How to get client IP address in ImpUserDetailsService

Question

I want get client IP address in method loadUserByUsername() from class implUserDetailsService this my code but it doesn't work

@Service
public class LoginServiceImpl implements UserDetailsService {

@Autowired
UserDao loginDao;

@Autowired
private HttpServletRequest request;

@Override
public UserDetails loadUserByUsername(String username) {
    try {
        final String ip = getClientIp(request);

        net.liyan.psc.main.entity.main.User user = loginDao.findByUserNameForLogin(username);
        if (user == null) throw new UsernameNotFoundException("User not found.");
        Set<GrantedAuthority> grantedAuthorities = new HashSet<>();

        if (isLocalZone()) {
            grantedAuthorities.add(new SimpleGrantedAuthority('ROLE_1'));
        } else {
            grantedAuthorities.add(new SimpleGrantedAuthority('ROLE_2'));
        }

        return new org.springframework.security.core.userdetails.User(
                user.getUsername(),
                user.getPassword(),
                true,
                true,
                true,
                true,
                grantedAuthorities);
    } catch (UsernameNotFoundException ex) {
        throw new UsernameNotFoundException("User not found.");
    } catch (Exception ex) {
        throw new UsernameNotFoundException("User not found.");
    }
}

   private static String getClientIp(HttpServletRequest request) {

    String remoteAddr = "";

    if (request != null) {
        remoteAddr = request.getHeader("X-FORWARDED-FOR");
        if (remoteAddr == null || "".equals(remoteAddr)) {
            remoteAddr = request.getRemoteAddr();
        }
    }

    return remoteAddr;
}


private boolean isLocalZone(String Ip){
    // ...
}
}

It get exseption:

java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.

Answer 1

There are various options to make @Autowired able to inject HttpServletRequest into a bean:

1. Register RequestContextListener
2. Register RequestContextFilter. Make sure it is placed at the very beginning of the filter chain (e.g. Before springSecurityFilterChain)

If you are using Spring boot and have a spring-mvc on the classpath , its auto-configuration should register one RequestContextFilter for you by default.

Answer 2

Change the loadUserByUsername(String username) to

loadUserByUsername(String username, HttpServletRequest request)

Pass the request from controller end to your service end. Something like below,

import javax.servlet.http.HttpServletRequest;
@Controller
public class YourControllerName {
       @Autowired
       UserDetailsService userDetailsService 
       @GetMapping("/your-url")
       public String methodName(HttpServletRequest request /*your other perams*/){
              UserDetails userDetails = userDetailsService .loadUserByUsername(String 
              username, request); 
              //other operations
             return "view";
        }
}

Remove the HttpServletRequest autowire from service end.