Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C15A310CDA for ; Mon, 28 Oct 2013 08:48:24 +0000 (UTC) Received: (qmail 47943 invoked by uid 500); 28 Oct 2013 08:48:21 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 47381 invoked by uid 500); 28 Oct 2013 08:48:18 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 47360 invoked by uid 99); 28 Oct 2013 08:48:15 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Oct 2013 08:48:15 +0000 Received: from localhost (HELO [192.168.23.9]) (127.0.0.1) (smtp-auth username markt, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Oct 2013 08:48:14 +0000 Message-ID: <526E24CB.8030504@apache.org> Date: Mon, 28 Oct 2013 08:48:11 +0000 From: Mark Thomas User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Question about websockets origin and remote addresses References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 27/10/2013 20:53, Marcelo v wrote: > Hello My name is Marcelo, i have a little web site and i am using apache > tomcat 8.0.0-RC5 and making use of JSR-356 websocket api ... (i followed > the ChatAnnotation example) ... > I almost finished the development when i found 2 problems ... > > 1) Is it possible to get the remote ip of the client on @OnOpen method ??? > i was not able to find this answer No. Generally this type of information is available at the handshake which occurs before OnOpen but client IP is not one of the pieces of information exposed. > 2) Is it possible to know the origin of connections ??? i mean the domain > of the page the connection was made .... ServerEndpointConfig.Configurator.checkOrigin(String) You'll need a custom Configurator. > The first question is because i have a list of banned addresses already ... You might be better blocking these earlier e.g. with iptables or similar. > The second is because i need a minimal check on that, because it is not > allowed the connections to be made from anywhere ... Keep in mid that a malicious client can forge the origin header. > It is the first question i make here ... probably there is not enough > information .. please let me know ... No problems. All the relevant information was in the question. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org