This content has been marked as final.
Show 3 replies
-
1. Re: Jaas/ TCP restrictions
starksm64 Jul 5, 2004 11:15 AM (in response to taggat)Transport it too far removed from the authentication process to allow this to occur within the jaas login module. You would need to integrate with the transport layer to enforce this restriction.
-
2. Re: Jaas/ TCP restrictions
taggat Jul 5, 2004 12:08 PM (in response to taggat)in that case I will have to drop JAAS as the security for my application, or write my own servlet that handles the jaas logins, from there i can get the ip address from the HTTPServletRequest.
thanks anyway. -
3. Re: Jaas/ TCP restrictions
pilhuhn Jul 5, 2004 12:17 PM (in response to taggat)I am not completely sure, if the web page protection kicks in before servlet filters are processed.
If this is the case, why not write a filter that checks if the (authenticated) user is from the allowed address. If so, proceed, else kick him out again.