Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Antonio Almeida
Access denied for remote administrator
February 4, 2013 7:56 AM
Answer

Antonio Almeida

Rank: New Member

Posts: 2

Join Date: February 4, 2013

Recent Posts

I would like to create a hook to restrict the login of liferay portal Administrators by IP address when they try to login from a remote location.
They only should be able to login as an Administrator when they do it from the local network.
Is that possible? If so, what would be the better solution to do it.

Thank you in advance.
David H Nebinger
RE: Access denied for remote administrator
February 4, 2013 8:08 AM
Answer

David H Nebinger

Community Moderator

Rank: Liferay Legend

Posts: 11295

Join Date: September 1, 2006

Recent Posts

If you need to do it in Liferay, I'd use a servlet filter. You have access to both the requested url (to identify control panel access) as well as the remote ip address (to see where the user is coming from) to block the request.

Preferably, however, you've got some sort of http server sitting in front of Liferay which you would block all CP requests. Then just have your admins hit the app server directly to get CP access.
Hitoshi Ozawa
RE: Access denied for remote administrator
February 4, 2013 4:23 PM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7949

Join Date: March 23, 2010

Recent Posts

How about writing an authentication pipeline

##
## Authentication Pipeline
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.Authenticator. These classes will run
# before or after the portal authentication begins.
#
# The Authenticator class defines the constant values that should be used
# as return codes from the classes implementing the interface. If
# authentication is successful, return SUCCESS; if the user exists but the
# passwords do not match, return FAILURE; and if the user does not exist on
# the system, return DNE.
#
# Constants in Authenticator:
# public static final int SUCCESS = 1;
# public static final int FAILURE = -1;
# public static final int DNE = 0;
#
# In case you have several classes in the authentication pipeline, all of
# them have to return SUCCESS if you want the user to be able to login. If
# one of the authenticators returns FAILURE or DNE, the login fails.
#
# Under certain circumstances, you might want to keep the information in the
# portal database in sync with an external database or an LDAP server. This
# can easily be achieved by implementing a class via LDAPAuth that updates
# the information stored in the portal user database whenever a user signs
# in.
#
# Each portal instance can be configured at run time to either authenticate
# based on user ids or email addresses. See the Admin portlet for more
# information.
#
# Available authenticators are:
# com.liferay.portal.security.auth.LDAPAuth
#
# See the LDAP properties to configure the behavior of the LDAPAuth class.
#
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
#auth.pipeline.post=

#
# Set this to true to enable password checking by the internal portal
# authentication. If set to false, you're essentially delegating password
# checking is delegated to the authenticators configured in
# "auth.pipeline.pre" and "auth.pipeline.post" settings.
#
auth.pipeline.enable.liferay.check=true
David H Nebinger
RE: Access denied for remote administrator
February 4, 2013 5:25 PM
Answer

David H Nebinger

Community Moderator

Rank: Liferay Legend

Posts: 11295

Join Date: September 1, 2006

Recent Posts

Hitoshi Ozawa:
How about writing an authentication pipeline


Shoot, that's a great idea. Good catch, Hitoshi!
Antonio Almeida
RE: Access denied for remote administrator
February 5, 2013 12:57 AM
Answer

Antonio Almeida

Rank: New Member

Posts: 2

Join Date: February 4, 2013

Recent Posts

Actually, that can works Hitoshi.
Thank you for the idea.