[DS-735] Allow IPAuthentication to work with proxies (examine X-Forwarded-For header)

git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@5709 9c30dcfa-912a-0410-8fc2-9e0234be79fd
2025-10-11 12:03:09 +00:00 · 2010-11-01 22:00:01 +00:00
parent 09a11966d3
commit 3bd1ecc294
2 changed files with 20 additions and 0 deletions
--- a/dspace-api/src/main/java/org/dspace/authenticate/IPAuthentication.java
+++ b/dspace-api/src/main/java/org/dspace/authenticate/IPAuthentication.java
@@ -77,12 +77,16 @@ public class IPAuthentication implements AuthenticationMethod
    /** Our logger */
    private static Logger log = Logger.getLogger(IPAuthentication.class);

+    /** Whether to look for x-forwarded headers for logging IP addresses */
+    private static Boolean useProxies;
+
    /** All the IP matchers */
    private List<IPMatcher> ipMatchers;

    /** All the negative IP matchers */
    private List<IPMatcher> ipNegativeMatchers;

+    
    /**
     * Maps IPMatchers to group names when we don't know group DB ID yet. When
     * the DB ID is known, the IPMatcher is moved to ipMatcherGroupIDs and then
@@ -201,7 +205,22 @@ public class IPAuthentication implements AuthenticationMethod
        }
        List<Integer> groupIDs = new ArrayList<Integer>();

+        // Get the user's IP address
        String addr = request.getRemoteAddr();
+        if (useProxies == null) {
+            useProxies = ConfigurationManager.getBooleanProperty("useProxies", false);
+        }
+        if (useProxies && request.getHeader("X-Forwarded-For") != null)
+        {
+            /* This header is a comma delimited list */
+            for(String xfip : request.getHeader("X-Forwarded-For").split(","))
+            {
+                if(!request.getHeader("X-Forwarded-For").contains(addr))
+                {
+                    addr = xfip.trim();
+                }
+            }
+        }

        for (IPMatcher ipm : ipMatchers)
        {