I have a web application running on Apache Tomcat and this Web Application runs on a server to which my Frontend connects. The Frontend's could be a Browser or and App that runs on Android or iOS.
I would now like to allow access to my Tomcat Web App only to specific devices that I device. Restricting access using IP address / MAC address might be the dumbest solution that I could think of, but that is doomed to fail given the diversity of the routers that could be inbetween the device and my Web App. So how do I potentially decide access to my Web App only to some specific devices?
I can see that Google already does this! I mean if I log in to my Google E-Mail account from a completely new device, it would prevent me from doing so and asks me for an authentication token from one of my trusted devices. Is there any AI or some funky Machine Learning happening behind the scenes at Google that actually checks for registered devices?
I would like to do the same to my Web Application running on Tomcat. So how do I do this? Any suggestions?
Related
I created a spring boot application that serves simple web content. This content is reachable from the same device (192.168.1.10) using "localhost:8080/greeting", but I can not access this content from another device (192.168.1.15) on the same local network (at home).
- I googled on the web a lot but can't find a proper solution.
- I allowed firewalls for all app, all ports and all protocols on each device.
But doesn't work. What is needed?
I have an android app that would use certain restful service end point. Right now, the restful service is running on tomcat server and server machine is reachable after connecting to VPN.
My question is that
1. How to put the service machine so that it should be protected behind VPN and still, my app would be able to hit the service and get the result. The app is not having any coding related to connection through VPN. and the client is also not willing to remove VPN. So, how through PUBLIC IP or domain, I can plan to use the service in Android app.
I am not a android developer.
Thanks
I have created and published on Google Play an Android app that communicates with my server. I want to check that my server (Java Servlet) only accepts requests from this Android app, so that if someone clones my code and creates a new app, when it tries to communicate with the server, the requests are rejected.
Is there a way to do that? Perhaps with domain names, or signed apps,...? This is to prevent phishing attacks.
You can get your app's signing key and check it on your server, but someone can get this information. If you use https for your connection, and use proguard, I think it's disincentive enough.
I have developed an MVC web app. Right now, the client using this app in office area. The client has requested that no one should use this app on any device except the office's PC/tablets.
Now problem is, it's a web app, so how can I put restrictions that nobody can use this app from the outside of the office or with devices other with than office's PC/Tablets?
The usual approach to that problem is maintain a database of authorized MAC addresses. The next part is harder, because Java provides no mechanism to get the remote mac address. See this question. Given that I would require users authenticate to the web application, if an authorized user is on the device you could consider that device authorized. If that doesn't work, you might be able to use white-listed IP address ranges. If that doesn't work I think you're back to MAC addresses.
I have a website where users can send personal messages between them, now I want them to recieve the messages also on their mobile phone but without having to send them a SMS.
I am thinking about providing them with a mobile phone with internet access over GPRS or 3G, then develop a Java application that will connect to the website and retrieve the messages.
On the website I am thinking to make a webservice where the phone will login, get new messages, and also be able to answer back to messages.
Does anyone know any mobile application tutorial that will do that? Or do you recommend me where to start? I never done a java mobile application before, I only work with websites and PHP.
I also tried to use ICQ, the client is already done for java and for iphone, and I've also found a script that will send ICQ messages from PHP, but ICQ server bans you for 20 minutes when you do many reconnections, so I have to develop some kind of ICQ bot always online that will check for new messages to send from the mySQL database and then send them, one per 2-3 seconds, so the server won't ban me for flooding.
Well any advice or recommendation is welcome about how to have users connected to the website messaging system from their phones.
Thank you!
Instead of a Java Application, I would do a mobile HTML web page for the mobile devices because it will be simpler to deploy. I know Java is supposed to be WRITE ONCE RUN ANYWHERE, but with JavaME is not that simple. You will have to create special deployments for different phones, and there are phones that do not support JavaME (iPhone) at all.
With a mobile WEB SITE, the only thing your mobile phone needs is a browser. Pretty much every feature/smart phone have a browser these days.
If you insist on developing a JavaME application, you are on the right track. You can publish some WebServices on your WebSite and consume them from JavaME. Here is a tutorial on how to do that.