Also, Stormpath supports this out of the box
> On Jul 29, 2016, at 9:00 AM, Brian Demers <[email protected]> wrote:
>
> Some of this is tricky because it requires a bit of UI (which you don't get
> out of the box with Shiro)
>
> And for password request, not all realms would support resetting passwords
> (for example some would require navigating to a different service, others the
> connection Shiro knows about is read only)
>
> Restricting logins should be possible, any realm that uses a
> 'UsernamePasswordToken' has access to the servletRequest.remoteHost via the
> 'getHost()' method.
>
>
> Anything that fits in Shiro itself would be welcome, send us a pull request!
>
> I know Sonatype's Nexus <https://github.com/sonatype/nexus-public>[1], and a
> few other projects have password reset support, you could start there.
>
> [1]https://github.com/sonatype/nexus-public
> <https://github.com/sonatype/nexus-public>
>
