stackoom
  简体   繁体   中英

How to save ip address to a DB from authenticated user with Spring security?

 原文  2013-03-01 17:18:18       java/ spring/ authentication/ spring-security/ ip

Question

I need to keep track of the ip address when users log in my spring application.

security.xml: 

<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userService">
    <password-encoder ref="passwordEncoder">
        <salt-source user-property='username' />
    </password-encoder>
</authentication-provider>

with bean: 

<beans:bean id="passwordEncoder"
    class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
    <beans:constructor-arg value="512" />
</beans:bean>

I've a custom userService with a method loadUserByUsername() returning a custom UserDetails. This method get the UserDetails from a database, via a DAO. The UserDetails contains stuffs related to the user such as his username, password, authorities, email address, but also application-specific variables. I need to access these variables in my JSP pages.

I want to save into a database (via a call to a method in a custom service, which call a DAO method) the ip address, timestamp and user id when a user is authenticated successfully in my application.

I'm not sure what to do: should I implement a custom authentication provider? extends DaoAuthenticationProvider? or AbstractUserDetailsAuthenticationProvider? or something else?

More general questions:

A. Where can I add a method to call once a user provides the right credentials?

B. How can I retrieve the ip address of the user? (knowing that tomcat runs behind apache in a reverse-proxy).

I tried to look at related questions/answers, but it just made me more confused. If someone could provide a very simple step-by-step implementation, it would be awesome. thanks!

1 answers

solution1
 8 ACCPTED  2013-03-01 17:35:56

You can provide a custom authentication success handler that will be responsible for saving an IP of current user in DB. See authentication-success-handler-ref attribute of form-login tag. It will be good idea to extend one of existing implementations (for example SavedRequestAwareAuthenticationSuccessHandler) and add your functionality.

You can get IP after authentication from everywhere just by doing: 

WebAuthenticationDetails details = (WebAuthenticationDetails)SecurityContextHolder.getContext().getAuthentication().getDetails();
String ip = details.getRemoteAddress();

Try it. If it gives you wrong IP address due to reverse proxy then consider adding client IP as request header.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can authenticate user by only ip address in spring security? Spring Security 3 check if user is authenticated Spring Security + Thymeleaf - hide specific data from user if not authenticated Get current authenticated user from security context as key for Spring Cache How to receive the authenticated user from SpringSecurity in other service implementation , instead of an anonymousUser.(Spring Security+JWT) How to manually set an authenticated user in Spring Security / SpringMVC Spring security: How to access authenticated user in asynchronous Jobs Spring Security: How To add extra role to authenticated user Spring security several logins from the same ip address spring security pre authenticated user login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM