I would like to know, how can I modify the hasIpAddress method in the Spring Security, so that it verify the X-Forwarded-For header in the request, instead of remote ip address?
Asked
Active
Viewed 1,353 times
1
uksz
- 18,239
- 30
- 94
- 161
-
1Possible duplicate of [How to create custom methods for use in spring security expression language annotations](http://stackoverflow.com/questions/6632982/how-to-create-custom-methods-for-use-in-spring-security-expression-language-anno) – Prasanna Kumar H A Oct 07 '16 at 11:55
1 Answers
1
You can choose to create a custom class with the logic that you want. Then, maybe extend DefaultWebSecurityExpressionHandler and override createEvaluationContextInternal where you can instantiate your custom class and set it as a variable in the StandardEvaluationContext. See OAuth2WebSecurityExpressionHandler to see how spring-security-oauth2 extended DefaultWebSecurityExpressionHandler to add oauth2-specific validation logic for example. Then in your http security rule, set the expression handler to use your custom expression handler. In xml, this would look something like:
<security:http>
<security:expression-handler ref="yourCustomExpressionHandler"/>
</security:http>
sofiaguyang
- 1,123
- 1
- 14
- 21