1

I am working on a java project where we have a server and a client application. The server accepts a connection and sends requested data to a client through socket programming.

Everything works fine but when uploaded and working on server I get connections from unknown ip's. And this application will be used from many countries so there wont be specific ip's to whitelist.

Is there a way to ban / reject these ip's so that only connections from my application should be accepted by the server using sockets. Is it possible to send custom data when requesting connections to the server so that it will tell the server to accept only these connections.

CSharpened
  • 11,674
  • 14
  • 52
  • 86
Dinesh Ravichandran
  • 312
  • 1
  • 5
  • 16

3 Answers3

2

The selective acceptance you describe falls within the scope of authentication and authorization. You will want connecting clients to:

  1. Identify themselves to you, so you can determine wether they are allowed access to the server. This can be accomplished by many means, ie IP or MAC address whitelisting, client side certificates, basic/digest authentication, or some other custom a uthentication scheme.
  2. Once allowed access, you can further scope down what the connecting client can do in the system via authorization rules.

I recommend taking a look at libraries like Apache Shiro, that will do some of the heavy lifting for you.

Community
  • 1
  • 1
Perception
  • 79,279
  • 19
  • 185
  • 195
1

After accepting the inbound connection you can use Socket.getInetAddress() on the returned Socket to retrieve and subsequently validate the IP.

If the IP is not allowed, then use Socket.close() to close the unwanted connection.

Edit:
Validation can of course be based on things beyond just IP. Once the connection is open you can use its streams to transfer arbitrary data to identify the client for instance closing the connection following an authentication failure.

Doing this you should, however, consider the possibility of someone being able to intercept your communications. In other words using a secure connection would make sense.

I'm not aware of a way in which you can authenticate clients in Java prior to opening (accepting) the connection.

Kallja
  • 5,362
  • 3
  • 23
  • 33
  • well jarkko our client have their own clients all around the world... as i already mentioned "this application will be used from many countries so there wont be like specific ip's to whitelist".. – Dinesh Ravichandran Jun 20 '12 at 11:55
  • @Spicyjazz I was oversimplifying. I have updated the answer with an extended explanation. – Kallja Jun 20 '12 at 12:15
  • yeah till now im authenticating my app after opening of connection.. Im trying to figure out how to authenticate on the time of request made so that to avoid unwanted connections.. – Dinesh Ravichandran Jun 21 '12 at 13:25
  • is it possible to set custom text instead of page url in jwebbrowser location bar... and is it possible to replace the location bar for jwebbrowser to list box to store the previous entered url's – Dinesh Ravichandran Jul 15 '12 at 01:12
0

If your server and client should be validated, you should think about using certificates also.

Here are some more information :

Community
  • 1
  • 1
jlengrand
  • 12,152
  • 14
  • 57
  • 87