shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Seaborne (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SHIRO-485) Restrict HTTP requests to localhost
Date Sun, 09 Feb 2014 13:52:28 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andy Seaborne updated SHIRO-485:
--------------------------------

    Component/s: Web
                 Authorization (access control) 

> Restrict HTTP requests to localhost
> -----------------------------------
>
>                 Key: SHIRO-485
>                 URL: https://issues.apache.org/jira/browse/SHIRO-485
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authorization (access control) , Web
>         Environment: HTTP
>            Reporter: Andy Seaborne
>            Priority: Minor
>         Attachments: AuthorizationFilter403.java, DenyFilter.java, LocalhostFilter.java
>
>
> I needed a way to restrict administration operations on a HTTP-based system; it has to
be out-of-the-box configuration (the user can then make changes).  The solution was to limit
access to localhost.
> Attached are:
> * LocalhostFilter for HTTP requests - request must come from localhost (IPV4 or IPv6).
 Unlike HostFilter, this is specifically localhost.
> * AuthorizationFilter403 for HTTP requests - if denied, give a 403 response.
> * DenyFilter - deny, always (for testing).
> Tested with Jetty.
> Taken from https://svn.apache.org/repos/asf/jena/branches/jena-fuseki-new-ui/src/main/java/org/apache/jena/fuseki/authz/.
 This location should to (probably) https://svn.apache.org/repos/asf/jena/trunk/jena-fuseki/src/main/java/org/apache/jena/fuseki/authz/
at some point in the future.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message