iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #305 from Doha2012/master

Browse Source 
prevent brute force improve
This commit is contained in:
Eugen 2015-12-12 16:30:23 +02:00
commit 50cd7009c5
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
View File

@ -45,7 +45,7 @@ public class MyUserDetailsService implements UserDetailsService {
@Override @Override
public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException { public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException {
final String ip = request.getRemoteAddr(); final String ip = getClientIP();
if (loginAttemptService.isBlocked(ip)) { if (loginAttemptService.isBlocked(ip)) {
throw new RuntimeException("blocked"); throw new RuntimeException("blocked");
} }
@ -88,4 +88,10 @@ public class MyUserDetailsService implements UserDetailsService {
return authorities; return authorities;
} }
private String getClientIP() {
final String xfHeader = request.getHeader("X-Forwarded-For");
if (xfHeader == null)
return request.getRemoteAddr();
return xfHeader.split(",")[0];
}
} }