Just a little help, maybe a walkaround:
when i worked with Tomcat i re-wrote the authenticator class (you can modify
org.apache.catalina.authenticator.BasicAuthenticator). You can put in the password
field (if you use DB based authentication) even the ip, like:
password:xxx.xxx.xxx.xxx and then in the authenticator class can test
password+:+ip as it is the password stored in the db...
An example:
String password =
parsePassword(authorization)+@+request.getRequest().getRemoteAddr();
instead of:
String password = parsePassword(authorization);
If you make so the following statement
principal = context.getRealm().authenticate(username, password);
check password and the IP for you!
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3839638#3839638
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3839638
---
This SF.Net email sponsored by Black Hat Briefings Training.
Attend Black Hat Briefings Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
