Acegi/Spring is too complicated for my needs :( The IP is need to validate cookie on federated ID server. If user change those IP then validation fail and he represented as guest.
On Thu, Aug 20, 2009 at 17:48, Sebastian Hennebrueder<use...@laliluna.de> wrote: > Andrey Larionov schrieb: >> >> I try to implement federated authorization. I decide to create >> RequestFilter which gets cookie value and validate it using federated >> server. If validation successful it recives an username and populates >> SSO object describes user identity and places in ApplicationState. If >> validation failed as SSO stores GuestIdentity. >> >> Is it good solution from tapestry architecture point of view? If it >> is, there is a problem: how to obtain user IP address? In >> RequsetFilter.service method passes Request object which dosn't >> provide user ip information. How to obtain it? Should i use >> HttpServletRequestFilter instead? If so, could i operate >> ApplicationState in them? >> >> Thanks >> Andrey Larionov >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > Hello, > I can't answer the question on best practise but the wiki has examples to > create authorization with Acegi/Spring Security. You might use this as > inspiration. > > You talk about IP. There is no guaranty that the same user has the same IP > in repeated requests. If the user sits behind a proxy cluster, the IP might > change. > > For enterprise security, you might have a look at OWASP ESAPI security as > well. > > > -- > Best Regards / Viele Grüße > > Sebastian Hennebrueder > ----- > Software Developer and Trainer for Hibernate / Java Persistence > http://www.laliluna.de > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
