File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Proxy question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Proxy question" Watch "Proxy question" New topic

Proxy question

Neil Laurance
Ranch Hand

Joined: Jul 18, 2002
Posts: 183
Hi there. I'm working on a browser based UI application using Javascript on the client side, and Java Servlets on the server side.
I'm looking into a licensing mechanism based on the client IP address.
However, what happens if the client PC is using a proxy for his browser? Will an implementation of the ServletRequest.getRemoteAddr method return the end PC address, or the Proxy address. I'm guessing the latter.
If anyone can describe a better licensing mechanism, or can point me to some good reference material, I would be most grateful
Thanks, Neil
Neil Laurance
Ranch Hand

Joined: Jul 18, 2002
Posts: 183
nudge nudge -- anyone?
Rishi Tyagi
Ranch Hand

Joined: Feb 14, 2002
Posts: 100
Yes you are right that ServletRequest.getRemoteAddr will return the address of proxy server in your case ,
But if you want that your servlet must be accessed from some fix client IP then you can do something else for that like
You can access the ip address in the jave script and pass it to servlet in header variable while calling the servlet
In servlet access the header variable and check it if it is valid client.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

IP Addresses aren't very good for this kind of thing. Not only can they be forged, but NAT can make multiple users all appear to have the same IP address. A JavaScript to capture the pre-NAT IP address won't improve things much, since NAT is commonly used to map from a pool of non-unique addresses such as 192.168.x.x.

An IDE is no substitute for an Intelligent Developer.
Neil Laurance
Ranch Hand

Joined: Jul 18, 2002
Posts: 183
Thanks for the information. I think we may have to base the licensing on the SessionId (stored as a JSESSIONID cookie client side, and returned by HttpServletRequest.getRequestedSessionId).
Cheers, Neil
I agree. Here's the link:
subject: Proxy question
It's not a secret anymore!