Merge pull request #305 from Doha2012/master

prevent brute force improve
2015-12-12 16:30:23 +02:00 · 2015-12-12 16:30:23 +02:00 · 50cd7009c5
commit 50cd7009c5
parent eddf74f734 418be41d9c
1 changed files with 7 additions and 1 deletions
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
@ -45,7 +45,7 @@ public class MyUserDetailsService implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException {
-        final String ip = request.getRemoteAddr();
+        final String ip = getClientIP();
        if (loginAttemptService.isBlocked(ip)) {
            throw new RuntimeException("blocked");
        }
@ -88,4 +88,10 @@ public class MyUserDetailsService implements UserDetailsService {
        return authorities;
    }

+    private String getClientIP() {
+        final String xfHeader = request.getHeader("X-Forwarded-For");
+        if (xfHeader == null)
+            return request.getRemoteAddr();
+        return xfHeader.split(",")[0];
+    }
 }