[Building Sakai] EntityBroker IP Filtering
Steve Swinsburg
steve.swinsburg at gmail.com
Tue Aug 4 22:41:31 PDT 2009
You can also use a Valve in Tomcat to lock down specific URL spaces to
IP's as well, in case you aren't using Apache or a LB.
~ steve
(sent from my ipod)
On 4 Aug 2009, at 20:19, Aaron Zeckoski <aaronz at vt.edu> wrote:
> Seems reasonable enough to me though I am not really sure how
> trustworthy that information is (I assume it is safe but I am not
> sure). I guess if you assume you can trust the incoming data then it
> should be ok.
>
> Some of the more security minded admin folks might have suggestions
> re: securing server to server communications. You could always lock
> down a chunk of the URL space if you have apache or a load balancer in
> front of the system. You can be sure that every URL coming in will be
> something with a prefix like /direct/yourthing...... so you could set
> up a rule maybe.
>
> -AZ
>
>
> On Tue, Aug 4, 2009 at 7:15 PM, Holladay, Bryan
> Andrew<bahollad at indiana.edu> wrote:
>> Sorry, I didn’t notice the bottom half of that message... So the b
>> est way
>> would to save the IP’s in a property and check the request IP agai
>> nst that?
>>
>> Bryan
>>
>>
>> On 8/4/09 2:13 PM, "Bryan Holladay" <bahollad at indiana.edu> wrote:
>>
>> I’m interested in the IP of the server that is making the request.
>>
>> Background:
>>
>> I wrote some entityproviders to get some information for a Mobile
>> portal
>> (not sakai, but some other server) and I only want that known
>> server to call
>> these entity classes to make this even more secure.
>>
>> Thanks,
>> Bryan
>>
>>
>> On 8/4/09 2:07 PM, "Aaron Zeckoski" <aaronz at vt.edu> wrote:
>>
>> If you are trying to get the IP address of the server you are
>> currently on you can do this:
>> try {
>> InetAddress i4 = Inet4Address.getLocalHost();
>> serverName = i4.getHostAddress();
>> } catch (UnknownHostException e) {
>> // could not get address, do something else
>> }
>>
>> If you want to get the IP address of the request:
>> String ipAddress = (HttpServletRequest) request.getRemoteAddr();
>>
>> You can get the request in your entityprovider using this capability:
>> http://qa1-nl.sakaiproject.org/codereview/trunk/api/org/sakaiproject/entitybroker/entityprovider/capabilities/RequestAware.java.html
>>
>> Hope that helps
>> -AZ
>>
>>
>> On Tue, Aug 4, 2009 at 7:01 PM, Holladay, Bryan
>> Andrew<bahollad at indiana.edu> wrote:
>>> All,
>>>
>>> I am trying to do some IP filtering in an EntityProvider that is not
>>> inside
>>> the tool layer. I was looking at the RemoteHostFilter.java class
>>> but that
>>> looks like it depends on the web.xml settings in the tool layer.
>>> Is there
>>> a
>>> good way to do IP filtering in the impl layer?
>>>
>>> Thanks,
>>> Bryan
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org
>>> with a subject of "unsubscribe"
>>>
>>>
>>
>>
>>
>> --
>> Aaron Zeckoski (azeckoski (at) vt.edu)
>> Senior Research Engineer - CARET - University of Cambridge
>> https://twitter.com/azeckoski - http://www.linkedin.com/in/azeckoski
>> http://aaronz-sakai.blogspot.com/ - http://tinyurl.com/azprofile
>>
>>
>>
>
>
>
> --
> Aaron Zeckoski (azeckoski (at) vt.edu)
> Senior Research Engineer - CARET - University of Cambridge
> https://twitter.com/azeckoski - http://www.linkedin.com/in/azeckoski
> http://aaronz-sakai.blogspot.com/ - http://tinyurl.com/azprofile
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
More information about the sakai-dev
mailing list