You should be able to this with an Ftplet that captures the beforeCommand (USER command) event, and make sure the session is secured. If the session was not secured already, send a 5xx/4xx reply from the Ftplet, and optionally close the session. FtpSession.isSecure() is the method you need to use for determining this.
Hope this helps. Sai. On Tue, Sep 14, 2010 at 10:09 AM, John Hartnup <[email protected]> wrote: > Hi, > > Reading the config docs, and briefly examining the source, it seems as if > explicit SSL is supported (AUTH TLS) but that there's no way to disallow > login if the session hasn't been secured. > > 1. Have I got that wrong? > 2. Does anyone have any opinion on the best place to add that feature? My > (naive?) instinct is to add a test in org.apache.ftpserver.command.imp.USER > or possibly PASS. > > Thanks, > John > > -- > "There is no way to peace; peace is the way" >
