Return-Path: 
 <dev-return-6048-apmail-shiro-dev-archive=shiro.apache.org@shiro.apache.org>
X-Original-To: apmail-shiro-dev-archive@www.apache.org
Delivered-To: apmail-shiro-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1AFD610BF8
	for <apmail-shiro-dev-archive@www.apache.org>;
 Sun,  9 Feb 2014 13:52:29 +0000 (UTC)
Received: (qmail 34308 invoked by uid 500); 9 Feb 2014 13:52:28 -0000
Delivered-To: apmail-shiro-dev-archive@shiro.apache.org
Received: (qmail 34212 invoked by uid 500); 9 Feb 2014 13:52:27 -0000
Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@shiro.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@shiro.apache.org>
List-Post: <mailto:dev@shiro.apache.org>
List-Id: <dev.shiro.apache.org>
Reply-To: dev@shiro.apache.org
Delivered-To: mailing list dev@shiro.apache.org
Received: (qmail 34198 invoked by uid 99); 9 Feb 2014 13:52:22 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Feb 2014 13:52:22 +0000
Date: Sun, 9 Feb 2014 13:52:21 +0000 (UTC)
From: "Andy Seaborne (JIRA)" <jira@apache.org>
To: dev@shiro.apache.org
Message-ID: <JIRA.12694154.1391953810323.13457.1391953941920@arcas>
In-Reply-To: <JIRA.12694154.1391953810323@arcas>
References: <JIRA.12694154.1391953810323@arcas>
Subject: [jira] [Updated] (SHIRO-485) Restrict HTTP requests to localhost
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/SHIRO-485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy Seaborne updated SHIRO-485:
--------------------------------

    Attachment: LocalhostFilter.java
                DenyFilter.java
                AuthorizationFilter403.java

> Restrict HTTP requests to localhost
> -----------------------------------
>
>                 Key: SHIRO-485
>                 URL: https://issues.apache.org/jira/browse/SHIRO-485
>             Project: Shiro
>          Issue Type: New Feature
>         Environment: HTTP
>            Reporter: Andy Seaborne
>            Priority: Minor
>         Attachments: AuthorizationFilter403.java, DenyFilter.java, LocalhostFilter.java
>
>
> I needed a way to restrict administration operations on a HTTP-based system; it has to be out-of-the-box configuration (the user can then make changes).  The solution was to limit access to localhost.
> Attached are:
> # {{LocalhostFilter}} for HTTP requests - request must come from localhost (IPV4 or IPv6).  Unlike {{HostFilter}}, this is specifically localhost.
> # {{AuthorizationFilter403}} for HTTP requests - if denied, give a 403 response.
> # {{DenyFilter}} - deny, always (for testing).
> Tested with Jetty.
> Taken from https://svn.apache.org/repos/asf/jena/branches/jena-fuseki-new-ui/src/main/java/org/apache/jena/fuseki/authz/.  This location should to (probably) https://svn.apache.org/repos/asf/jena/trunk/jena-fuseki/src/main/java/org/apache/jena/fuseki/authz/ at some point in the future.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)