On 08.08.2017 14:21, i...@flyingfischer.ch wrote:


Am 08.08.2017 um 14:05 schrieb Christopher Schultz:
All,

In spite of my (somewhat) recent work on the CredentialHandlers, I
haven't been using Tomcat's container-provider authentication and
authorization for over a decade. This is because I need access to the
user's source IP address for auditing where users "are" when they
login to my applications.

Is there any opportunity to obtain the user's IP address during login?
IIRC, the JASPIC scheme does allow this kind of information, but I'm
not sure if Tomcat actually supplies it. JASPIC is a rather
complicated solution when I am in fact authenticating against a simple
relational database.

What might be other ways to obtain the user's IP address during
authentication?

Thanks,
-chris

PS I don't use Spring, to "just use Spring security like everyone
else" isn't a great solution for me.

If you run Tomcat only you may use request.getRemoteAddr() in the logic
and build IP based access management around this.

If you run Apache in front of Tomcat you may need to fiddle with
X-Forwarded-For header.

Markus


+1, I was just going to mention the same.
In case of any front-end proxy, getRemoteAddr() would probably give the IP of 
the proxy.
And to make matters a little bit more complicated, see this article :
https://github.com/eprints/eprints/issues/214
This is perl, not Java, but it provides some additional information which might be useful (about nginx and HTTPS e.g.)



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to