From 418be41d9c4d49fb6bc0c4aefa1596cb410a54b2 Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Sat, 12 Dec 2015 13:19:57 +0200
Subject: [PATCH] prevent brute force improve

---
 .../java/org/baeldung/security/MyUserDetailsService.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
index d9c3e586b1..567fa7717d 100644
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
@@ -45,7 +45,7 @@ public class MyUserDetailsService implements UserDetailsService {
 
     @Override
     public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException {
-        final String ip = request.getRemoteAddr();
+        final String ip = getClientIP();
         if (loginAttemptService.isBlocked(ip)) {
             throw new RuntimeException("blocked");
         }
@@ -88,4 +88,10 @@ public class MyUserDetailsService implements UserDetailsService {
         return authorities;
     }
 
+    private String getClientIP() {
+        final String xfHeader = request.getHeader("X-Forwarded-For");
+        if (xfHeader == null)
+            return request.getRemoteAddr();
+        return xfHeader.split(",")[0];
+    }
 }