Forum:

Servlets

IP based authentication

Greenhorn

Posts: 5

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi,

How to implement IP based authentication thru Java. We are maintaining one website for which we need to enable the IP access.We actually got a request from our client to make the content of this website free for the users belongs to Norway.
I need to have an idea how the logic to be built and which java API I can use.

This is urgent.

Help would be appreciated.

Bear Bibeault

Sheriff

Posts: 67754

173

I like...

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Originally posted by Vipsha Sharma:
This is urgent.

Please read this.

[Asking smart questions] [About Bear] [Books by Bear]

HTML 5 (verified skill)
Skill verified by Jeanne Boyarsky

CSS 3 (verified skill)
Skill verified by Jeanne Boyarsky

JavaScript (verified skill)
Skill verified by Jeanne Boyarsky

Rahul Bhattacharjee

Ranch Hand

Posts: 2308

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hello Vipsha Sharma:

Have you thought anything in this direction ? Do let us know so that we can add to that.

Here is what I think about it.This concept might be possible of clients having static IP's , but what about other web clients connected to internet using dynamic IP's.One more petential problem which designing is that HTTPServletRequest can give you the IP of the last proxy through the request has passed.So it might be tricky to get the IP of the request initiating client.

Rahul Bhattacharjee
LinkedIn - Blog

Santhosh Kumar

Ranch Hand

Posts: 242

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

From Javadoc: <code>
Servlet.getRemoteAddr()
Returns the Internet Protocol (IP) address of the client or last proxy that sent the reque
</code>

So the ip you get in your servlet could be the actual ip of the user, or proxy of the user's internet connection. You can findout from the network portion of the IP address, if that ip belongs to a particular geographic location. Most of the time the network portion of the proxy ip too would resolve the approximate location of the user's ip so, with grain of salt, you can use that to authorize the content.

Just a note: From the question content, I believe you are trying to "authorize" based on the ip. It is important to get the termanalogies right so people who tries to answer, need not get confused.

Richard Green

Ranch Hand

Posts: 536

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Setup a filter that looks at the IP address of the request and deny's/allow's access to it.

MCSD, SCJP, SCWCD, SCBCD, SCJD (in progress - URLybird 1.2.1)

Vijay K Vivek

Greenhorn

Posts: 27

posted 17 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Richard,
When you mean set up a filter, do you mean writing a servlet filter and filtering based on IP address. If I use the request.getRemoteAddress as suggested previously will it not still have the same issues of an approximate IP address and we can never be sure of the real source?