apache - Whitelist user IPs in Shiro -


i enable facebook crawl website, needs user authentication. facebook says 1 way around whitelist ips. using apache shiro , know can client's ip calling gethost basichttpauthenticationfilter, not know how let ip addresses past authentication.

you have build custom implementation of shrio's

org.apache.shiro.web.filter.authc.authenticatingfilter 

minimally, have customize basichttpauthenticationfilter extending , adding logic skip basichttpauthenticationfilter if request coming whitelisted ip address.

package com.acme.web.filter.authc;  import java.io.ioexception; import java.util.collections; import java.util.hashset; import java.util.set;  import javax.servlet.servletexception; import javax.servlet.servletrequest; import javax.servlet.servletresponse;  public class whitelistedbasichttpauthenticationfilter extends basichttpauthenticationfilter {      private set<string> whitelist = collections.emptyset();      public void setwhitelist(string list) {         whitelist = new hashset<string>();         collections.addall(whitelist, list.split(",")); //make sure there no spaces in string!!!!     }     @override     protected boolean isenabled (servletrequest request, servletresponse response) throws servletexception, ioexception     {         if (whitelist.contains(request.getremoteaddr())) {             return false;         }         return super.isenabled(request, response);     } } 

in 'shiro.ini'

authc=com.acme.web.filter.authc.whitelistedbasichttpauthenticationfilter authc.whitelist=192.168.1.1,192.168.1.2,192.168.2.3 

Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -