Check request source IP against dynamic data using Spring Securiy WebSecurityConfigurerAdapter

46 Views Asked by avig At 05 April 2025 at 10:09

Assuming I have the following class code:

@EnableWebSecurity
@Configuration
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/api/**").hasIpAddress("runtime other device ip");
    }
}

at runtime, when a request is entering the system, I want to validate it came from "runtime other device ip", which can be different at time the request retrieved.

Please assume I have a utility that can retrieve this "runtime other device ip" Utility.getOtherDeviceIP();

Any ideas?

Thanks

Original Q&A

There are 1 best solutions below

Marco Behler On 05 April 2020 at 18:00

Yes, use .access() with a custom bean, that has your Utility class @Autowired and takes the current HttpServlet request as parameter, which Spring will inject for you automatically (next to the current authentication object).

Example:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/api/**").access("@yourCustomIpCheckerBean.check(authentication, request)");

}

Though, you could probably also directly write it as SpEL, if it is just your utility needed for the IP check. Something like (not tested):

.access("request.remoteAddr == @yourUtility.getOtherDeviceIP()")

Check request source IP against dynamic data using Spring Securiy WebSecurityConfigurerAdapter

There are 1 best solutions below

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in IP-RESTRICTIONS

Trending Questions

Popular # Hahtags

Popular Questions