You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Weaver, Scott" <Sw...@rippe.com> on 2002/09/27 15:59:09 UTC
RE: restricting "admin" persmission logins to specified I.P adres
ses
You could extend or wrap org.apache.jetspeed.services.security.turbine.TurbineAuthentication
into a custom service that uses an access list of IP addresses to verify the users IP when authentication occurs for a specific set of roles, users, portlets, etc.
I do this non-Jetspeed custom email form processing application written in Turbine. Email forms can be submitted via a normal html form from anywhere, not just the app server. The possibility for someone hijacking it for spamming purposes was a very concern, so I implemented an "allowed servers" access list to prevent this. Works like a charm as long as the IP isn't spoofed ;)
-scott
> -----Original Message-----
> From: Jason Richardson [mailto:jrichardson@bjc.org]
> Sent: Friday, September 27, 2002 9:37 AM
> To: jetspeed-dev@jakarta.apache.org
> Subject: restricting "admin" persmission logins to specified I.P adresses
>
> My organization is looking to restrict "admin" type logins to local IP
> addresses. Is there anything in Jetspeed that allows this at this time?
> If not this might be something that would be good for the Jetspeed
> project.
>
>
> Jason Richardson
>
> --
> To unsubscribe, e-mail: <mailto:jetspeed-dev-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:jetspeed-dev-
> help@jakarta.apache.org>