Just a little help, maybe a walkaround: when i worked with Tomcat i re-wrote the authenticator class (you can modify org.apache.catalina.authenticator.BasicAuthenticator). You can put in the password field (if you use DB based authentication) even the ip, like: "password:xxx.xxx.xxx.xxx" and then in the authenticator class can test password+":"+ip as it is the password stored in the db... An example: String password = parsePassword(authorization)+"@"+request.getRequest().getRemoteAddr(); instead of: String password = parsePassword(authorization); If you make so the following statement principal = context.getRealm().authenticate(username, password); check password and the IP for you!
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3839638#3839638 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3839638 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user