Am 08.08.2017 um 14:05 schrieb Christopher Schultz:
> All,
> In spite of my (somewhat) recent work on the CredentialHandlers, I
> haven't been using Tomcat's container-provider authentication and
> authorization for over a decade. This is because I need access to the
> user's source IP address for auditing where users "are" when they
> login to my applications.
> Is there any opportunity to obtain the user's IP address during login?
> IIRC, the JASPIC scheme does allow this kind of information, but I'm
> not sure if Tomcat actually supplies it. JASPIC is a rather
> complicated solution when I am in fact authenticating against a simple
> relational database.
> What might be other ways to obtain the user's IP address during
> authentication?
> Thanks,
> -chris
> PS I don't use Spring, to "just use Spring security like everyone
> else" isn't a great solution for me.

If you run Tomcat only you may use request.getRemoteAddr() in the logic
and build IP based access management around this.

If you run Apache in front of Tomcat you may need to fiddle with
X-Forwarded-For header.


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to