You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Achint Srivastava <ac...@hotmail.com> on 2009/10/02 23:14:11 UTC

IP address based authorization

We want to add IP based authorization to our system in addition to username/password. This means that users coming from an IP address X have permissions to certain resources without having to login. Is that possible to model in Shiro? From what I have looked at it seems difficult. I basically want to add IP address as a principal to the subject so that when authorizing I can get permissions based on both IP address and/or User ID, but there doesn't seem to be a way to set principals without authenticating.
Thanks,
Achint
 		 	   		  
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/

Re: IP address based authorization

Posted by Les Hazlewood <lh...@apache.org>.

Hi Achint,

Is this a web app or standalone application?

The UsernamePasswordToken already implements the
InetAuthenticationToken interface which can be used to retain the IP
from where they are logging in - so you can definitely use that data
in your Realm implementation when you create the PrincipalCollection
at login time.

If it is a web app, is your problem that you want to automatically
assign the IP associated with the request to the currently executing
Subject's PrincipalCollection without logging in?

- Les

On Fri, Oct 2, 2009 at 5:14 PM, Achint Srivastava <ac...@hotmail.com> wrote:
> We want to add IP based authorization to our system in addition to
> username/password. This means that users coming from an IP address X have
> permissions to certain resources without having to login. Is that possible
> to model in Shiro? From what I have looked at it seems difficult. I
> basically want to add IP address as a principal to the subject so that when
> authorizing I can get permissions based on both IP address and/or User ID,
> but there doesn't seem to be a way to set principals without authenticating.
> Thanks,
> Achint
>
> ________________________________
> Hotmail: Powerful Free email with security by Microsoft. Get it now.