you should do this on httpd server level or even firewall level.
In our app we restrict access to specific private pages to just our
corporate IP using mod_jk with <locationMatch ...> rules.
Martijn
On Fri, Oct 17, 2008 at 1:25 PM, John <[EMAIL PROTECTED]> wrote:
> hi, i am implementing IP address range locking for my application as i
> have a number of offices that need to access the application and
> everyone else needs to be kept out.
>
> i am using WicketAuthRoles and have placed the code into my login
> page... before attempting authentication i match the client's IP
> against a number of defined ranges that i deem safe so can throw
> incorrect connections out with an error("message here") and it will
> redisplay the login page with the message in the FeedbackPanel.
>
> i am thinking however that this is not really correct... really the IP
> range locking should be more of a system thing rather than a component
> thing. i want my users to be able to stay logged in so have a cookie
> holding auth info but this means they will bypass the login screen if
> they take their laptops to a different network which is not good.
>
> it sounds like i need to put the code into the Session or something
> but that would mean i could never throw a message back to the user to
> say what the problem is as the "error" page would have to come from
> me. i guess i could have a single JSP page holding the error message
> and throw the user out of the Wicket application into this page but
> i'd prefer to keep everything inside my Wicket application if at all
> possible...
>
> does anyone have any ideas on how best to handle this?
>
> John
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.3.4 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]