diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcher.java index 5bf439a5e0..e60ac34d0d 100644 --- a/web/src/main/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcher.java +++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcher.java @@ -48,7 +48,7 @@ public final class IpAddressServerWebExchangeMatcher implements ServerWebExchang public Mono matches(ServerWebExchange exchange) { // @formatter:off return Mono.justOrEmpty(exchange.getRequest().getRemoteAddress()) - .map((remoteAddress) -> remoteAddress.getAddress().getHostAddress()) + .map((remoteAddress) -> remoteAddress.isUnresolved() ? remoteAddress.getHostString() : remoteAddress.getAddress().getHostAddress()) .map(this.ipAddressMatcher::matches) .flatMap((matches) -> matches ? MatchResult.match() : MatchResult.notMatch()) .switchIfEmpty(MatchResult.notMatch()); diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java index 3c26dfdfd9..4740728ab1 100644 --- a/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/IpAddressServerWebExchangeMatcherTests.java @@ -101,6 +101,22 @@ public class IpAddressServerWebExchangeMatcherTests { assertThat(matcher.matches(exchange("192.168.0.159")).block().isMatch()).isTrue(); } + @Test + public void matchesWhenIpv4UnresolvedThenTrue() throws UnknownHostException { + ServerWebExchange ipv4Exchange = exchange("192.168.1.104", true); + ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("192.168.1.104") + .matches(ipv4Exchange).block(); + assertThat(matches.isMatch()).isTrue(); + } + + @Test + public void matchesWhenIpv6UnresolvedThenTrue() throws UnknownHostException { + ServerWebExchange ipv6Exchange = exchange("fe80::21f:5bff:fe33:bd68", true); + ServerWebExchangeMatcher.MatchResult matches = new IpAddressServerWebExchangeMatcher("fe80::21f:5bff:fe33:bd68") + .matches(ipv6Exchange).block(); + assertThat(matches.isMatch()).isTrue(); + } + @Test public void constructorWhenIpv4AddressMaskTooLongThenIllegalArgumentException() { String ipv4AddressWithTooLongMask = "192.168.1.104/33"; @@ -119,8 +135,14 @@ public class IpAddressServerWebExchangeMatcherTests { } private static ServerWebExchange exchange(String ipAddress) throws UnknownHostException { + return exchange(ipAddress, false); + } + + private static ServerWebExchange exchange(String ipAddress, boolean unresolved) throws UnknownHostException { return MockServerWebExchange.builder(MockServerHttpRequest.get("/") - .remoteAddress(new InetSocketAddress(InetAddress.getByName(ipAddress), 8080))).build(); + .remoteAddress(unresolved ? InetSocketAddress.createUnresolved(ipAddress, 8080) + : new InetSocketAddress(InetAddress.getByName(ipAddress), 8080))) + .build(); } }