hi, i am implementing IP address range locking for my application as i
have a number of offices that need to access the application and
everyone else needs to be kept out.
i am using WicketAuthRoles and have placed the code into my login
page... before attempting authentication i match the client's IP
against a number of defined ranges that i deem safe so can throw
incorrect connections out with an error("message here") and it will
redisplay the login page with the message in the FeedbackPanel.
i am thinking however that this is not really correct... really the IP
range locking should be more of a system thing rather than a component
thing. i want my users to be able to stay logged in so have a cookie
holding auth info but this means they will bypass the login screen if
they take their laptops to a different network which is not good.
it sounds like i need to put the code into the Session or something
but that would mean i could never throw a message back to the user to
say what the problem is as the "error" page would have to come from
me. i guess i could have a single JSP page holding the error message
and throw the user out of the Wicket application into this page but
i'd prefer to keep everything inside my Wicket application if at all
possible...
does anyone have any ideas on how best to handle this?
John
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]