In a Spring 3 based web app I am using a custom implementation of AbstractUserDetailsAuthenticationProvider to not only to check the username/password pair but also the IP address of the client. However, when I call within retrieveUser():
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
...
String ipAddr = ((WebAuthenticationDetails)authentication.getDetails()).getRemoteAddress();
...
User user = ...
return user;
}
it returns 0:0:0:0:0:0:0:1%0. That will be the IP v6 address for localhost. How can I check now against a white list of IP v4 addresses if that method returns me a IP v6 address? Can I provide compatibility with IP v4 and v6 for the whitelist? Thank you for your insights!
If it is your local Tomcat, then try to invoke it not by http://localhost:8080/..., try to invoke it by http://127.0.0.1:8080/..