application(IP:port) lib / server lib.

3.We can include filter mapping either in application web.xml or server web.xml, if your server dedicate to you application then you can freely use server web.xml . otherwise you should careful add filter mapping in web.xml.
Example:-
<filter>
<description>ipadfilter</description>
<filter-name>ipadfilter</filter-name>
<filter-class>com.ri.iaas.filter.IaasIpadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ipadfilter</filter-name>
<url-pattern>/mobile/*</url-pattern>
</filter-mapping>


If user access application from desktop by using
1. xxx.com(IP1:port) :- it will redirect to IP:port/*
2. IP:port/mobile/* :- it will redirect to IP:port/mobile/*