You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2013/05/04 22:31:40 UTC

Re: Extending Shiro to include IP checks

Hiya,

I think the easiest thing to do is to create an AuthorizationFilter
implementation that checks if the request from the IP is allowed.  You
could use the existing HostFilter in the trunk as an example/starting
point: https://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/HostFilter.java

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282

On Wed, Apr 24, 2013 at 8:31 PM, DaisyJose <da...@gmail.com> wrote:
> Hi,
> I am using Shiro for my Java Servlets based web application security.
> I would like to extend the basic shiro authorization to include the
> following check:
> If certain roles try to login to the application from IPs that are not
> present in the database,they must be redirected to the unauthorizedUrl.
> Any ideas would be much appreciated.
>
> Thanks,
> Daisy Jose.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Extending-Shiro-to-include-IP-checks-tp7578660.html
> Sent from the Shiro User mailing list archive at Nabble.com.