How do I block access to a web java application by the user's IP.
The application will be hosted outside of the company environment, but it needs to be accessed by a certain profile from outside.
I have in the user profile the profile of each one and I thought that when trying to log in I could somehow validate whether it is inside the company or not.
How to do it?
You can get the user's IP like this:
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
String ipAddress = request.getHeader("X-FORWARDED-FOR");
And in your user registry / privileges, enter a Acesso Externo option.
When you log in, you compare whether the user's IP is within the company's predefined IP range (if it has a fixed IP), if the condition is false, it checks to see if it has external access.
First of all you have to certify that the registered user with permission to access from outside uses a static ip (otherwise you can use software to help at this point).
One of the alternatives using .htaccess:
ErrorDocument 403 /specific_page.html
Order Allow,Deny
Allow from 111.222.333.444