You could extend or wrap org.apache.jetspeed.services.security.turbine.TurbineAuthentication into a custom service that uses an access list of IP addresses to verify the users IP when authentication occurs for a specific set of roles, users, portlets, etc.
I do this non-Jetspeed custom email form processing application written in Turbine. Email forms can be submitted via a normal html form from anywhere, not just the app server. The possibility for someone hijacking it for spamming purposes was a very concern, so I implemented an "allowed servers" access list to prevent this. Works like a charm as long as the IP isn't spoofed ;) -scott > -----Original Message----- > From: Jason Richardson [mailto:[EMAIL PROTECTED]] > Sent: Friday, September 27, 2002 9:37 AM > To: [EMAIL PROTECTED] > Subject: restricting "admin" persmission logins to specified I.P adresses > > My organization is looking to restrict "admin" type logins to local IP > addresses. Is there anything in Jetspeed that allows this at this time? > If not this might be something that would be good for the Jetspeed > project. > > > Jason Richardson > > -- > To unsubscribe, e-mail: <mailto:jetspeed-dev- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:jetspeed-dev- > [EMAIL PROTECTED]>
