Hi,

Most of the time when we work in production environment then in order to secure our applications we want to allow certain clients IP Addresses to access the application and for some specific client IPAddresses or Hostname we want to deny the access to our application. Here in this example we will see how we can enable such Hostname restrictions based on hostname or IP Addresses using the Valve “org.apache.catalina.valves.RemoteAddrValve”.

The RemoteAddressValve provides us the feature allows us to compare the IP address of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client.
More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Remote_Address_Filter .In JBoss AS7 we can also enable this valve for particular applications using the “WEB-INF/jboss-web.xml” file as mentioned in the following section. Here we will build and deploy the Test Application using ANT script in JBoss AS7.

Step1). Create a directory somewhere in your file system like “/home/userone/DemoRemoteAddrValve”

Step2). Now create a directory with name “src” inside the “/home/userone/DemoRemoteAddrValve” and then place the following kind of “web.xml” file inside the “src” folder.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

        // There is nothing much to write here for this demonstration.

</web-app>

Step3). Now write a JBoss specific we application deployment descriptor “jboss-web.xml” file inside “/home/userone/DemoRemoteAddrValve/src” directory as following:

<jboss-web>
 <valve>
   <class-name>org.apache.catalina.valves.RemoteAddrValve</class-name>
     <param>
        <param-name>allow</param-name>
        <param-value>*</param-value>
     </param>
     <param>
        <param-name>deny</param-name>
        <param-value>122.168.186.162</param-value>
     </param>
   </valve>
</jboss-web>

NOTE: Above file is the most important part of this demonstration to see how we can enable the Valve at individual application level. Notice in the above descriptor we are saying the allow all the clients to access the application allow=* where as it will deny all the request coming for this web application from a remote client whose IP Address is “122.168.186.162”
NOTE: Rather than using the hardcoded specific hostname/IP Address, A comma-separated list of regular expression patterns that the remote client’s IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the accept attribute. For more details http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Remote_Address_Filter

Step4). Now we will simply write a Simle JSP “index.jsp” to check if a user is able to access this JSP from a restricted IPAddress/Hostname or not. Place the following JSP file inside “/home/userone/DemoRemoteAddrValve/src”

<html>
<body bgcolor=maroon>
<center><h1> Welcome Page </h1>
<font color=white>
    <h1> Great!!! you are able to Access this page and not getting 403 HTTP Response</h1>
</font>
</body>
</html>

Step5). Now we will write a Simple ANT Build script “build.xml” file to build the WAR file and then to deploy the application on JBoss AS7. place the following “build.xml” file inside “/home/userone/DemoRemoteAddrValve”

<project name="SingletonStartupService" default="deploy">
<property name="jboss.home" value="/home/userone/jboss-as-7.0.1.Final" />
<property name="jboss.module.dir" value="${jboss.home}/modules" />
<property name="basedir" value="." />
<property name="tmp.dir" value="tmp" />
<property name="output.dir" value="build" />
<property name="src.dir" value="src" />
<property name="war.name" value="TestRemoteValveWebApp.war" />

   <path id="jboss.classpath">
     <fileset dir="${jboss.module.dir}">
        <include name="**/*.jar"/>
     </fileset>
   </path>

        <target name="init">
           <delete dir="${output.dir}" />
           <mkdir dir="${output.dir}" />
           <delete dir="${tmp.dir}" />
           <mkdir dir="${tmp.dir}" />
        </target>

        <target name="build" depends="init">
           <copy todir="${tmp.dir}/WEB-INF">
                <fileset dir="${src.dir}/">
                  <include name="web.xml"/>
                  <include name="jboss-web.xml"/>
                </fileset>
           </copy>
          <copy file="${src.dir}/index.jsp" tofile="${tmp.dir}/index.jsp"/>
          <jar jarfile="${tmp.dir}/${war.name}" basedir="${tmp.dir}" compress="true" />
          <copy file="${tmp.dir}/${war.name}" tofile="${output.dir}/${war.name}"/>
          <delete includeEmptyDirs="true">
              <fileset dir="${tmp.dir}"/>
          </delete>
        </target>

        <target name="deploy" depends="build">
            <echo message="*******************  Deploying the WAR file ${war.name} *********************" />
            <echo message="********** ${output.dir}/${war.name} to ${jboss.home}/standalone/deployments **********" />
            <copy todir="${jboss.home}/standalone/deployments/">
                <fileset dir="${output.dir}/">
                  <include name="${war.name}"/>
                </fileset>
            </copy>
            <echo message="*******************  Deployed Successfully   *********************" />
        </target>
</project>

Step6). Now open a Shell prompt and then set the PATH pointing to the ANT bin directory and the JDK bin directory … like following and the just run the “ant” command:

For Unix Based OS:
export PATH=/home/userone/jdk1.6.0_21/bin:/home/userone/org.apache.ant_1.6.5/bin:$PATH

OR

For Windows Based OS:
set PATH=C:jdk1.6.0_21bin:C:org.apache.ant_1.6.5bin:%PATH%

[userone@localhost TestEE6Feature]$ ant
Buildfile: build.xml

init:
   [delete] Deleting directory /home/userone/DemoRemoteAddrValve/build
    [mkdir] Created dir: /home/userone/DemoRemoteAddrValve/build
    [mkdir] Created dir: /home/userone/DemoRemoteAddrValve/tmp

build:
     [copy] Copying 2 files to /home/userone/DemoRemoteAddrValve/tmp/WEB-INF
     [copy] Copying 1 file to /home/userone/DemoRemoteAddrValve/tmp
      [jar] Building jar: /home/userone/DemoRemoteAddrValve/tmp/TestRemoteValveWebApp.war
     [copy] Copying 1 file to /home/userone/DemoRemoteAddrValve/build
   [delete] Deleting 4 files from /home/userone/DemoRemoteAddrValve/tmp
   [delete] Deleted 2 directories from /home/userone/DemoRemoteAddrValve/tmp

deploy:
     [echo] *******************  Deploying the WAR file TestRemoteValveWebApp.war *********************
     [echo] ********** build/TestRemoteValveWebApp.war to /home/userone/jboss-as-7.0.1.Final/standalone/deployments **********
     [copy] Copying 1 file to /home/userone/jboss-as-7.0.1.Final/standalone/deployments
     [echo] *******************  Deployed Successfully   *********************

BUILD SUCCESSFUL
Total time: 0 seconds

The only change you will need to make is to change the “jboss.home” value in the above ANT build.xml file to point to your own JBoss AS& directory.

Step7). Start the JBoss AS& like following from inside your “/home/userone/jboss-as-7.0.1.Final/bin” directory.

   ./standalone.sh --server-config standalone-preview.xml

.
.
Thanks
Middleware Magic Team

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.