Remote Address Authorizer
Remote address authentication.
AUTHTYPE=org.signserver.server.RemoteAddressAuthorizer
Available Property
Property | Description |
|---|
ALLOW_FROM | Comma separated list of IP addresses to allow requests from. By default, all other addresses are denied access. If a worker is invoked directly using an EJB call and no REMOTE_IP is specified in the RequestContext, the IP-address is set to the String null. In that case, to allow requests using EJB calls, null can be added to the list of allowed addresses.
When adding null to ALLOW_FROM, access is allowed to locally running clients like the ClientCLI and AdminGUI and allowed from workers that invoke the other worker directly using an EJB call. For instance, this is the case for the XMLValidator which delegates the validation of the certificate to a CertValidator. If the CertValidator had a RemoteAddressAuthorizer allowing access from null, then the XMLValidator would be able to use it. To restrict users from using the CertValidator (indirectly through the XMLValidator), an Authorizer could be configured for the XMLValidator. |
Logging
This authorizer will add the remote IP address to the log field AUTHORIZED_ADDRESS.
.png){kind=logo}