The CardHolderAuthorization sample demonstrates how the authentication of a card holder to a locally accessible servlet grants a non-card holder access to a remotely accessible servlet. Card-holder-user authentication is tracked globally (card-wide). Authorization to access resources is protected by globally authenticated card-holder-user identity. Authorization to access resources can be granted by the card holder to other users.
Running the CardHolderAuthorization sample consists of using the IDE to open the CardHolderApp and RemoteUserApp projects, and running the CardHolderApp and RemoteUserApp servlets on a local desktop that is networked with a remote desktop. After CardHolderApp is deployed and instantiated on the local desktop, a remote user attempts but fails to access RemoteUserApp running on the local desktop. After the login attempt fails, the card holder uses the CardHolderApp on the local desktop to authenticate and enable the remote user to access the RemoteUserApp running on the local desktop.
In this sample, the URL for the RemoteUserApp is http://IP Address:8020/RemoteUserAppand the URL for the CardHolderApp is http://localhost:8020/CardHolderApp.
Before performing the following procedure, the Java Card 3 Development Kit, Connected Editon must be downloaded and installed on your development system.
The CardHolderApp and RemoteUserApp projects are located under the JC_CONNECTED_HOME\samples\web\CardHolderAuthorization folder.
Note - Refer to the Java Card 3 Platform Development Kit User’s Guide for additional details including screen captures.
The IDE compiles, builds, and runs the CardHolderApp application. When the application runs, the IDE launches the default browser and displays the Card Holder App page.
The IDE compiles, builds, and runs the RemoteUserApp application. When the application runs, the IDE launches the default browser and displays the Remote User’s App page.
http://IP Address:8019/remoteuserapp
This action is performed as a remote user who is attempting to access the Remote User’s App page. The attempt fails and the browser displays an HTTP error 403 page in the browser stating that card holder authorization is required.
Login: admin
Password: 1234
This action is performed as the card holder. The sample displays the authorization page in the browser.
Login: boss
Password: 5678
The sample displays a Welcome Remote User page in the browser.