IP-based Security check?( how to access ServletRequest form jdbcAuthImpl)

[FarhanJan]

I want to have Source IP based security check along with username/password.

How can I get access to my HttpServletRequest, form within a normal java class,(JdbcAuthImpl extends JdbcDaoImpl ) not in servlet class itself.

even though i pass the IP from Login page, but how can i get it in jdbcAuthImpl class.

I have made ip checking mechanism, but I dont get the input IP.


Here is the code I tried to use,

Code:

RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
if (requestAttributes instanceof ServletRequestAttributes) {
HttpServletRequest request = ((ServletRequestAttributes)requestAttributes).getRequest();

String rhost = request.getRemoteHost();
String raddr = request.getRemoteAddr();
int rport = request.getRemotePort();

String lhost = request.getLocalName();
String laddr = request.getLocalAddr();
int lport = request.getLocalPort();
}


I am using 

import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;

Ive seen ppl using this!
but here the


ServletRequestAttributes.getRequest();

is protected! perhaps because of some other version of spring.jar


any alternative
I need some guidance here!
thanks!

[karldmoore]

If you have a look at Authentication.getDetails(..) you should get a WebAuthenticationDetails instance back. This contains the remoteAddress, doesn't that help? If that doesn't help, you could always extend WebAuthenticationDetails. This won't get into the JdbcDaoImpl though as the load method only takes a username. Why do you need the IP in the dao?