Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Proxy question

 
Neil Laurance
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there. I'm working on a browser based UI application using Javascript on the client side, and Java Servlets on the server side.
I'm looking into a licensing mechanism based on the client IP address.
However, what happens if the client PC is using a proxy for his browser? Will an implementation of the ServletRequest.getRemoteAddr method return the end PC address, or the Proxy address. I'm guessing the latter.
If anyone can describe a better licensing mechanism, or can point me to some good reference material, I would be most grateful
Thanks, Neil
 
Neil Laurance
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nudge nudge -- anyone?
 
Rishi Tyagi
Ranch Hand
Posts: 102
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you are right that ServletRequest.getRemoteAddr will return the address of proxy server in your case ,
But if you want that your servlet must be accessed from some fix client IP then you can do something else for that like
You can access the ip address in the jave script and pass it to servlet in header variable while calling the servlet
In servlet access the header variable and check it if it is valid client.
Rishi
 
Tim Holloway
Saloon Keeper
Posts: 18303
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
IP Addresses aren't very good for this kind of thing. Not only can they be forged, but NAT can make multiple users all appear to have the same IP address. A JavaScript to capture the pre-NAT IP address won't improve things much, since NAT is commonly used to map from a pool of non-unique addresses such as 192.168.x.x.
 
Neil Laurance
Ranch Hand
Posts: 183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the information. I think we may have to base the licensing on the SessionId (stored as a JSESSIONID cookie client side, and returned by HttpServletRequest.getRequestedSessionId).
Cheers, Neil
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic