[SHIRO-485] Restrict HTTP requests to localhost - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Authorization (access control) , Web
Labels:
- patch
Environment:
HTTP

Description

I needed a way to restrict administration operations on a HTTP-based system; it has to be out-of-the-box configuration (the user can then make changes). The solution was to limit access to localhost.

Attached are:

LocalhostFilter for HTTP requests - request must come from localhost (IPV4 or IPv6). Unlike HostFilter, this is specifically localhost.
AuthorizationFilter403 for HTTP requests - if denied, give a 403 response.
DenyFilter - deny, always (for testing).

Tested with Jetty.

Taken from https://svn.apache.org/repos/asf/jena/branches/jena-fuseki-new-ui/src/main/java/org/apache/jena/fuseki/authz/. This location should to (probably) https://svn.apache.org/repos/asf/jena/trunk/jena-fuseki/src/main/java/org/apache/jena/fuseki/authz/ at some point in the future.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

LocalhostFilter.java
09/Feb/14 13:50
2 kB
Andy Seaborne
DenyFilter.java
09/Feb/14 13:50
1 kB
Andy Seaborne
AuthorizationFilter403.java
09/Feb/14 13:50
2 kB
Andy Seaborne

Activity

People

Assignee:: Unassigned

Reporter:: Andy Seaborne

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Feb/14 13:50

Updated:: 23/Jun/16 23:59