Is there a built-in ability in Spring Security to ban a user by IP after a certain number of times the password is entered incorrectly? Or a solution only through the implementation of your provider?
- 3so that they could not find the password? There are many articles about this, the framework itself allows you to do this. I recommend to read the article baeldung.com/… - Senior Pomidor
|
1 answer
One option is to use Spring Security's Web Security Expressions. For example:
<http use-expressions="true"> <intercept-url pattern="/admin*" access="hasRole('admin') and hasIpAddress('192.168.1.0/24')"/> ... </http> You can also write your CustomAuthProvider, and get the user's IP address in it, like this:
wad = (WebAuthenticationDetails) authentication.getDetails(); userIPAddress = wad.getRemoteAddress(); And then everything is in our hands :)
GermanSevostyanov GermanSevostyanov
549 4 silver marks 22 bronze marks
- This article is more suitable for baeldung.com/… but thanks for the info - GenCloud
|