Introduction
This guide will explore how to effectively implement Natural AJAX with a reverse proxy to solve common problems encountered in web development.
Pre-requisite
Product Line | Natural |
---|---|
Product | Natural for Ajax (NJX) |
Versions | 9.3.1 |
Operating Systems | Red Hat Enterprise Linux |
Problem
In an application where the connection is made using a specified client IP address, there is a validation mechanism in place to ensure that the address is correct; if it differs, the connection is refused. A proxy server was established (reverse proxy NGINX); the IP address became the proxy server’s, and the validation procedure is no longer useful.
To deal with the validation and to obtain the IP, a Javascript code can be used, but when in Natural AJAX, how to execute this Javascript code?
Resolution
Configure the NGINX (reverse proxy server) to retrieve the real IP address from HTTP headers. Something like:
proxy_set_header X-Real-IP $remote_addr
Please check the documentation of NGINX.
After finishing configuring the corresponding HTTP headers in the NGINX remote proxy server, do the following.
1) Adapt the java sample snippet to your needs - see comments in the code.
Choose your own java package and class name.
FilterSnippetNJX2420.java
package com.softwareag.cis.test;
import [java.io](https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=http%3A%2F%2Fjava.io.mcas.ms%2F%3FMcasTsid%3D20892&McasCSRF=c8bc72706b59c8ae0040c60d77e1b0b33a7e0f6a450e6055d33ea75d6d572eb7).IOException;
import [java.io](https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=http%3A%2F%2Fjava.io.mcas.ms%2F%3FMcasTsid%3D20892&McasCSRF=c8bc72706b59c8ae0040c60d77e1b0b33a7e0f6a450e6055d33ea75d6d572eb7).PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* Filter snippet to get real IP behind a NGINX reverse proxy server
*/
public class FilterSnippetNJX2420 implements Filter {
public FilterSnippetNJX2420() {
}
public void doFilter(ServletRequest servletrequest, ServletResponse servletresponse, FilterChain filterchain) throws IOException, ServletException {
if (servletrequest instanceof HttpServletRequest) {
HttpServletRequest httpservletrequest = (HttpServletRequest) servletrequest;
// Here you need to check the headers you configured in your NGINX proxy server
// For instance the header X-Real-IP
String realIP = httpservletrequest.getHeader("X-Real-IP");
// check if the client is allowed or rejected - the 47.11 is just a dummy value. You must set your own values here
if ( ! "47.11.47.11".equalsIgnoreCase(realIP) ) {
// reject - show your own error page
servletresponse.setContentType("text/html");
PrintWriter out = servletresponse.getWriter();
out.write("<!DOCTYPE html>\n");
out.write("<html lang='en'>\n");
out.write("<head>\n");
out.write("<title>Client not Allowed</title>\n");
out.write("</head>\n");
out.write("<body>\n");
out.write("<h1>Client not Allowed</h1>\n");
out.write("</body>\n");
out.write("</html>");
out.write("");
return;
}
}
filterchain.doFilter(servletrequest, servletresponse);
}
public void init(FilterConfig filterconfig) {
}
public void destroy() {
}
}
2) Compile the .java file and place the corresponding .class file into the folder
/WEB-INF/classes of your web application.
3) Add the corresponding xml to your web.xml.
Example:
<filter>
<filter-name>NJX2420Sample</filter-name>
<filter-class>com.softwareag.cis.test.FilterSnippetNJX2420</filter-class>
</filter>
<filter-mapping>
<filter-name>NJX2420Sample</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>