Configure Tomcat Application With PingAccess For Reverse Proxy

In this blog, I am going to explain how to configure a Tomcat application with PingAccess for reverse proxy. PingAccess offers RBAC (Role based) ABAC (Attribute based) access control. PingAccess supports both the legacy way of agent based integrations for webservers, as well as reverse proxy for application servers.

Components

Different components used/created for this exercise: Sites, Applications and Resources.

Site is the location of application or an API that needs to be protected or proxied with PingAccess, in other terms the application server’s address.

Application is a web application or an API running on the site. There can be multiple applications running on the same site/application server.

Resources are the URIs of the application, by default /* resource will be created with the application. Additional resources can be created to define policies for individual resources.

Prerequisite: Deploy Tomcat

I have deployed a simple web application on my tomcat. (Message me if you want a copy of it).

Step 1: Create A Site

Login to PingAccess admin console and navigate to “Sites” from the menu to create a site using “Add site”. “Target” will be the hostname and port number of the tomcat server (Ex. localhost:8080)

ping1

ping2

Step 2: Create An Application

Navigate to Applications from the menu to add an Application. Context root will be the application’s context root on the App server. Select “none” for We session, because we are not going to enable  authentication for this application right now. Select “none” for Identity Mapping ( websession is mandatory to add Identity Mapping). Destination will be the site created in the step 1.

ping3

 

ping4

ping5

Testing the configuration: The tomcat application can be accessed directly using the tomcat URL, click here.

ping7

The same application can be accessed via PingAccess reverse proxy URL

ping8

In the next blog, I will discuss how to secure this application.