java - 如何获知从哪个 ip 成功登录？

Question

我使用 Spring Security 3。我有以下方法：

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, authResult);
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authResult;
        WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
        String address = details.getRemoteAddress();
        System.out.println("Successful Login from remote address: "+ address);
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);
        System.out.println("==failed login==");
    }
}

我有拆箱地址变量的脏代码吗？我可以写得简短或正确吗？

Answer 1

你到底在找什么？该“地址”将是请求您服务的对象/谁的报告地址，尽管它可以被欺骗，并且代理会将自己报告为“远程地址”，可选地包括一个包含原始“远程地址”的 HTTP 标头。按照惯例，标头命名为“X-FORWARDED-FOR”。不过，这完全取决于代理和配置它的人。

Answer 2

这可能会更好：

String address = request.getRemoteAddr();