Connect to desktop web server from mobile device

The problem

I hava a Java EE application running in my development enviroment, i.e, in a desktop PC. This PC is connected to my company LAN network by using an ethernet cable.
This application uses some advance signature functions, which requiere a third party app would be installed in the client device. In this case, this application is Autofirma (it can be download from here). In my desktop environment it works fine, but we must certificate it also works in mobile devices, like Android and iOS devices.
The problem is that in order to test this web application you need to must to it from the mobile device. At this time there is not a suitable wirless connection in the company which allows this kind of tests, so you have to come out with your own solution.
I´ve been checking ways to connect my mobile device to the PC via USB cable, but I did not found a valid or easy-to-make solution. So I will propose my low-technology solution.

Target scenario

My solution consists in connect the mobile device and the desktop PC via WI-FI, by using a third mobile device as WI-FI hotspot. It also requires a WI-FI dongle or a WI-FI card in the desktop PC.

This is the whole picture of the solution.

For this simple test, I will access to my Apache Web Server home page from the android tablet.

The full environment elenemts and caracteristis are as follows:

• Desktop PC (Development environment): Windows 7
• WI-FI dongle: Who cares
• Tester mobile device: Samsung Galaxy Tab 3
• WI-FI hotspot: Motorola Moto E

Set up

Wi-Fi hotspot

In Android is very easy to configure your device as a WI-FI hotspot. This is primary intended to let other devices use its 3G/4G connection via WI-FI.

Go to settings > More > Modem and Wi-Fi zone

There you must enable the Wi-Fi hotstpot and, optionally, set up your security settings.

Desktop PC 

In the desktop PC you need to plug the USB dongle and install all required drivers. Unless you are using an extremely cheap chinese dongle, windows will recognize and configure it for you.

In your network manager you will see two networks: the LAN network and the wirless network. For this last one, if you previously enable security settings in your Wi-Fi hotspot, you will have to introduce your password before the connection could be established.

Each network connection will have its own MAC and IP address. In my case, my "ETH IP" is 192.168.1.134 and my "WI-FI IP" is 192.168.43.239.

Tester mobile device

In the android tablet, you just need to select the Wi-Fi hotspot wirless network.

Test

In the desktop PC my Apache Web Server is running on port 80. So, if you go to http://localhost you will see it. But from the tester mobile device point of view, this IP address is 192.168.43.239.
So you need to access to http://192.168.43.239. 

Trouble shooting

In order to this scenario works you may need to disable/configure the desktop PC firewall. 

Oracle - Avoid user password expiration

When you connect to Oracle you see this warning: "The password wil expire within %s days"

Check all profiles:

select * from dba_profiles

Check the profile assigned to one user:

select profile from DBA_USERS where username = 'MyUser';

For this profile, filter its limits:

select resource_name,limit from dba_profiles where profile='DEFAULT';

Check user account status and expiration date for this user:

select username, account_status, expiry_date from dba_users where username='MyUser';

With this information we know that our user is assigned to the Default profile, which has an expiration policy of 180 days. Also, this user´s password will expire on 09/01/2018. To avoid this, just update the profile´s policy.

alter profile DEFAULT limit PASSWORD_LIFE_TIME  unlimited;

The last thing to do is reset the password to its own value, in order to restart the account status to OPEN. Depending on your Oracle version, you can obtain this password by two means:

select password from dba_users where username='MyUser';

select spare4 from sys.user$ where name='MyUser';

Only one of them will return a non NULL value. Then update the user.

alter user MyUser identified by values 'S:9090878D...;T:193A657B...';

Configure Hawtio in JBoss domain mode

These are the steps to configure Hawtio in Jboss EAP 6:

• Create a Management user
• Configure JBoss security
• Disable JBoss logging subsystem
• Test

This was tested with JBoss EAP 6.2, Hawtio 1.4.9 and Java 7 (this is the reason to not use the last Hawtio release).

Create a Management user

The user who will access hawtio console will need to provide a valid credentials, and he must have asociated an specific role (group).

By using add-user.sh script you need to create a Management user, in this case 'hawtio'. Besides, this user will belong to 'roleHawtio' group.

[root@jboss01 bin]# ./add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : hawtio
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: roleHawtio
About to add user 'hawtio' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'hawtio' to file '/opt/jboss-eap-6.2-dc/standalone/configuration/mgmt-users.properties'
Added user 'hawtio' to file '/opt/jboss-eap-6.2-dc/domain/configuration/mgmt-users.properties'
Added user 'hawtio' with groups roleHawtio to file '/opt/jboss-eap-6.2-dc/standalone/configuration/mgmt-groups.properties'
Added user 'hawtio' with groups roleHawtio to file '/opt/jboss-eap-6.2-dc/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
[root@jboss01 bin]#

After the command is executed, you need to replicate the mgmt-users.properties and mgmt-groups.properties files in all nodes of your domain.

Configure JBoss security

In domain.xml file you need to add the following system properties (the complete list of available properties to configure are in the this link):

<system-properties>
 <property name="java.net.preferIPv4Stack" value="true"/>
 <property name="hawtio.authenticationEnabled" value="true"/>
 <property name="hawtio.offline" value="true"/>
 <property name="hawtio.realm" value="hawtio-domain"/>
 <property name="hawtio.role" value="roleHawtio" />
</system-properties>

The property hawtio.realm is referencing the hawtio-domain, so you need to configure this domain in jboss security subsystem.

<subsystem xmlns="urn:jboss:domain:security:1.2">
 <security-domains>
  
  (...)
  
  <security-domain name="hawtio-domain" cache-type="default">
   <authentication>
    <login-module code="RealmDirect" flag="required">
     <module-option name="realm" value="ManagementRealm"/>
    </login-module>
   </authentication>
  </security-domain>
 </security-domains>
</subsystem>

Is very important to keep in mind that you need to replicate this config in all profiles of the domain.xml file.

Disable JBoss logging subsystem

If you are like me and you think that JBoss logging subsystem is a pain in the ass, probably you would like to disable it. Luckly it´s very esay, just open the hawtio WAR and add the following jboss-deployment-structure.xml file in META-INF folder:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
 <deployment>  
  <exclude-subsystems>
   <subsystem name="logging" />  
  </exclude-subsystems>

  <exclusions>
   <module name="org.apache.log4j" />
   <module name="org.slf4j" />
   <module name="org.log4j" />
   <module name="org.jboss.logging" />
  </exclusions>
 </deployment>
</jboss-deployment-structure>

Test

When these changes are done, you can deploy hawtio WAR in your domain. There you should see the following log trace, where you can check the params you specified before:

[Server:spre-segjava-1] 14:47:45,269 INFO  [stdout] (ServerService Thread Pool -- 77) INFO  | ServerService Thread Pool -- 77 | Starting hawtio authentication filter, JAAS realm: "hawtio-domain" authorized role: "roleHawtio" role principal classes: ""

If you try to access to http://[host]/hawtio/ you will be redirect to the login page and you just need to use the credentials created in the first step.