A j2ee application is deployed in tomcat, user in parent company(Intranet) or child company(Internet) will access to this application,
Here is a requirement:
Just specific computers can access to this application located in parent company,
that is, just the computer in company can access to this application, other computers outside of company can not access to application.
PS: The IP Address of child company is dynamic.
Do you have any experience about this kind of requirement?
Do you have any solution for this requirement?
Is having username/password not considered safe enough?
Well, I did have such a requirement in one of my previous client(A Bank) due to sensitive data and they had put a restriction on the computers that can access the system. This was handled using client side certificates. It is a painful process as each system that would interface with the secure system would need to request for a client certificate. Here we had a server connecting to another server and we had limited number of servers.
In your case, the solution below might provide some pointers:
Have a user register a computer using a registration screen that would save a flash object on the user system. When the user logs in, read the flash object and the data stored in it to identify if this is a registered computer and registered to a specific user. This is similar to storing a cookie, but cookies can be deleted easily.