2 Replies Latest reply on Jan 10, 2008 10:14 PM by ragavgomatam

    Capturing client IP address

    kanth_seenu
    kanth_seenu Dec 3, 2007 2:39 AM

      How do I capture the IP of the client which is attempting to login? I browsed some resources on net and found JBAS 1486.

      But its not clear about how to do the configuration. I am using JAVA client to connect to my JBOSS server, during the login process I would like to print the client IP in log file.

      I thought it must be simple to get the info in login() method of my custom implementation of UsernamePasswordLoginModule class, but it does not seem so.

      JBOSS Version: 4.0.5.GA

      Any help would be appreciated

      P.S> I also refferred http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html?page=4 where they are speaking about HttpServletRequest. Which I think wont help me in this scenario

      • 5266 Views
      • Tags:
        • 1. Re: Capturing client IP address
          kanth_seenu
          kanth_seenu Dec 11, 2007 12:42 AM (in response to kanth_seenu)

          Still searching for a answer. Am I doing anything terribly wrong????

            • Actions
          • 2. Re: Capturing client IP address
            ragavgomatam
            ragavgomatam Jan 10, 2008 10:14 PM (in response to kanth_seenu)

            One answer would be writing a Tomcat Valve that intercepts every HttpRequest before it make it to the container. This valve would intercept the request before your login module. I have given an example implementation. Package this in tomcat.sar , & check out how to configure this in jboss & you are set to go. Should not be too difficult

            package test.tomcat;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;

import org.apache.catalina.*;

/**
 * The Tomcat valve that transfers credentials into a Principal object,
 * to provide seamless integration between Jaas and the J2EE security model.
 */

public class MyValve implements Valve {

 public String getInfo() {
 return null;
 }


 /**
 * Looks for the Http headers in the originating request and creates a
 * Principal representing these if they exist.
 */

 public void invoke(Request request, Response response, ValveContext valveContext)
 throws IOException, ServletException {

 // Ha ! Ha !...Got the request before it makes it to Login Module...

 HttpRequest httpRequest = (HttpRequest)request;
 HttpServletRequest httpServletRequest = (HttpServletRequest)request.getRequest();
 List roles = new ArrayList();
 String username = (String)httpServletRequest.getHeader("myHeader");
 String rolesAsString = (String)httpServletRequest.getHeader("myList");

 StringTokenizer tok = new StringTokenizer(rolesAsString, ",");
 while (tok.hasMoreTokens()) {
 String token = tok.nextToken().trim();
 roles.add(token);
 }

 httpRequest.setUserPrincipal(new MyPrincipal(
 httpRequest.getContext().getRealm(), username, roles));

 // now execute all other valves
 valveContext.invokeNext(request, response);
 }

}


              • Actions