StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
11920805
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
9
CommunityOwnedDate
CreationDate
2012-08-12T08:25:54.423
FavoriteCount
0
LastActivityDate
2012-08-12T11:25:46.347
LastEditDate
2012-08-12T11:25:46.347
LastEditorUserId
241986
OwnerUserId
241986
ParentId
11920395
PostTypeId
2
Score
14
ViewCount
0
LastEditorDisplayName
text
Body
I think that the check be achieved by using <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html" rel="noreferrer">hasIpAddress</a> http expression See section <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html" rel="noreferrer">15.2 Web Security Expressions</a> <pre><code><http use-expressions="true"> <intercept-url pattern="/admin*" access="hasRole('admin') and hasIpAddress('192.168.1.0/24')"/> ... </http> </code></pre> If you want more flexibility, you can implement your own IP address check service, based on IpAddressMatcher: <pre><code><bean id="ipCheckService" class="my.IpCheckService"> </bean> <security:http auto-config="false" access-denied-page="/accessDenied.jsp" use-expressions="true"> <security:intercept-url pattern="/login.jsp" access="@ipCheckService.isValid(request)" /> </code></pre> bean implementation: <pre><code>public class IpCheckService { public boolean isValid(HttpServletRequest request) { //This service is a bean so you can inject other dependencies, //for example load the white list of IPs from the database IpAddressMatcher matcher = new IpAddressMatcher("192.168.1.0/24"); try { return matcher.matches(request); } catch (UnsupportedOperationException e) { return false; } } } </code></pre> update: you can try to get current user IP this way: <pre><code> public static String getRequestRemoteAddr(){ HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.currentRequestAttributes()) .getRequest(); return request.getRemoteAddr(); } </code></pre> update The information about the relation between IP addresses and sessions can only be gathered from the different sources(like listening to AuthenticationSuccessEvent and SessionDestroyedEvent events, implementing a filter or using an AOP interceptor). Spring Security doesn't store such information because it's useless, as IP address has some meaning only while the server is processing a <a href="http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html" rel="noreferrer">ServletRequest</a>. IP address may change(user may be using a proxy), so we can only audit different kinds of events like logging in with some credentials, accessing a service from a different IP, or doing some suspicious activity.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to find users' IPs in Spring Security?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USBoris Treukhov
UserOwnerUserId
1. USBoris Treukhov
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to find users' IPs in Spring Security?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.