1. Overview
In this quick tutorial, you'll learn how to get the client ip address when a request comes to server. But, this can be done only in the java servlet application.
Simply, you can call directly on the request object as "request.getRemoteAddr()" on the javax.servlet.http.HttpServletRequest object.
2. Example to get the client ip address
let us create a simple web application that gets the request and repose objects but we are interested in only request object.
Because, all the values from client are part of HTTP request.
Actually, calling getRemoteAddr() method does not get the correct ip address of client in some cases.
In those scenarios might be client ip address is forwarded by the proxies. Mostly the client ip is present in the http header property "X-FORWARDED-FOR". we need to just get this property. If this value is null then get the value from getRemoteAddr() method.
This way gives the right ip address always.
Created a separate method that to fetch the client ip address.
private static String getClientIpAddress(HttpServletRequest request) {
String remoteAddress = "";
if (request != null) {
remoteAddr = request.getHeader("X-FORWARDED-FOR");
if (remoteAddr == null || "".equals(remoteAddr)) {
remoteAddress = request.getRemoteAddr();
}
}
return remoteAddress;
3. "X-FORWARDED-FOR" and getRemoteAddr() are not working
There are some cases where the combination of these two "X-FORWARDED-FOR" and getRemoteAddr() method does work.
To correct the property, first need to look into the all properties of HTTP header.
First, use request.getHeaderNames() method to get all header properties or keys.
Next, take each header key and get the corresponding values from the header using request.getHeader(headerKey) method.
Finally, print all the key and value pairs are in HTTP header.
private void printRequestHeadersKeyValues(HttpServletRequest request) { Map<String, String> result = new HashMap<>(); Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerKey = (String) headerNames.nextElement(); String headerValue = request.getHeaderheaderKey; System.out.println(headerKey+" : "+headerValue) } }
Output:
referer : https://www.google.com/, cf-ipcountry : US, cf-ray : 348c7acba8a02210-EWR, x-forwarded-proto : https, accept-language : en-US,en;q=0.8, cookie : __cfduid=d39823749ksjfksdf90823r3298; _ga=GA1.2.450731937.1490726069, x-forwarded-for : 106.8.189.76, // <------ This is client real IP accept : text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8, x-real-ip : 187.343.987.123, // <------ This is proxy IP x-forwarded-server : testing.com, x-forwarded-host : testing.com, cf-visitor : {\scheme\:\https\}, host : 127.0.0.1:8080, upgrade-insecure-requests : 1, connection : close, cf-connecting-ip : 102.81.315.51, accept-encoding : gzip, user-agent : Mozilla/24.0 (Macintosh; Intel Mac OS X 13_09_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3030.99 Safari/789.98
You can pick the right property from the above list which is having the correct client ip address.
4. Check for all Header Possible Candidates
Another way is get the all possible candidates that may get the client ip address.
Just loop over this list and get values if any one is present in the header.
If nothing is having the value then take the value from getRemoteAddr() method.
Sample code but these header values can be modified with fake values.
private static final String[] VALID_IP_HEADER_CANDIDATES = {
"X-Forwarded-For",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR" };
public static String getClientIpAddress(HttpServletRequest request) {
for (String header : VALID_IP_HEADER_CANDIDATES) {
String ipAddress = request.getHeader(header);
if (ipAddress != null && ipAddress.length() != 0 && !"unknown".equalsIgnoreCase(ipAddress)) {
return ipAddress;
}
}
return request.getRemoteAddr();
}
5. Conclusion
In this short article, you've seen how to get the actual client ip address in java servlet application using getRemoteAddr() method and header keys.
Ref
No comments:
Post a Comment
Please do not add any spam links in the comments section.