项目中有这么一个需求,就是系统仅仅能在指定ip下登录,能够理解为内部系统,仅仅能够在公司訪问
我的代码是这样写的:入不入流不知道,但能解决这个问题。
获得訪问IP代码:
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
将此ip放在登录页面的隐藏域中,然后推断此ip值和提供的ip值是否相等,实现了通过ip控制登录系统的功能