5 Replies Latest reply on Sep 27, 2002 9:45 AM by jwkaltz

    IP filter

    seanx
    seanx Sep 20, 2002 6:25 PM

      In addition to JAAS, I'd like to be able to control who (what IP) can talk to my JBoss. What is the best strategy to do it?

      thanks

      • 4023 Views
      • Tags:
        • 1. Re: IP filter
          ppetit
          ppetit Sep 21, 2002 12:25 PM (in response to seanx)

          You have different kind of choices :
          1 - in front of your server you can setup a router or FW that allow a range of IP addresses.
          2 - If you're under Linux you can do the same inhouse with ipchaine, iptable
          3 - perform a programmatic test from your controller servlet (ie you can check an array of hostnames allowed to access

          it's 2 euros idea ;))
          Philippe

            • Actions
          • 2. Re: IP filter
            seanx
            seanx Sep 23, 2002 3:45 PM (in response to seanx)

            2 euros is more valuable than $2 now.

            I guess your answer means that there is no IP filter built in JBoss. I am using Solaris and using JBoss only as EJB container, i.e., there is no Servlet container deployed in JBoss. Client programs running remotely invoke EJBs hosted in JBoss through RMI. I would like to have a IP filtering function provided by the container.

            Is it possible to do this as an interceptor?

            thanks

              • Actions
            • 3. Re: IP filter
              jwkaltz
              jwkaltz Sep 25, 2002 10:27 AM (in response to seanx)

              At the JBoss level, you could write your own security interceptor. I don't think you can configure what you want to do in the standard security interceptor.

              At the system level, as the previous user said, as long as you're running on a real OS, you can use something like ipchains to configure which IP addresses are allowed to open connections to which services/ports.

                • Actions
              • 4. Re: IP filter
                seanx
                seanx Sep 25, 2002 12:44 PM (in response to seanx)

                Thank you for the reply.
                I am looking into writing my own security interceptor for IP filtering. The OS option is not good for us since we are providing this for internal uses and platform could be NT, Unix or Linux.

                While I am looking at security interceptor, I could not find client IP being passed to the interceptor. The call to interceptor is through invoke method and Invocation object is passed. I traced down the source code but could not find socket or any other object containing IP info. being embedded in Invocation object.

                How could I find the IP info?

                thanks

                  • Actions
                • 5. Re: IP filter
                  jwkaltz
                  jwkaltz Sep 27, 2002 9:45 AM (in response to seanx)

                  Hmm I'm not sure.
                  Are you using an integrated Webserver or a stand-alone login ?
                  The webserver definitely has the originating address, in its http request. So this would need to be passed on to your security interceptor.

                  I am not sure what the smartest way of doing that would be; one way would be to pass that in the user or password fields.

                    • Actions