-
1. Re: JBoss Specific IP Based Security
petertje Mar 7, 2003 2:13 PM (in response to michaeljbergin)What kind of clients? Servlet/HTML clients or stand-alone java applications connecting to EJBs directly?
-
2. Re: JBoss Specific IP Based Security
oz59 Mar 8, 2003 3:13 PM (in response to michaeljbergin)Indeed, if the client's only means of accessing your info is through the web, then you can simply use the ServletRequest "getRemoteAddr()" method. If there's another way for the client to access the info, you guys should probably write it. Since it would theoretically be running on the client's machine (invoked by them) you can query the runtime for the ip address and include that in the remote call.
-
3. Re: JBoss Specific IP Based Security
michaeljbergin Mar 9, 2003 9:40 PM (in response to michaeljbergin)the client is a stand-alone java applet, or application. the client uses jax-rpc to communicate with the server-side components. there is one web services interface exposed by the server that implements a type of command pattern so all of the communication with the server-side go through this component.
so is there any built-in/jboss-specific way of accomplishing this? if not i would appreciate any guidance that any jboss experts could provide in writing this piece. thanks. -
4. Re: JBoss Specific IP Based Security
oz59 Mar 12, 2003 11:58 AM (in response to michaeljbergin)Are you using AXIS? I've only run it locally, but tcpmon displays the "Request Host" address (127.0.0.1 in my case). You can dig around and find out how they did it or modify the AXIS servlet to provide that info directly.
hth. -
5. Re: JBoss Specific IP Based Security
vmarco Apr 3, 2003 7:03 PM (in response to michaeljbergin)I, too, have a need to get the HttpServletRequest over to my custom LoginModule.
I need to log the results of each validation attempt and need to include the IP address of the user. Unfortunately the LoginModule doesn't have access to the HttpServletRequest which has the IP. Now I've created a new CallbackHander and Callback classes to obtain the HttpServletRequest (in addition to the Username and Password), so the LoginModule is coded and ready to go.
What I need is a way to use the new CallbackHandler. I've got code which creates the LoginContext passing in the CallbackHandler, but the servlet 2.3 spec indicates that my action for FORM authentication must use "j_security_check" as the action, instead of my own servlet or Struts action. This prevents me from putting in my own CallbackHandler as the j_security_check servlet only uses a CallbackHandler which passes Callbacks for the Name and Password.
Any ideas? Has anyone done this?
Thanks,
Vince