In this blog, I am going to explain how to configure a Tomcat application with PingAccess for reverse proxy. PingAccess offers RBAC (Role based) ABAC (Attribute based) access control. PingAccess supports both the legacy way of agent based integrations for webservers, as well as reverse proxy for application servers.
Different components used/created for this exercise: Sites, Applications and Resources.
Site is the location of application or an API that needs to be protected or proxied with PingAccess, in other terms the application server’s address.
Application is a web application or an API running on the site. There can be multiple applications running on the same site/application server.
Resources are the URIs of the application, by default /* resource will be created with the application. Additional resources can be created to define policies for individual resources.
Prerequisite: Deploy Tomcat
I have deployed a simple web application on my tomcat. (Message me if you want a copy of it).
Step 1: Create A Site
Login to PingAccess admin console and navigate to “Sites” from the menu to create a site using “Add site”. “Target” will be the hostname and port number of the tomcat server (Ex. localhost:8080)
Step 2: Create An Application
Navigate to Applications from the menu to add an Application. Context root will be the application’s context root on the App server. Select “none” for We session, because we are not going to enable authentication for this application right now. Select “none” for Identity Mapping ( websession is mandatory to add Identity Mapping). Destination will be the site created in the step 1.
Testing the configuration: The tomcat application can be accessed directly using the tomcat URL, click here.
The same application can be accessed via PingAccess reverse proxy URL
In the next blog, I will discuss how to secure this application.