File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Physically client limitation

 
andreas reichhold
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible to limitate the servlet access to a physically browser client ?
(mac address inside HTTP header or so ?)

Application background is to limitate the application access (by any browser) to certain physical client computers with dynamically assigned IP adresses.

Any ideas ? Thanks
 
Scott Selikoff
author
Saloon Keeper
Posts: 3887
14
Eclipse IDE Flex Google Web Toolkit
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, the http request object contains the ip and other information of the one making the request. You can define an approve list that accepts/rejects requests based on the user's input information. I recommend putting this list in a file so that you don't have to recompile the servlet if you add/remove users/machines.
 
andreas reichhold
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem i have to solve is to determine the physically client which changes its IP from session to session due to dynamically IP assignment. So the IP information is worthless for me.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use certificate based authentication, where the user must have a certificate installed before being able to access the site, and the site will only accept requests from clients with the certificate. It doesn't get used much so you may need to search for information.

If it really needs to be secured you can also look at solutions such as setting up a VPN and only allowing internal access to the site.
 
andreas reichhold
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks David, this sounds good. Do you have any link for me where i can get technically details/information about this procedure ?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't have a book in front of me so I can't be certain, but I believe it is part of the J2EE spec and a topic in the SCWCD exam. It should be supported by servlet containers along with Basic and form based authentication, but honestly I have never gone looking for it.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13044
6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the Tomcat 5.5 discussion of SSL. It mentions using both client certificate and server cert

Bill
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic