Hi Lon!

What about using the container features for this? If you are using Tomcat you 
could add a RemoteAdressValve 
(https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve).

Example:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
   allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>

The allow attribute needs a regular expression with the ip adresses from your 
whitelist. In the example only requests from localhost are accepted.

Regards,
Thomas


-----Urspr√ľngliche Nachricht-----
Von: Lon Varscsak [mailto:lon.varsc...@gmail.com] 
Gesendet: Dienstag, 10. April 2018 22:49
An: users@wicket.apache.org
Betreff: IP Authentication

I have a need to build some apps (or mount points) to check if the source is 
coming from an internal IP and if not, present the user with an "unauthorized" 
request.  I know how to check client IP and what not, but I'm not sure how to 
generate programmatically a simple WebResponse that is just some text with a 
status code.

1) I'm currently using IRequestCycleListener to listen and then hijack the 
response.  Not sure if this is the appropriate place.
2) How do you programmatically generate a response without implementing all the 
methods of WebResponse.  At the point that the IRequestCycleListener the 
response that is in the cycle already has content.  Basically I want to throw 
that away and return "Unauthorized"/401.

Any thoughts or suggestions?

Thanks!

Lon


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to