Hi Lon! What about using the container features for this? If you are using Tomcat you could add a RemoteAdressValve (https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve).
Example: <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/> The allow attribute needs a regular expression with the ip adresses from your whitelist. In the example only requests from localhost are accepted. Regards, Thomas -----Ursprüngliche Nachricht----- Von: Lon Varscsak [mailto:[email protected]] Gesendet: Dienstag, 10. April 2018 22:49 An: [email protected] Betreff: IP Authentication I have a need to build some apps (or mount points) to check if the source is coming from an internal IP and if not, present the user with an "unauthorized" request. I know how to check client IP and what not, but I'm not sure how to generate programmatically a simple WebResponse that is just some text with a status code. 1) I'm currently using IRequestCycleListener to listen and then hijack the response. Not sure if this is the appropriate place. 2) How do you programmatically generate a response without implementing all the methods of WebResponse. At the point that the IRequestCycleListener the response that is in the cycle already has content. Basically I want to throw that away and return "Unauthorized"/401. Any thoughts or suggestions? Thanks! Lon --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
