Announcement Announcement Module
Collapse
No announcement yet.
First IP address, then username/password authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • First IP address, then username/password authentication

    Hello,

    I am new to Acegi Security System for Spring and did just some simple experiments.

    We are developing a product that should provide a two step authentication/authorisation. Some operations should be available to (anonymous) users from within a specified IP address range while others will require logging in by proving username and password.

    The second step - authentication and authorisation based on username / password credentials are described in the documentation of Acegi but I am not sure if or how I archive the first step - authorisation/authentication based on IP addresses.

    I would like to know if my scenario can be implemented using Acegi and if yes where I should start reading and where the extension points are.


    SCENARIO

    When a new session is detected it should be authenticated and authorised based on the remote IP address (no login stuff presented to the user).

    Session gets authorities that belong to the IP address.

    When an operation is accessed that require further authorities then the user should have the chance to login (if he isn't already logged in) providing additional credentials like username and login.

    Session gets additional authorities that belong to the user logged in.


    QUESTIONS

    Do you thing this two phase authentication/authorisation can be archived using Acegi? Where are possible problems?

    Is there any example of providing authorities based on the IP address?
    Do I have to develop a special AuthenticationProvider? Are there any shortcuts?

    Any ideas? Any remarks?

    Thanks,

    Felix

  • #2
    I've just added a protected boolean applyAnonymousForThisRequest(ServletRequest) to AnonymousProcessingFilter to assist you with this. Simply subclass AnonymousProcessingFilter and incorporate your IP subnet logic into that method.

    Comment


    • #3
      Originally posted by Ben Alex
      I've just added a protected boolean applyAnonymousForThisRequest(ServletRequest) to AnonymousProcessingFilter to assist you with this. Simply subclass AnonymousProcessingFilter and incorporate your IP subnet logic into that method.
      Thanks! I will check it out and try if I get it running as you have proposed.

      Felix

      Comment

      Working...
      X