Resteasy security interceptor - how to obtain client IP address inside interceptor?

前端未结

关注

 2  1680

I have implemented an interceptor to carry out a security check on the client IP address with the following annotations - @Provider @ServerInterceptor @Precedence(\"SECURITY\")<

相关标签:

2条回答

忘了有多久

2021-01-23 03:40

This (my) answer is wrong! The HttpServletRequest is "injected" only when the filter class is instantiated, so the instance "see" the same HttpServletRequest for all the subsequent requests (the HttpServletREquest is always the first!!!!!)

You can inject the HttpServletRequest object to access the client ip (I'm using it)

@Provider
@Interceptor
@Precedence("SECURITY")
public class JAXRSInterceptor implements PreProcessInterceptor
{

    **@Context HttpServletRequest request; // WRONG WRONG WRONG**

    @Override
    public ServerResponse preProcess(HttpRequest arg0, ResourceMethod arg1) throws Failure, WebApplicationException
    {


        System.out.println(request.getRemoteAddr());
        System.out.println(request.getRemoteHost());
    }

0 讨论(0)

悲哀的现实

2021-01-23 04:01

The client IP address is available from the request object. But you can't use that for security purposes as it isn't unique per client: it might just be the address of the nearest proxy, even your own.

0 讨论(0)
发布评论:

提交评论
- 加载中...