How to block an IP with Seam and JBoss AS?

for security reasons, we want to block users by IP adress in our application, if they are trying to login as admin and they type in the a wrong password 3 times.

It is very easy to get the IP Adress of the user trying to login. I use this code snippet to get the IP:

ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)context.getRequest开发者_如何学JAVA();
String ip = request.getRemoteAddr();

We are using JBoss 5.1.0 GA and Seam 2.2.1.CR2. As far as I know, there is no way to block IP addresses in Seam. But is it possible to call JBoss functions to block a specific IP?

Please let me know if Seam has some support for this :)

This should be very easy to do.

Assuming you have an application scoped Set with all the ip's you want to block you can use this filter:

@Startup
@Scope(ScopeType.APPLICATION)
@Name("ipFilter")
@BypassInterceptors
@Filter(around ="org.jboss.seam.web.ajax4jsfFilter")
public class IpFilter extends AbstractFilter {

  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
          throws IOException, ServletException {

      if (!(req instanceof HttpServletRequest)) {
          chain.doFilter(req, res);
          return;
      }

      HttpServletRequest request = (HttpServletRequest) req;

      Set<String> ips = (Set<String>)Component.getInstance("blockedIps");
      if(ips.contains(request.getRemoteAddr())) {
        throw new ServletException("Permission denied");
      }

      chain.doFilter(req, res);

    }
}

If you have an Apache server in front of your Jboss Server then calling request.getRemoteAddr(); will just give you the IP of the Apache server.

Instead use the X-Forwarded-For header

As Plinio says, you can use a filter. If you don't want to do that then you could also use a page action.

I dont know nothing for that. But you could create a simple Filter (javax.servlet.Filter) and block requests from a set of IPs. It's really simple.