Hiya, I think the easiest thing to do is to create an AuthorizationFilter implementation that checks if the request from the IP is allowed. You could use the existing HostFilter in the trunk as an example/starting point: https://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authz/HostFilter.java
HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Wed, Apr 24, 2013 at 8:31 PM, DaisyJose <[email protected]> wrote: > Hi, > I am using Shiro for my Java Servlets based web application security. > I would like to extend the basic shiro authorization to include the > following check: > If certain roles try to login to the application from IPs that are not > present in the database,they must be redirected to the unauthorizedUrl. > Any ideas would be much appreciated. > > Thanks, > Daisy Jose. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Extending-Shiro-to-include-IP-checks-tp7578660.html > Sent from the Shiro User mailing list archive at Nabble.com.
