portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weaver, Scott" <Swea...@rippe.com>
Subject RE: restricting "admin" persmission logins to specified I.P adres ses
Date Fri, 27 Sep 2002 13:59:09 GMT
You could extend or wrap org.apache.jetspeed.services.security.turbine.TurbineAuthentication
into a custom service that uses an access list of IP addresses to verify the users IP when
authentication occurs for a specific set of roles, users, portlets, etc.  

I do this non-Jetspeed custom email form processing application written in Turbine.  Email
forms can be submitted via a normal html form from anywhere, not just the app server.  The
possibility for someone hijacking it for spamming purposes was a very concern, so I implemented
an "allowed servers" access list to prevent this.  Works like a charm as long as the IP isn't
spoofed ;)

-scott

> -----Original Message-----
> From: Jason Richardson [mailto:jrichardson@bjc.org]
> Sent: Friday, September 27, 2002 9:37 AM
> To: jetspeed-dev@jakarta.apache.org
> Subject: restricting "admin" persmission logins to specified I.P adresses
> 
> My organization is looking to restrict "admin" type logins to local IP
> addresses.  Is there anything in Jetspeed that allows this at this time?
>  If not this might be something that would be good for the Jetspeed
> project.
> 
> 
> Jason Richardson
> 
> --
> To unsubscribe, e-mail:   <mailto:jetspeed-dev-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:jetspeed-dev-
> help@jakarta.apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message