Run Multiple Web Applications on Application Server
This article explains how to run multiple web applications on an application server, with each application configured using separate properties files.
The diagram below illustrates the deployment structure, showing three web applications hosted on a single application server, each using the CADP for Java JAR in the web application.
The table below lists the applications' locations and the corresponding location of the CADP for Java libraries and CADP_for_Java.properties file.
| Application Name | Application location | CADP for Java related files |
|---|---|---|
| AppA | /usr/share/tomcat/webapps/AppA/crypto.jsp | /usr/share/tomcat/webapps/AppA/WEB_INF/lib |
| AppB | /usr/share/tomcat/webapps/AppB/crypto.jsp | /usr/share/tomcat/webapps/AppB/WEB_INF/lib |
| AppC | /usr/share/tomcat/webapps/AppC/crypto.jsp | /usr/share/tomcat/webapps/AppC/WEB_INF/lib |
When multiple applications are deployed on the same application server, and each application adds an IngrianProvider with the same name to the System Provider in order to initialize and load its properties file, the first application runs without issue. However, when the second application runs and executes the line Cipher cipher = Cipher.getInstance(algorithm, "IngrianProvider"), the JVM loads the IngrianProvider class from the first application due to the name conflict. This can result in ClassCastException.
To resolve this issue, use Cipher cipher = NAECipher.getNAECipherInstance(algorithm, "IngrianProvider") as demonstrated in the following code snippet.
<%@page import="javax.crypto.Cipher" %>
<%@page import="javax.crypto.SecretKey" %>
<%@page import="com.ingrian.security.nae.NAECipher" %>
<%@page import="com.ingrian.security.nae.NAEKey" %>
<%@page import="com.ingrian.security.nae.NAESession" %>
<%@page import="com.ingrian.security.nae.IngrianProvider" %>
<%@page import="java.security.Security" %>
<%!
public String AESCBCCrypto(SecretKey key, String originalText) {
byte[] text = originalText.getBytes();
byte[] encrypt;
byte[] decrypt;
try {
Cipher cipher = NAECipher.getNAECipherInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
cipher.init(Cipher.ENCRYPT_MODE, key);
encrypt = cipher.doFinal(text);
cipher.init(Cipher.DECRYPT_MODE, key);
decrypt = cipher.doFinal(encrypt);
return new String(decrypt);
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
%>
<%
String naeUser="xxxxxxx";
char[] naePswd="xxxxxxxxxxxx".toCharArray();
String keyName="TestKey123";
Security.addProvider(new IngrianProvider());
NAESession session = NAESession.getSession(naeUser, naePswd);
SecretKey key = NAEKey.getSecretKey(keyName, session);
String originalText = "Hello World!";
out.println("Algorithm is AES/CBC/PKCS5Padding");
out.println("originalText == "+"Hello World!");
out.println("Text After Decryption " +AESCBCCrypto(key, originalText));
%>
This method creates the cipher using the current application's IngrianProvider, avoiding the class conflict issue.
