Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
toggle
Antonio Almeida
Access denied for remote administrator
4 de febrero de 2013 7:56
Respuesta

Antonio Almeida

Ranking: New Member

Mensajes: 2

Fecha de incorporación: 4 de febrero de 2013

Mensajes recientes

I would like to create a hook to restrict the login of liferay portal Administrators by IP address when they try to login from a remote location.
They only should be able to login as an Administrator when they do it from the local network.
Is that possible? If so, what would be the better solution to do it.

Thank you in advance.
David H Nebinger
RE: Access denied for remote administrator
4 de febrero de 2013 8:08
Respuesta

David H Nebinger

Ranking: Liferay Legend

Mensajes: 6823

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

If you need to do it in Liferay, I'd use a servlet filter. You have access to both the requested url (to identify control panel access) as well as the remote ip address (to see where the user is coming from) to block the request.

Preferably, however, you've got some sort of http server sitting in front of Liferay which you would block all CP requests. Then just have your admins hit the app server directly to get CP access.
Hitoshi Ozawa
RE: Access denied for remote administrator
4 de febrero de 2013 16:23
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7990

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

How about writing an authentication pipeline

##
## Authentication Pipeline
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.Authenticator. These classes will run
# before or after the portal authentication begins.
#
# The Authenticator class defines the constant values that should be used
# as return codes from the classes implementing the interface. If
# authentication is successful, return SUCCESS; if the user exists but the
# passwords do not match, return FAILURE; and if the user does not exist on
# the system, return DNE.
#
# Constants in Authenticator:
# public static final int SUCCESS = 1;
# public static final int FAILURE = -1;
# public static final int DNE = 0;
#
# In case you have several classes in the authentication pipeline, all of
# them have to return SUCCESS if you want the user to be able to login. If
# one of the authenticators returns FAILURE or DNE, the login fails.
#
# Under certain circumstances, you might want to keep the information in the
# portal database in sync with an external database or an LDAP server. This
# can easily be achieved by implementing a class via LDAPAuth that updates
# the information stored in the portal user database whenever a user signs
# in.
#
# Each portal instance can be configured at run time to either authenticate
# based on user ids or email addresses. See the Admin portlet for more
# information.
#
# Available authenticators are:
# com.liferay.portal.security.auth.LDAPAuth
#
# See the LDAP properties to configure the behavior of the LDAPAuth class.
#
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
#auth.pipeline.post=

#
# Set this to true to enable password checking by the internal portal
# authentication. If set to false, you're essentially delegating password
# checking is delegated to the authenticators configured in
# "auth.pipeline.pre" and "auth.pipeline.post" settings.
#
auth.pipeline.enable.liferay.check=true
David H Nebinger
RE: Access denied for remote administrator
4 de febrero de 2013 17:25
Respuesta

David H Nebinger

Ranking: Liferay Legend

Mensajes: 6823

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

Hitoshi Ozawa:
How about writing an authentication pipeline


Shoot, that's a great idea. Good catch, Hitoshi!
Antonio Almeida
RE: Access denied for remote administrator
5 de febrero de 2013 0:57
Respuesta

Antonio Almeida

Ranking: New Member

Mensajes: 2

Fecha de incorporación: 4 de febrero de 2013

Mensajes recientes

Actually, that can works Hitoshi.
Thank you for the idea.