aspose file tools*
The moose likes Servlets and the fly likes Physically client limitation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Physically client limitation" Watch "Physically client limitation" New topic
Author

Physically client limitation

andreas reichhold
Greenhorn

Joined: Oct 19, 2006
Posts: 3
Is it possible to limitate the servlet access to a physically browser client ?
(mac address inside HTTP header or so ?)

Application background is to limitate the application access (by any browser) to certain physical client computers with dynamically assigned IP adresses.

Any ideas ? Thanks
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3716
    
    5

Yes, the http request object contains the ip and other information of the one making the request. You can define an approve list that accepts/rejects requests based on the user's input information. I recommend putting this list in a file so that you don't have to recompile the servlet if you add/remove users/machines.


My Blog: Down Home Country Coding with Scott Selikoff
andreas reichhold
Greenhorn

Joined: Oct 19, 2006
Posts: 3
The problem i have to solve is to determine the physically client which changes its IP from session to session due to dynamically IP assignment. So the IP information is worthless for me.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You can use certificate based authentication, where the user must have a certificate installed before being able to access the site, and the site will only accept requests from clients with the certificate. It doesn't get used much so you may need to search for information.

If it really needs to be secured you can also look at solutions such as setting up a VPN and only allowing internal access to the site.
andreas reichhold
Greenhorn

Joined: Oct 19, 2006
Posts: 3
Thanks David, this sounds good. Do you have any link for me where i can get technically details/information about this procedure ?
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I don't have a book in front of me so I can't be certain, but I believe it is part of the J2EE spec and a topic in the SCWCD exam. It should be supported by servlet containers along with Basic and form based authentication, but honestly I have never gone looking for it.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12835
    
    5
Here is the Tomcat 5.5 discussion of SSL. It mentions using both client certificate and server cert

Bill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Physically client limitation