Java 在存在XFF标头的情况下,将“AuthenticationFailureBadCredentialsEvent”与远程地址关联
所以我写了这个Java 在存在XFF标头的情况下,将“AuthenticationFailureBadCredentialsEvent”与远程地址关联,java,spring,kotlin,spring-security,x-forwarded-for,Java,Spring,Kotlin,Spring Security,X Forwarded For,所以我写了这个 @Component class AuthenticationFailureListener : ApplicationListener<AuthenticationFailureBadCredentialsEvent>{ private val bruteForceProtection : BruteForceProtection @Inject constructor(bruteForceProtection: BruteForcePr
@Component
class AuthenticationFailureListener : ApplicationListener<AuthenticationFailureBadCredentialsEvent>{
private val bruteForceProtection : BruteForceProtection
@Inject
constructor(bruteForceProtection: BruteForceProtection){
this.bruteForceProtection = bruteForceProtection
}
override fun onApplicationEvent(event: AuthenticationFailureBadCredentialsEvent) {
val webDetails = event.authentication.details as WebAuthenticationDetails
val remoteAddress = webDetails.remoteAddress
bruteForceProtection.recordFailedAttempt(remoteAddress)
}
}
@组件
类AuthenticationFailureListener:ApplicationListener{
私有val bruteForceProtection:bruteForceProtection
@注入
构造函数(bruteForceProtection:bruteForceProtection){
this.bruteForceProtection=bruteForceProtection
}
覆盖ApplicationEvent上的乐趣(事件:AuthenticationFailureBadCredentialsEvent){
val webDetails=event.authentication.details作为WebAuthenticationDetails
val remoteAddress=webDetails.remoteAddress
bruteForceProtection.recordFailedAttempt(远程地址)
}
}
X-Forwarded-forhttps://example.com/https://192.168.1:8080https://192.168.1:8080X-ForwardedRemoteIpValveForwardedRequestCustomizerForwardedHeaderFilterX-Forwarded*- 暴露
- 配置服务器
5.1.7.发行版起,转发的HeaderFilter
不
所以剩下的选项是配置服务器
因为您使用的是tomcat,所以可以提供一个server.tomcat.remote ip头
属性来考虑头
另见
应用程序.yml:
server:
tomcat:
remote-ip-header: X-Forwarded-For
@RestController
class IpController {
@GetMapping("/ip")
fun getIp(request: HttpServletRequest) = mapOf("ip" to request.remoteAddr)
}
然后将返回自身使用的X-Forwarded-For
报头中的ip地址
WebAuthenticationDetails.java
@SpringBootTest(properties = ["server.tomcat.remote-ip-header=X-Forwarded-For"],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
class IpControllerTest {
@Autowired
private lateinit var testRestTemplate: TestRestTemplate
@Test
fun `uses ip from x-forwarded-for`() {
val httpHeaders = HttpHeaders()
httpHeaders["X-Forwarded-For"] = "8.8.8.8"
val httpEntity = HttpEntity<Any>(httpHeaders)
val map = testRestTemplate.exchange<Map<String, *>>("/ip", HttpMethod.GET, httpEntity)
.body!!
assertEquals("8.8.8.8", map["ip"])
}
}
public-WebAuthenticationDetails(HttpServletRequest){
this.remoteAddress=request.getRemoteAddr();
HttpSession session=request.getSession(false);
this.sessionId=(session!=null)?session.getId():null;
}
下面是一个简单的测试:
IpController.kt
:
server:
tomcat:
remote-ip-header: X-Forwarded-For
@RestController
class IpController {
@GetMapping("/ip")
fun getIp(request: HttpServletRequest) = mapOf("ip" to request.remoteAddr)
}
IpControllerTest.kt
@SpringBootTest(properties = ["server.tomcat.remote-ip-header=X-Forwarded-For"],
webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
class IpControllerTest {
@Autowired
private lateinit var testRestTemplate: TestRestTemplate
@Test
fun `uses ip from x-forwarded-for`() {
val httpHeaders = HttpHeaders()
httpHeaders["X-Forwarded-For"] = "8.8.8.8"
val httpEntity = HttpEntity<Any>(httpHeaders)
val map = testRestTemplate.exchange<Map<String, *>>("/ip", HttpMethod.GET, httpEntity)
.body!!
assertEquals("8.8.8.8", map["ip"])
}
}
@SpringBootTest(属性=[“server.tomcat.remote ip header=X-Forwarded-For”],
webEnvironment=SpringBootTest.webEnvironment.RANDOM\u端口)
类IpControllerTest{
@自动连线
私有lateinit var testRestTemplate:testRestTemplate
@试验
fun`使用来自x-forwarded-for`()的ip{
val httpHeaders=httpHeaders()
httpHeaders[“X-Forwarded-For”]=“8.8.8.8”
val httpEntity=httpEntity(httpHeaders)
val map=testrestemplate.exchange(“/ip”,HttpMethod.GET,httpEntity)
.身体!!
资产质量(“8.8.8.8”,地图[“ip”])
}
}
您使用的是Tomcat吗?@caco3是Spring Boot附带的嵌入式版本。