5 Replies Latest reply on Sep 27, 2002 9:45 AM by J. Wolfgang Kaltz

    IP filter

    seanxu Newbie

      In addition to JAAS, I'd like to be able to control who (what IP) can talk to my JBoss. What is the best strategy to do it?


        • 1. Re: IP filter
          ppetit Newbie

          You have different kind of choices :
          1 - in front of your server you can setup a router or FW that allow a range of IP addresses.
          2 - If you're under Linux you can do the same inhouse with ipchaine, iptable
          3 - perform a programmatic test from your controller servlet (ie you can check an array of hostnames allowed to access

          it's 2 euros idea ;))

          • 2. Re: IP filter
            seanxu Newbie

            2 euros is more valuable than $2 now.

            I guess your answer means that there is no IP filter built in JBoss. I am using Solaris and using JBoss only as EJB container, i.e., there is no Servlet container deployed in JBoss. Client programs running remotely invoke EJBs hosted in JBoss through RMI. I would like to have a IP filtering function provided by the container.

            Is it possible to do this as an interceptor?


            • 3. Re: IP filter
              J. Wolfgang Kaltz Novice

              At the JBoss level, you could write your own security interceptor. I don't think you can configure what you want to do in the standard security interceptor.

              At the system level, as the previous user said, as long as you're running on a real OS, you can use something like ipchains to configure which IP addresses are allowed to open connections to which services/ports.

              • 4. Re: IP filter
                seanxu Newbie

                Thank you for the reply.
                I am looking into writing my own security interceptor for IP filtering. The OS option is not good for us since we are providing this for internal uses and platform could be NT, Unix or Linux.

                While I am looking at security interceptor, I could not find client IP being passed to the interceptor. The call to interceptor is through invoke method and Invocation object is passed. I traced down the source code but could not find socket or any other object containing IP info. being embedded in Invocation object.

                How could I find the IP info?


                • 5. Re: IP filter
                  J. Wolfgang Kaltz Novice

                  Hmm I'm not sure.
                  Are you using an integrated Webserver or a stand-alone login ?
                  The webserver definitely has the originating address, in its http request. So this would need to be passed on to your security interceptor.

                  I am not sure what the smartest way of doing that would be; one way would be to pass that in the user or password fields.