开发者

Securing Spring web app by checking client's IP v4 address

问答 作者:

In a Spring 3 based web app I am using a custom implementation of AbstractUserDetailsAuthenticationProvider to not only to check the username/password pair but also the IP address of the client. However, when I call within retrieveUser():

@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    开发者_运维问答...
    String ipAddr = ((WebAuthenticationDetails)authentication.getDetails()).getRemoteAddress();
    ...
    User user = ...
    return user;
}

it returns 0:0:0:0:0:0:0:1%0. That will be the IP v6 address for localhost. How can I check now against a white list of IP v4 addresses if that method returns me a IP v6 address? Can I provide compatibility with IP v4 and v6 for the whitelist? Thank you for your insights!

If it is your local Tomcat, then try to invoke it not by http://localhost:8080/..., try to invoke it by http://127.0.0.1:8080/..

Late to the party but still relevant. Adding the following parameter to your startup script/run configuration will provide you with ipV4 addresses and not ipV6.

-Djava.net.preferIPv4Stack=true

继续阅读:authenticationipv4ipv6securityspring

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9