IPV6 vs IPV4 with jetty and hasIpAddress expression

**dave.wellman** · Apr 23rd, 2010, 11:59 PM

Problem: hasIpAddress throws IllegalArgumentException using Jetty

Using Jetty as the web server and Spring Security 3.0.2.RELEASE throws an "Failed to evaluate expression 'hasIpAddress('127.0.0.1/24')'" exception when trying to

Code:

@PreAuthorize("hasIpAddress('127.0.0.1/24'')")

or

Code:

<secure:http...
access="hasIpAddress('127.0.0.1/24'')"

It fails because requiredAddress is a Inet4Address and the remoteAddress is a Inet6Address throwing the IllegalArgumentException because the two classes are seen as different and incompatible when using the equals function.

Solution

The best way to solve this problem is to simply tell java to use only IPV4 by passing in the parameter:

Code:

-Djava.net.preferIPv4Stack=true

such as

Code:

mvn -Djava.net.preferIPv4Stack=true jetty:run

Root Cause: The problem is in IpAddressMatcher:

Code:

org.springframework.util.StringUtils.IpAddressMatcher  

org.springframework.security.web.access.expression.WebSecurityExpressionRoot.hasIpAddress:

    public boolean hasIpAddress(String ipAddress) {
        return (new IpAddressMatcher(ipAddress).matches(request));
    }

org.springframework.util.StringUtils.IpAddressMatc her method called from org.springframework.security.web.access.expression .WebSecurityExpressionRoot.hasIpAddress

on line 44:

Code:

 if (!requiredAddress.getClass().equals(remoteAddress.getClass()))

I hope that will save others the day I lost investigating it.

Cheers,

Thread: IPV6 vs IPV4 with jetty and hasIpAddress expression

Thread Tools

Display

IPV6 vs IPV4 with jetty and hasIpAddress expression

Tags for this Thread

Posting Permissions