Merge pull request eugenp#305 from Doha2012/master

Eugen · Eugen · commit 50cd7009c5e2 · 2015-12-12T16:30:23.000+02:00
prevent brute force improve
diff --git a/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java b/spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java
@@ -45,7 +45,7 @@ public MyUserDetailsService() {
 
     @Override
     public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException {
-        final String ip = request.getRemoteAddr();
+        final String ip = getClientIP();
         if (loginAttemptService.isBlocked(ip)) {
             throw new RuntimeException("blocked");
         }
@@ -88,4 +88,10 @@ private final List<GrantedAuthority> getGrantedAuthorities(final List<String> pr
         return authorities;
     }
 
+    private String getClientIP() {
+        final String xfHeader = request.getHeader("X-Forwarded-For");
+        if (xfHeader == null)
+            return request.getRemoteAddr();
+        return xfHeader.split(",")[0];
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ public MyUserDetailsService() {`
`45`	`45`
`46`	`46`	`@Override`
`47`	`47`	`public UserDetails loadUserByUsername(final String email) throws UsernameNotFoundException {`
`48`		`- final String ip = request.getRemoteAddr();`
	`48`	`+ final String ip = getClientIP();`
`49`	`49`	`if (loginAttemptService.isBlocked(ip)) {`
`50`	`50`	`throw new RuntimeException("blocked");`
`51`	`51`	`}`
`@@ -88,4 +88,10 @@ private final List<GrantedAuthority> getGrantedAuthorities(final List<String> pr`
`88`	`88`	`return authorities;`
`89`	`89`	`}`
`90`	`90`
	`91`	`+ private String getClientIP() {`
	`92`	`+ final String xfHeader = request.getHeader("X-Forwarded-For");`
	`93`	`+ if (xfHeader == null)`
	`94`	`+ return request.getRemoteAddr();`
	`95`	`+ return xfHeader.split(",")[0];`
	`96`	`+ }`
`91`	`97`	`}`