File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes IP based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "IP based authentication" Watch "IP based authentication" New topic

IP based authentication

Vipsha Sharma

Joined: Oct 18, 2007
Posts: 5

How to implement IP based authentication thru Java. We are maintaining one website for which we need to enable the IP access.We actually got a request from our client to make the content of this website free for the users belongs to Norway.
I need to have an idea how the logic to be built and which java API I can use.

This is urgent.

Help would be appreciated.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63866

Originally posted by Vipsha Sharma:
This is urgent.

Please read this.

[Asking smart questions] [About Bear] [Books by Bear]
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Hello Vipsha Sharma:

Have you thought anything in this direction ? Do let us know so that we can add to that.

Here is what I think about it.This concept might be possible of clients having static IP's , but what about other web clients connected to internet using dynamic IP's.One more petential problem which designing is that HTTPServletRequest can give you the IP of the last proxy through the request has passed.So it might be tricky to get the IP of the request initiating client.

Rahul Bhattacharjee
LinkedIn - Blog
Santhosh Kumar
Ranch Hand

Joined: Nov 07, 2000
Posts: 242
From Javadoc: <code>
Returns the Internet Protocol (IP) address of the client or last proxy that sent the reque

So the ip you get in your servlet could be the actual ip of the user, or proxy of the user's internet connection. You can findout from the network portion of the IP address, if that ip belongs to a particular geographic location. Most of the time the network portion of the proxy ip too would resolve the approximate location of the user's ip so, with grain of salt, you can use that to authorize the content.

Just a note: From the question content, I believe you are trying to "authorize" based on the ip. It is important to get the termanalogies right so people who tries to answer, need not get confused.
Richard Green
Ranch Hand

Joined: Aug 25, 2005
Posts: 536
Setup a filter that looks at the IP address of the request and deny's/allow's access to it.

MCSD, SCJP, SCWCD, SCBCD, SCJD (in progress - URLybird 1.2.1)
Vijay K Vivek

Joined: Oct 11, 2007
Posts: 27
When you mean set up a filter, do you mean writing a servlet filter and filtering based on IP address. If I use the request.getRemoteAddress as suggested previously will it not still have the same issues of an approximate IP address and we can never be sure of the real source?
I agree. Here's the link:
subject: IP based authentication
It's not a secret anymore!