This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
How to implement IP based authentication thru Java. We are maintaining one website for which we need to enable the IP access.We actually got a request from our client to make the content of this website free for the users belongs to Norway. I need to have an idea how the logic to be built and which java API I can use.
Have you thought anything in this direction ? Do let us know so that we can add to that.
Here is what I think about it.This concept might be possible of clients having static IP's , but what about other web clients connected to internet using dynamic IP's.One more petential problem which designing is that HTTPServletRequest can give you the IP of the last proxy through the request has passed.So it might be tricky to get the IP of the request initiating client.
From Javadoc: <code> Servlet.getRemoteAddr() Returns the Internet Protocol (IP) address of the client or last proxy that sent the reque </code>
So the ip you get in your servlet could be the actual ip of the user, or proxy of the user's internet connection. You can findout from the network portion of the IP address, if that ip belongs to a particular geographic location. Most of the time the network portion of the proxy ip too would resolve the approximate location of the user's ip so, with grain of salt, you can use that to authorize the content.
Just a note: From the question content, I believe you are trying to "authorize" based on the ip. It is important to get the termanalogies right so people who tries to answer, need not get confused.
Richard, When you mean set up a filter, do you mean writing a servlet filter and filtering based on IP address. If I use the request.getRemoteAddress as suggested previously will it not still have the same issues of an approximate IP address and we can never be sure of the real source?