I have a requirement to perform the following authentication process.
If the requested URL requires no authentication, anonymous, is the remote IP valid?
If the remote IP is valid then carry on else force the client to authenticate themselves.
I know that relying on remote IP address is poor security but thats our requirement.
Can anyone suggest how I can use/extend Spring Security to perform this authentication process?