[Building Sakai] EntityBroker IP Filtering

Steve Swinsburg steve.swinsburg at gmail.com
Wed Aug 5 07:29:01 PDT 2009 

A Tomcat Valve will restrict access to a particular context/webapp as  
the settings are at the webapp level. For more dime grained you'd need  
proper auth built in.

If you have a look on my blog (Steve on Sakai) for the article about  
setup and securing the web services there is an example of tomcat  
valves on there. I'd give you the link if I was at a computer ;)

~ steve
(sent from my ipod)

On 5 Aug 2009, at 14:32, "Holladay, Bryan Andrew"  
<bahollad at indiana.edu> wrote:

> Is that lock down for the entire application or could it be used for  
> parts of the app?  Just curious..
>
> Bryan
>
>
> On 8/5/09 1:41 AM, "Steve Swinsburg" <steve.swinsburg at gmail.com>  
> wrote:
>
> You can also use a Valve in Tomcat to lock down specific URL spaces to
> IP's as well, in case you aren't using Apache or a LB.
>
> ~ steve
> (sent from my ipod)
>
> On 4 Aug 2009, at 20:19, Aaron Zeckoski <aaronz at vt.edu> wrote:
>
> > Seems reasonable enough to me though I am not really sure how
> > trustworthy that information is (I assume it is safe but I am not
> > sure). I guess if you assume you can trust the incoming data then it
> > should be ok.
> >
> > Some of the more security minded admin folks might have suggestions
> > re: securing server to server communications. You could always lock
> > down a chunk of the URL space if you have apache or a load  
> balancer in
> > front of the system. You can be sure that every URL coming in will  
> be
> > something with a prefix like /direct/yourthing...... so you could  
> set
> > up a rule maybe.
> >
> > -AZ
> >
> >
> > On Tue, Aug 4, 2009 at 7:15 PM, Holladay, Bryan
> > Andrew<bahollad at indiana.edu> wrote:
> >> Sorry, I didn’t notice the bottom half of that message... So the 
>  b
> >> est way
> >> would to save the IP’s in a property and check the request IP ag 
> ai
> >> nst that?
> >>
> >> Bryan
> >>
> >>
> >> On 8/4/09 2:13 PM, "Bryan Holladay" <bahollad at indiana.edu> wrote:
> >>
> >> I’m interested in the IP of the server that is making the reques 
> t.
> >>
> >> Background:
> >>
> >> I wrote some entityproviders to get some information for a Mobile
> >> portal
> >> (not sakai, but some other server) and I only want that known
> >> server to call
> >> these entity classes to make this even more secure.
> >>
> >> Thanks,
> >> Bryan
> >>
> >>
> >> On 8/4/09 2:07 PM, "Aaron Zeckoski" <aaronz at vt.edu> wrote:
> >>
> >> If you are trying to get the IP address of the server you are
> >> currently on you can do this:
> >>             try {
> >>                 InetAddress i4 = Inet4Address.getLocalHost();
> >>                 serverName = i4.getHostAddress();
> >>             } catch (UnknownHostException e) {
> >>                 // could not get address, do something else
> >>             }
> >>
> >> If you want to get the IP address of the request:
> >> String ipAddress = (HttpServletRequest) request.getRemoteAddr();
> >>
> >> You can get the request in your entityprovider using this  
> capability:
> >> http://qa1-nl.sakaiproject.org/codereview/trunk/api/org/sakaiproject/entitybroker/entityprovider/capabilities/RequestAware.java.html
> >>
> >> Hope that helps
> >> -AZ
> >>
> >>
> >> On Tue, Aug 4, 2009 at 7:01 PM, Holladay, Bryan
> >> Andrew<bahollad at indiana.edu> wrote:
> >>> All,
> >>>
> >>> I am trying to do some IP filtering in an EntityProvider that is  
> not
> >>> inside
> >>> the tool layer.  I was looking at the RemoteHostFilter.java class
> >>> but that
> >>> looks like it depends on the web.xml settings in the tool layer.
> >>> Is there
> >>> a
> >>> good way to do IP filtering in the impl layer?
> >>>
> >>> Thanks,
> >>> Bryan
> >>> _______________________________________________
> >>> sakai-dev mailing list
> >>> sakai-dev at collab.sakaiproject.org
> >>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >>>
> >>> TO UNSUBSCRIBE: send email to
> >>> sakai-dev-unsubscribe at collab.sakaiproject.org
> >>> with a subject of "unsubscribe"
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Aaron Zeckoski (azeckoski (at) vt.edu)
> >> Senior Research Engineer - CARET - University of Cambridge
> >> https://twitter.com/azeckoski - http://www.linkedin.com/in/ 
> azeckoski
> >> http://aaronz-sakai.blogspot.com/ - http://tinyurl.com/azprofile
> >>
> >>
> >>
> >
> >
> >
> > --
> > Aaron Zeckoski (azeckoski (at) vt.edu)
> > Senior Research Engineer - CARET - University of Cambridge
> > https://twitter.com/azeckoski - http://www.linkedin.com/in/azeckoski
> > http://aaronz-sakai.blogspot.com/ - http://tinyurl.com/azprofile
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
> >  with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090805/09e4e713/attachment.html

More information about the sakai-dev mailing list