0

In Share is there a way to get user ip adress after authentication in alfresco ?

If yes how ?

Based on this ip adress i want to allow or forbid acces to repository.

I'am using alfresco 5.0.d

Thank you in advance.

EDIT 1 :

The user can connect to alfresco but can only enter to the repository when certain conditions are verified. Simply, on my alfresco there are 2 roles (ROLE1 and ROLE2). Users with the ROLE1 can enter to Afresco anywhere. But a user with the ROLE2 can access to alfresco only when he is on a particular network (network identified by a ip address).

To verify the role of the user i need him to be connected. I hope I am clear enough !

Alex Bravo
  • 1,601
  • 2
  • 24
  • 40
soung
  • 1,411
  • 16
  • 33
  • Where are you trying to check? In Share? Or in the repository (alfresco) tier? – Gagravarr Nov 19 '15 at 19:04
  • I'm trying to check in Share – soung Nov 19 '15 at 19:27
  • 1
    Grab it off the [ServletRequest](http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getRemoteAddr%28%29)? – Gagravarr Nov 19 '15 at 20:25
  • Gagravarr can you give me more explanation please ? I was thinking doing java backend webscript wich return me the ip adress. And on alfresco page reload, i'll call this webscript and i will control if this ip adress is allowed (in dom javascript code). if ip is not allowed i will redirect user on login page. Is this good approch ? if no what should be the best approch ? thank you. – soung Nov 19 '15 at 20:34

1 Answers1

1

If I understand this correctly, you want to disable access for specific IP's on your Alfresco instance. If so. there is no need to check the request, nor make useless Java back end webscripts. Just set up either: 1. Apache or Nginx in front of your alfresco. or 2. Configure tomcat with proper <valve> tag configuration. Here you'll find a quick guide I wrote years ago, but it should still give you an idea or what to do or where to look: http://alch3mi5t.blogspot.com/2012/04/tomcat-valve-configuration.html Also, here you'll find more examples and tutorials: Tomcat Restrict access by IP address

<Engine name="Catalina" defaultHost="localhost">
   ...
   ...
   ...
   <Valve className="org.apache.catalina.valves.RemoteAddrValve"
       allow="10\.132\.77\.55|10\.132\.76\.120|10\.132\.77\.47"/>
   ...
</Engine>

EDIT: a quick question: why would you leave the Login accessible if users can't log in (disabling access after authentication?). This way you just expose a non-authenticated page and you're good :)

Community
  • 1
  • 1
Teqnology
  • 1,282
  • 8
  • 20
  • hi alh3mi5t. To answer to your question, login must be accessible to all users. The restriction only concerns users with a particular role. Hence the need for the verification after authentication. This means that users with this particular role will not be able to connect to the application as if their IP address matches a particular address. So i can't use apache or tomcat config to banish adress ip. – soung Nov 22 '15 at 09:10
  • So, sorry again. You're saying you have specific users that have authentication details to Alfresco but shouldn't be able to log in? Which if that's true, doesn't make much sense to me. You could put them in a group, and remove inherited permissions from that group on the company home folder. Also: you're saying those users have static IPs that you would like to disable after the login? So again, why not gather all their IPs and put it in the solution provided above? Or am I missing some other requirements? – Teqnology Nov 24 '15 at 00:07
  • Hi Alch3mi5t i have edit my question I hope I am clear enough sorry for my English. – soung Nov 24 '15 at 13:09