• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Best approach for External and Intenal Users

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

Below is the requirement for my project.

External and Internal user will login to application using two different urls (let's say https://abc-int.example.com and https://abc-ext.example.com) via two SSO solutions.

Now i want to understand best approach in terms of Maintenance, Cost, Release Management. Here are some of thoughts.

Do i need to use two web servers or single web server with a combination of App server.

1. one webserver, one appserver. --
2. one webserver, two app server.-- (two app servers for two sso solutions)
3. two webserver, two app server. -- (two web servers for urls and two app servers for two sso solutions)


Thanks
Harini
 
Ranch Hand
Posts: 409
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there significant overlap between the functions / content seen and used by internal and external users?
Do internal users also want to see the content and use the functions that external users have access to?
Is your traffic volume going to be very high for internal or external users?

 
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch.

There are several approaches. Using 2 URLs/ports/context-path on an app server is probably the most straighforward.

Not knowing your functions (eg will external users' functions be different from internal users), having 1 or 2 web apps is one decision.

1 web app approach: use different folder/permission eg external and internal. The checking will be done at login obviously.

2 web apps: external webappA and internal webappB. This approach perfectly fits the 2 URLs or 2 ports I mentioned above.

When it comes the number of physical servers (hardware) or VM to use, it depends on above (1 vs 2 webapp) and number of concurrent users. (the more users more likely you want 2 separate servers)

Summary:
1 webapp
external user = login.jsp -> login servlet checks user is external -> loads external/index.jsp page
internal user = login.jsp -> login servlet checks user is internal -> loads internal/index.jsp page


2 webapps approach 1 (2 ports 1 machine)
external = domain:8080
internal = domain:8081

2 webapps approach 2 (different context path 1 machine)
external = domain:8080/externalapp
internal = domain:8080/internalapp

2 webapps approach 3 (different machines)
external = domain:8080 (machine A)
internal = domain:8080 (machine B)

All of these map to different 2 URLs.

Mapping to which port or context path is done on the web server eg mod_jk.

Well you get the idea.
 
adepu Harini
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roger F. Gay wrote:Is there significant overlap between the functions / content seen and used by internal and external users?
Do internal users also want to see the content and use the functions that external users have access to?
Is your traffic volume going to be very high for internal or external users?



Roger,

thanks for your response, Yes there is an overlap regarding content seen, External users may view the content and Internal users may edit and view the content. There is no requirement of heavy traffic.



Thanks
Harini
 
adepu Harini
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

K. Tsang wrote:Welcome to the Ranch.

There are several approaches. Using 2 URLs/ports/context-path on an app server is probably the most straighforward.

Not knowing your functions (eg will external users' functions be different from internal users), having 1 or 2 web apps is one decision.

1 web app approach: use different folder/permission eg external and internal. The checking will be done at login obviously.

2 web apps: external webappA and internal webappB. This approach perfectly fits the 2 URLs or 2 ports I mentioned above.

When it comes the number of physical servers (hardware) or VM to use, it depends on above (1 vs 2 webapp) and number of concurrent users. (the more users more likely you want 2 separate servers)

Summary:
1 webapp
external user = login.jsp -> login servlet checks user is external -> loads external/index.jsp page
internal user = login.jsp -> login servlet checks user is internal -> loads internal/index.jsp page


2 webapps approach 1 (2 ports 1 machine)
external = domain:8080
internal = domain:8081

2 webapps approach 2 (different context path 1 machine)
external = domain:8080/externalapp
internal = domain:8080/internalapp

2 webapps approach 3 (different machines)
external = domain:8080 (machine A)
internal = domain:8080 (machine B)

All of these map to different 2 URLs.

Mapping to which port or context path is done on the web server eg mod_jk.

Well you get the idea.





Thanks a lot for detail clarification. I got the idea.


Harini
 
Rancher
Posts: 43027
76
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why are there different URLs for different classes of users? You can determine the class of user upon login, no? Unless there are other considerations that you haven't mentioned, running several instances seems unnecessary.
 
K. Tsang
Bartender
Posts: 3648
16
Android Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Since you mentioned there isn't much traffic, and both external & internal users share the same resources. Then the most appropriate is 1 webapp and use permission/security to determine the read/write function.
 
Roger F. Gay
Ranch Hand
Posts: 409
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm used to using Tomcat which is a web server with applications installed. You can install as many applications as you want on one server.

But I don't see a need for more than one application, or different login pages. I agree with the previous answer that you should assign privileges to different users.
If Henry is an internal user and Jack is external, something like having Henry's profile (with user name, password and other information) with the "edit" value set to true.

I don't know the details of your experience, so I don't know what difficulties you might find with this approach.
Henry would be able to see edit buttons and Jack wouldn't ... etc.
You'd need to check permissions when delivering content and allowing use of functionality that needs permission.

I can understand how one could imagine that two separate applications could be simpler, since the whole issue of permissions would be settled on login .. sending each to different apps.
If you keep the second application very light ... just allowing special access ... and otherwise sharing content, it might not be such a terrible thing to maintain.
 
Bartender
Posts: 543
4
Netbeans IDE Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As long as your traffic is low, you should go for the simplest solution, meaning a simple application with the edit role for internal users and only a view role for external users. Using two servers would be over-engineering in this case.
 
She'll be back. I'm just gonna wait here. With this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic