Re: Realms and Remote Address
And I thought I was just missing something obvious. Using the code from CVS and changing my authentication code to implement the FlexibleRealmInterface has worked. I hope there are no bugs in the version of code I have. Thanks again. Kerrin On 28/02/2008 at 20:12, in message [EMAIL PROTECTED], Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | Thanks for all your help so far. No problem. | I have the Security Filter working now (I had never used filters | before, so I had a lot of reading to do), and my bespoke realm is now | inheriting from SimpleSecurityRealmBase instead of Realm, and is now | located in my application instead of in a jar in tomcat/server/lib). Good. | Although this still doesn't appear to give me access to the IP address. | I have tried to find the FlexibleRealmInterface you mentioned, but can | only find one mention of it on the entire internet, and that is in | another post you made on a different mailing list. | | Where do I get this? Aah, I see. FlexibleRealmInterface was only made available after the 2.0 release. You need to get the sources from CVS and build SF that way in order to get FlexibleRealmInterface. Oh course, you'll also need to use the JAR file you build from there in order to run your code (rather than the one you may have downloaded). We're working on a 2.1 release soonish so folks don't have to roll their own libraries to get the nice, new stuff. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ( http://enigmail.mozdev.org/ ) iEYEARECAAYFAkfHFZYACgkQ9CaO5/Lv0PB0BACguNrmdCzb9RgJxqE2NwA/PO3A esYAn2rWKyE6fu7cs1uUl+dE5foUDG6e =GGhl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Remote Address
Chris, Thanks for all your help so far. I have the Security Filter working now (I had never used filters before, so I had a lot of reading to do), and my bespoke realm is now inheriting from SimpleSecurityRealmBase instead of Realm, and is now located in my application instead of in a jar in tomcat/server/lib). Although this still doesn't appear to give me access to the IP address. I have tried to find the FlexibleRealmInterface you mentioned, but can only find one mention of it on the entire internet, and that is in another post you made on a different mailing list. Where do I get this? Kerrin On 27/02/2008 at 14:19, in message [EMAIL PROTECTED], Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I have investigated Security Filter, and I don't see how that gives | me access to the IP address of the client. You have to implement your own Realm. If you use FlexibleRealmInterface, you have access to the entire HttpServletRequest, including things like the IP address. I have used this technique myself to do exactly as you desire. | It is upmost importance that I log the IP address of both successful | and unsuccessful logon attempts, which is why this must be done | outside the application. In any case, you will have to either hack the Tomcat authentication code or disable container-manager authentication, since Tomcat intercepts all authentication requests and your code will never have a chance. That's why I suggested sf. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ( http://enigmail.mozdev.org/ ) iEYEARECAAYFAkfFcXsACgkQ9CaO5/Lv0PCk8wCgmedUvzj0F5anfYO8JV9bwu+i KjgAoKR4/RnUthp1naytQbIWYNT/8wa2 =xjlg -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Remote Address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | Thanks for all your help so far. No problem. | I have the Security Filter working now (I had never used filters | before, so I had a lot of reading to do), and my bespoke realm is now | inheriting from SimpleSecurityRealmBase instead of Realm, and is now | located in my application instead of in a jar in tomcat/server/lib). Good. | Although this still doesn't appear to give me access to the IP address. | I have tried to find the FlexibleRealmInterface you mentioned, but can | only find one mention of it on the entire internet, and that is in | another post you made on a different mailing list. | | Where do I get this? Aah, I see. FlexibleRealmInterface was only made available after the 2.0 release. You need to get the sources from CVS and build SF that way in order to get FlexibleRealmInterface. Oh course, you'll also need to use the JAR file you build from there in order to run your code (rather than the one you may have downloaded). We're working on a 2.1 release soonish so folks don't have to roll their own libraries to get the nice, new stuff. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfHFZYACgkQ9CaO5/Lv0PB0BACguNrmdCzb9RgJxqE2NwA/PO3A esYAn2rWKyE6fu7cs1uUl+dE5foUDG6e =GGhl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Remote Address
Hi, Thanks for that. I have investigated Security Filter, and I don't see how that gives me access to the IP address of the client. It is upmost importance that I log the IP address of both successful and unsuccessful logon attempts, which is why this must be done outside the application. Kerrin On 25/02/2008 at 20:44, in message [EMAIL PROTECTED], Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I'm trying to create a Realm that authenticates a user and logs the | IP address they attempted from, but I am having trouble finding how I | get the IP address of the request (the Remote IP Address). This is not possible using Tomcat's existing container-managed authentication implementation. If you want something a little more flexible, you can look at SecurityFilter (http://securityfilter.sourceforge.net). Or, you can do as Mark suggests and use a Filter to log successful login attempts. Unfortunately, you will be unable to log unsuccessful attempts because IIRC Tomcat intercepts those requests before they even get to your app's code (including Filters). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ( http://enigmail.mozdev.org/ ) iEYEARECAAYFAkfDKJMACgkQ9CaO5/Lv0PCZ5QCeLh3CBpzsbMtFp3QgnJnYRn+U JYMAn3ddJFedUxowiacJqQdDyrjbBdrF =LwLN -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Remote Address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I have investigated Security Filter, and I don't see how that gives | me access to the IP address of the client. You have to implement your own Realm. If you use FlexibleRealmInterface, you have access to the entire HttpServletRequest, including things like the IP address. I have used this technique myself to do exactly as you desire. | It is upmost importance that I log the IP address of both successful | and unsuccessful logon attempts, which is why this must be done | outside the application. In any case, you will have to either hack the Tomcat authentication code or disable container-manager authentication, since Tomcat intercepts all authentication requests and your code will never have a chance. That's why I suggested sf. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfFcXsACgkQ9CaO5/Lv0PCk8wCgmedUvzj0F5anfYO8JV9bwu+i KjgAoKR4/RnUthp1naytQbIWYNT/8wa2 =xjlg -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realms and Remote Address
I'm trying to create a Realm that authenticates a user and logs the IP address they attempted from, but I am having trouble finding how I get the IP address of the request (the Remote IP Address). I know I could get it if I had the Socket object, but I don't see how I get that from the Realm. The function I need to access it from with in is the following function: public Principal authenticate(String username, String password) I'm sure the answer is simple, but I just can't find it. Thanks for your help in advance, Kerrin
Re: Realms and Remote Address
Kerrin Hardy wrote: I'm trying to create a Realm that authenticates a user and logs the IP address they attempted from, but I am having trouble finding how I get the IP address of the request (the Remote IP Address). I know I could get it if I had the Socket object, but I don't see how I get that from the Realm. The function I need to access it from with in is the following function: public Principal authenticate(String username, String password) I'm sure the answer is simple, but I just can't find it. Depending on what you are trying to do, you might be off with a filter to generate your logs. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Remote Address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I'm trying to create a Realm that authenticates a user and logs the | IP address they attempted from, but I am having trouble finding how I | get the IP address of the request (the Remote IP Address). This is not possible using Tomcat's existing container-managed authentication implementation. If you want something a little more flexible, you can look at SecurityFilter (http://securityfilter.sourceforge.net). Or, you can do as Mark suggests and use a Filter to log successful login attempts. Unfortunately, you will be unable to log unsuccessful attempts because IIRC Tomcat intercepts those requests before they even get to your app's code (including Filters). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfDKJMACgkQ9CaO5/Lv0PCZ5QCeLh3CBpzsbMtFp3QgnJnYRn+U JYMAn3ddJFedUxowiacJqQdDyrjbBdrF =LwLN -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]