Question
I want to know whether apache shiro provides such services to do authentication based on user IP address and user country?
yes, @Wouter thanks for info, but i had tried to override this method before also,but i read http://www.mkyong.com/java/how-to-get-client-ip-address-in-java/ article to avoid proxy ip address.
Shiro API gethost() method doc says
https://stackoverflow.com/questions/19589019
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian"Returns the host name of the client from where the authentication attempt originates or if the Shiro environment cannot or chooses not to resolve the hostname to improve performance, this method returns the String representation of the client's IP address.
When used in web environments, this value is usually the same as the ServletRequest.getRemoteHost() value."
so is there any way to check whether client is beside proxy server inside realm doGetAuthenticationInfo() method like
//is client behind something?
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
...or this getHost() method will do job for me?
Solution
You can create your own version of an AuthenticatingFilter (extend it) and check for ip address. If you use the standard username/password authentication, you will get an instance of UsernamePasswordToken which will contain the host (ip address). You can use that to create you own custom authentication logic.
As for country, you can extend the method above with a country lookup service like this: http://freegeoip.net/
