-
1. Re: Limit access by IP address
lalala Jun 23, 2004 7:36 AM (in response to simonmcc)I'm new in JBoss and Jaas, but I've read a lot of documentation about this and I think that isn't possible.
You can configure access/deny an user by his role. This user may be authenticate in the system, with a system login. -
2. Re: Limit access by IP address
formenti Jun 23, 2004 8:24 AM (in response to simonmcc)Just a little help, maybe a walkaround:
when i worked with Tomcat i re-wrote the authenticator class (you can modify org.apache.catalina.authenticator.BasicAuthenticator). You can put in the password field (if you use DB based authentication) even the ip, like: "password:xxx.xxx.xxx.xxx" and then in the authenticator class can test password+":"+ip as it is the password stored in the db...
An example:String password = parsePassword(authorization)+"@"+request.getRequest().getRemoteAddr();
instead of:String password = parsePassword(authorization);
If you make so the following statementprincipal = context.getRealm().authenticate(username, password);
check password and the IP for you! -
3. Re: Limit access by IP address
fthurber Mar 19, 2009 1:53 PM (in response to simonmcc)
Surely there is an easier way thant that? -
4. Re: Limit access by IP address
fthurber Mar 19, 2009 2:59 PM (in response to simonmcc)
I have a simple JBoss installation that contains a small number of servlets. How do I restrict some of them so that they can only be accessed from localhost? I would think that this is easy, but I cannot find this capability.
Also is there a easy way to reject http PUT's for the whole server instead of having to add http-method elements to web.xml? -
5. Re: Limit access by IP address
fthurber Mar 20, 2009 1:13 PM (in response to simonmcc)
Wow, no answer. After coming from the Apache world, I am surprised that JBoss cannot limit access to particular servlets by IP.
We are running on RedHat Linux; should this filtering be done at the OS level instead. I did not see a way to do this in iptables. -
6. Re: Limit access by IP address
fthurber Mar 23, 2009 10:00 AM (in response to simonmcc)
Should I use a good, old servlet filter? Obviously this would require some Java code, but it seems simple to do (and I have used them before): http://www.jboss.org/community/docs/DOC-11257
Or should I use a <web:context-filter...> and subclass JBoss's Generic Handler? Or is this just for web services: http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4162661 -
7. Re: Limit access by IP address
anil.saldhana Mar 24, 2009 1:50 PM (in response to simonmcc)Try adding the standard Apache Tomcat "RemoteAddress/RemoteHost" valves in a context.xml in WEB-INF of your web application.
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html -
8. Re: Limit access by IP address
fthurber Mar 26, 2009 10:24 AM (in response to simonmcc)"anil.saldhana@jboss.com" wrote:
Try adding the standard Apache Tomcat "RemoteAddress/RemoteHost" valves in a context.xml in WEB-INF of your web application.
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
Thanks Anil, that was exactly what I was looking for! A very nice solution. -
9. Re: Limit access by IP address
xmedeko Jun 26, 2009 5:37 AM (in response to simonmcc)Anyway, it's already in Jboss wiki:
http://www.jboss.org/community/wiki/LimitAccessToCertainClients