SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
Masoud Kalali
Software Engineer - My Weblog - GlassFish Security
Originally posted by Ulf Dittmer:
I don't think you will be able to use either container-managed security or the RemoteAccess valve. The former will require authentication for all users, regardless of where they come from, while the latter can only allow or block requests based on their IP, but not redirect some.
How about checking the IP yourself, and if it's within the allowed range, forward to an unprotected URL (which of course must deny requests not forwarded from the IP-checking code), and if it's not within the allowed range, forward to a protected URL (which does the same thing as the unprotected URL, but only after authentication).
SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
Originally posted by Craig Jackson:
I believe you should force everyone to authenticate themselves whether they access your web site locally(intranet) or internet.
For example, what if a person(s), who happens to have an IP address that falls within your intranet IP range, try to access your website thru the internet.
SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S
<a href="http://forums.hotjoe.com/forums/list.page" target="_blank" rel="nofollow">Java forums using Java software</a> - Come and help get them started.
Originally posted by Scott Dunbar:
Instead of Directory (which is file system based) try Location (which is URL based).
SCJP 1.4 91%, SCJP 1.5 88%, SCJD B&S