jQuery in Action, 2nd edition*
The moose likes Java in General and the fly likes Client Authentication(How to limit the computer to access to j2ee application) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Client Authentication(How to limit the computer to access to j2ee application)" Watch "Client Authentication(How to limit the computer to access to j2ee application)" New topic
Author

Client Authentication(How to limit the computer to access to j2ee application)

hu ecko
Greenhorn

Joined: Mar 28, 2008
Posts: 5
A j2ee application is deployed in tomcat, user in parent company(Intranet) or child company(Internet) will access to this application,

Here is a requirement:

Just specific computers can access to this application located in parent company,
that is, just the computer in company can access to this application, other computers outside of company can not access to application.

PS: The IP Address of child company is dynamic.

Do you have any experience about this kind of requirement?
Do you have any solution for this requirement?

Thank you very much!!!
Oleg Tikhonov
Ranch Hand

Joined: Aug 02, 2008
Posts: 55
Hello,
i think that a more appropriate way is to use JAAS.
In login mechanism you can add as "parameter" the name of this computer/s or its MAC address/es.

Cheers,
Oleg.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41525
    
  53
For users on the internal network you can just look at the IP address - they will generally be something like "192.168.x.y".

If the users on the outside don't have a common IP then I'd add username/password scheme to authenticate them (which is probably a good ideas to use for everyone, actually).


Ping & DNS - my free Android networking tools app
Sunil Vasudevan
Ranch Hand

Joined: Mar 05, 2007
Posts: 107
Is having username/password not considered safe enough?

Well, I did have such a requirement in one of my previous client(A Bank) due to sensitive data and they had put a restriction on the computers that can access the system. This was handled using client side certificates. It is a painful process as each system that would interface with the secure system would need to request for a client certificate. Here we had a server connecting to another server and we had limited number of servers.

In your case, the solution below might provide some pointers:
Have a user register a computer using a registration screen that would save a flash object on the user system. When the user logs in, read the flash object and the data stored in it to identify if this is a registered computer and registered to a specific user. This is similar to storing a cookie, but cookies can be deleted easily.




Sunil.V<br />SCJP2, SCWCD1.4, SCBCD1.3
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Client Authentication(How to limit the computer to access to j2ee application)