我使用Spring Security 3.我有以下方法:
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, authResult);
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authResult;
WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
String address = details.getRemoteAddress();
System.out.println("Successful Login from remote address: "+ address);
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
super.unsuccessfulAuthentication(request, response, failed);
System.out.println("==failed login==");
}
}
我是否有用于取消装箱地址变量的脏代码?我可以不久或正确地写出来吗?
答案 0 :(得分:1)
你到底想要什么?该“地址”将是报告请求您的服务的人/地址的报告地址,尽管它可以被欺骗,并且代理将自己报告为“远程地址”,可选地包括包括原始“远程地址”的HTTP报头。按照惯例,标题名为“X-FORWARDED-FOR”。这完全取决于代理和配置它的人。
答案 1 :(得分:1)
这可能会更好:
String address = request.getRemoteAddr();