• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Physically client limitation

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is it possible to limitate the servlet access to a physically browser client ?
(mac address inside HTTP header or so ?)

Application background is to limitate the application access (by any browser) to certain physical client computers with dynamically assigned IP adresses.

Any ideas ? Thanks
 
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, the http request object contains the ip and other information of the one making the request. You can define an approve list that accepts/rejects requests based on the user's input information. I recommend putting this list in a file so that you don't have to recompile the servlet if you add/remove users/machines.
 
andreas reichhold
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem i have to solve is to determine the physically client which changes its IP from session to session due to dynamically IP assignment. So the IP information is worthless for me.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use certificate based authentication, where the user must have a certificate installed before being able to access the site, and the site will only accept requests from clients with the certificate. It doesn't get used much so you may need to search for information.

If it really needs to be secured you can also look at solutions such as setting up a VPN and only allowing internal access to the site.
 
andreas reichhold
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks David, this sounds good. Do you have any link for me where i can get technically details/information about this procedure ?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't have a book in front of me so I can't be certain, but I believe it is part of the J2EE spec and a topic in the SCWCD exam. It should be supported by servlet containers along with Basic and form based authentication, but honestly I have never gone looking for it.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the Tomcat 5.5 discussion of SSL. It mentions using both client certificate and server cert

Bill
 
You showed up just in time for the waffles! And this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic