- Mark as New
- Follow
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report
Hi,
The use case I was explaining would be your typical API authentication where credentials (user/password for a specific operator) is supplied by some means, and the user is "logged in" automatically using for instance the "logon(user,password)" method. The script/JSSP would then execute in the context/with the permissions or settings set up for that user.
The issue I'm having is that when executing the logon method the IP of the requestor accessing the JSSP is not taken into account, I assume it's cause "logon" is executed from within the JSSP context, so the accessing IP used in the logon context is 127.0.0.1 instead of the IP of the requestor (as you can get from getRemoteAddress).
IP whitelisting/blocking is an integral part of the AC user security setup so I'm looking for a way to leverage that (ie the existing securityZone settings) when authenticating a user.
To clarify what I want to do we can remove the user/login part for a simpler use case:
I want to check if the IP of something accessing a JSSP is valid with regards to the setup (IP masks) for the 'webservice' securityZone of the instance.
Hope this makes it more clear.
Regards,
Jonas
Views
Replies
Total Likes