Announcement Announcement Module
Collapse
No announcement yet.
IP Authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Authentication

    Hi,

    I have a requirement to perform the following authentication process.

    If the requested URL requires no authentication, anonymous, is the remote IP valid?
    If the remote IP is valid then carry on else force the client to authenticate themselves.

    I know that relying on remote IP address is poor security but thats our requirement.

    Can anyone suggest how I can use/extend Spring Security to perform this authentication process?

    Regards

    Ben Short

  • #2
    Hi Jamin,

    it is actually easy. You should develop one more Voter and add it to your decisionVoters property.

    here is the very simple sample. I needed to develop very similar thing.

    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {

    if (authentication.getDetails() != null) {
    String remoteIpAddress = ((WebAuthenticationDetails) authentication.getDetails())
    .getRemoteAddress();

    // attempt to find a matching granted authority
    for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
    // checking if ip address matches one of the authorities IP
    if (grantedAuthority.getAuthority().startsWith(getIpP refix())) {
    if (matches(grantedAuthority.getAuthority(), remoteIpAddress)) {
    return ACCESS_GRANTED;
    }
    result = ACCESS_DENIED;
    }
    }
    }

    return result;
    }

    Comment

    Working...
    X