ACCESS_CONTROL
The ACCESS_CONTROL
element specifies access from a list of IP allowed to
access applications or services.
Syntax
<ACCESS_CONTROL>
[<ALLOW_FROM>...</ALLOW_FROM>][...]
</ACCESS_CONTROL>
Child elements
-
Zero or more
ALLOW_FROM
elements.
Usage
You use this element to specify what users have access to applications or services. By default,
an application or a service is not accessible by anyone. It needs to be explicitly configured with
ALLOW_FROM
elements.<ACCESS_CONTROL>
<ALLOW_FROM>127.0.0.1</ALLOW_FROM>
<ALLOW_FROM>10.</ALLOW_FROM>
<ALLOW_FROM>192.168.</ALLOW_FROM>
<ALLOW_FROM>fdbd:2768:c176:1::323a</ALLOW_FROM>
</ACCESS_CONTROL>
In this example, an application or a service is reachable from the localhost (127.0.0.1), and all
IP addresses that begin with "192.168." or "10.", or the IPv6 address "fdbd:2768:c176:1::323a" .
Important: Depending on the network configuration, it is not always possible to get the actual
client IP address. If there is a proxy server between the client and the server, for example, the
client IP address seen by the GAS may be the address from the proxy server.
Example configuring access control for demo applications
Access to the default deployment of the demo application is defined by the resource
res.access.control, which is set to the value NOBODY
to prevent
unauthorized execution.
To allow access from the localhost, in the JGAS configuration file you need to change the application element for demo from:
<!--Sample application for GWC-->
<APPLICATION Id="demo" Parent="defaultwa">
<EXECUTION>
<ENVIRONMENT_VARIABLE Id="FGLPROFILE" Concat="APPEND">$(res.path.fgldir.demo.services)/fglprofile</ENVIRONMENT_VARIABLE>
<!--ENVIRONMENT_VARIABLE Id="FGLWSDEBUG">3</ENVIRONMENT_VARIABLE-->
<PATH>$(res.path.fgldir.demo)</PATH>
<MODULE>demo.42m</MODULE>
<ACCESS_CONTROL>
<ALLOW_FROM>$(res.access.control)</ALLOW_FROM>
</ACCESS_CONTROL>
</EXECUTION>
</APPLICATION>
To:
<!--Sample application for GWC-->
<APPLICATION Id="demo" Parent="defaultwa">
<EXECUTION>
<ENVIRONMENT_VARIABLE Id="FGLPROFILE" Concat="APPEND">$(res.path.fgldir.demo.services)/fglprofile</ENVIRONMENT_VARIABLE>
<!--ENVIRONMENT_VARIABLE Id="FGLWSDEBUG">3</ENVIRONMENT_VARIABLE-->
<PATH>$(res.path.fgldir.demo)</PATH>
<MODULE>demo.42m</MODULE>
<ACCESS_CONTROL>
<ALLOW_FROM>127.0.0.1</ALLOW_FROM>
</ACCESS_CONTROL>
</EXECUTION>
</APPLICATION>
Parent elements
This element is a child of one of the following elements: