-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Markus,
On 8/8/17 8:21 AM, i...@flyingfischer.ch wrote: > > Am 08.08.2017 um 14:05 schrieb Christopher Schultz: >> All, >> >> In spite of my (somewhat) recent work on the CredentialHandlers, >> I haven't been using Tomcat's container-provider authentication >> and authorization for over a decade. This is because I need >> access to the user's source IP address for auditing where users >> "are" when they login to my applications. >> >> Is there any opportunity to obtain the user's IP address during >> login? IIRC, the JASPIC scheme does allow this kind of >> information, but I'm not sure if Tomcat actually supplies it. >> JASPIC is a rather complicated solution when I am in fact >> authenticating against a simple relational database. >> >> What might be other ways to obtain the user's IP address during >> authentication? >> >> Thanks, -chris >> >> PS I don't use Spring, to "just use Spring security like >> everyone else" isn't a great solution for me. > > If you run Tomcat only you may use request.getRemoteAddr() in the > logic and build IP based access management around this. Have you noticed that Tomcat only passes two String values to the authenticators? The IP address is not available. > If you run Apache in front of Tomcat you may need to fiddle with > X-Forwarded-For header. I have no problem with Tomcat having access to the IP address. I just want Tomcat to make that IP address available to the authenticator component in some way. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmJskcACgkQHPApP6U8 pFivdA//XSyx5+ZszII0hxLjaeJi5+PHTOnbrzdcKLD+Q/6aDeFDbiECQItqAPZY w30aEWsqEdXiXEiCoHqD7NrsxkL6cM01uPpLSHsISDnPxX69ogWGCZNmxduLUxr2 V3kTLn+s2fry2ZECZWW28KW3aKvs9EQ8bPrxQoPZFHWlXSloIy+ao4UlpxBuCQh2 CO1akIYcxiOXCb8Bq4zIk70/E6zTDnWrsXcu3voTcSV8xrScZxYmj3AKMWITICw8 owmwJ0aQfnnOCs1j7HDz9TEKjUa/Net+Z1d1ZlWlq7aq3xaTBLyDyZskE1FeZ6yK pZPgveRdmlnReUJYHBfZqqUKT7iPRSoogcHdFZhVyI8JU2ega2nyI+uBDvc6fcPL PAjBvmZ+FdIk9Plvptv0oc4BzZMd0401JPmuA02CtmqYxfVToJGYuqo4SYiVl5gG mhCEY+VAIo5LWSRxM3scp/7fe9kj2c/Zn5AcYhNHIm16YEWYGe+FOKrPOMwK67e5 FWj0OxL0pSv9If7MRJ/xMXJyapH3KYkeNY2x5mdXpaueDmpDGb6Hvh9978q8P7wI xXxfdocDCCFJOgsn7o+GZo4yqnWK177bmYXm2WxzW9AhTVqe285D0XK5OvL1EiAG RzZqh3IgCNDgYoWzQjGtYO9q9FM4cu6REDBdmZOK8Kn2+fGaxC0= =fAU7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
