Wednesday, January 30, 2013

IP restriction with jsf and glassfish

After completing one of my j2ee application I needed to secure it but how ?
The first idea that came into my mind was to develop my own custom security module. What I did but somewhere along the lines I change my mind for a built-in REALM.

Implementing the built-in security that come with glassfish is straight forward
as you can see from these blogs
  1. http://blog.eisele.net/2011/01/jdbc-security-realm-and-form-based.html
  2. http://jugojava.blogspot.com/2011/02/jdbc-security-realm-with-glassfish-and.html
  3. http://www.greenkode.com/2011/09/user-authentication-and-authorization-using-jaas-and-servlet-3-0-login/ 
Everything  went smoothly I realize there was no simple option in glassfish that could allow me to prevent some ip address  from accessing my application. Even thought we can use virtual server  and certificates to do the job, I found them advanced and difficult .

An easier way to do this will just be to use the following

HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest(); 
String ip = httpServletRequest.getRemoteAddr();
To get the incoming ip and .... rocks!!

I will be back on this topics soon