CODEWITHSUNDEEP
javahttptomcatspring-mvcnginx
Less
Less

Reputation: 3207

getRemoteAddr() behind NginX reverse proxy in Spring MVC app?

I have Spring MVC app, hosted in Tomcat container. Tomcat is fronted with NginX, and because of that I set explcitly the header in NginX configuration:

location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

This seems to be working OK, the header is there (I see it in the debugger).

Now, I tried to follow this solution here, with the request wrapping and filter, but it does not work, as apparently my custom-wrapped request object is not the one used by MVC mechanism. Mappings are as follows: 

 <servlet-mapping>  
   <servlet-name>mvc-dispatcher</servlet-name>  
   <url-pattern>/</url-pattern>  
 </servlet-mapping>

 <filter-mapping>
   <filter-name>RealIPFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>

I try to extract remote address in two (different) places in the code:

1) 

public class PostAuthSuccessHandler implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(
            HttpServletRequest request,
            HttpServletResponse response, 
            Authentication authentication)
    throws IOException, ServletException {
           // here
           request.getRemoteAddr();
    }
}

and
2)

public class LoginFailureEventListenter implements
ApplicationListener<AuthenticationFailureBadCredentialsEvent> {

    @Override
    public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
        String remoteIP = null;
        Object src = event.getSource();
        if(src instanceof UsernamePasswordAuthenticationToken) {
            UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) src;
            if(upat.getDetails() instanceof WebAuthenticationDetails) {
                // here
                remoteIP = ((WebAuthenticationDetails)upat.getDetails()).getRemoteAddress();
            }
        }
}

What could be the proper way to go about this with Spring MVC ?

EDIT
Since the application is secured with Spring security, this may as well be related only to making Spring security accept wrapped request, or apply this filter as a first filter in the processing chain, or something to that effect (if at all possible).

Upvotes: 3

Views: 2889

Answers (1)

M. Deinum
M. Deinum

Reputation: 124833

Make sure that your wrapping occurs BEFORE spring security. Move the filter-mapping element containing yuor wrapping filter before the filter-mapping for spring security.

Upvotes: 1

Related Questions