HTTP address of user??

T

Tim Slattery

I've just read a proposal for a new J2EE web system - or maybe a
cut-down version of an existing one. Regardless, there are some new
requirements. One of those is to record the IP address of the user.

I'm using Struts, so my Action objects get passed an
HttpServletRequest object and an HttpServletResponse object. I can't
figure out how to get the IP address of the user from those things. I
can get HTTP headers, but it's not there. I can get an HttpSession
object, but it doesn't seem to be there. There's a ServletContext
object that can be obtained from the HttpSession, but that doesn't
seem to do it either.

To complicate matters, this J2EE system runs behind an IIS gateway. Is
there a simple way to do this, or does the gateway have to be modified
to pass the IP address as another bit of data?
 
J

Juha Laiho

Tim Slattery said:
I've just read a proposal for a new J2EE web system - or maybe a
cut-down version of an existing one. Regardless, there are some new
requirements. One of those is to record the IP address of the user.

I'm using Struts, so my Action objects get passed an
HttpServletRequest object and an HttpServletResponse object. I can't
figure out how to get the IP address of the user from those things.
Click to expand...

See http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/ServletRequest.html#getRemoteAddr()
To complicate matters, this J2EE system runs behind an IIS gateway. Is
there a simple way to do this, or does the gateway have to be modified
to pass the IP address as another bit of data?
Click to expand...

Yep, in this case getRemoteAddr() will only show the address of your
reverse proxy. You'll have to get the proxy to report the end-client
address somehow -- and mostly this would be to have the proxy to add
a header to the incoming request, and make your application to parse
that header. If possible, you might try to extend your application
server so that you intercept the request before it reaches your
server, and move the IP information from the HTTP header to the
place where getRemoteAddr() can pick it. This way, your application
still only uses the getRemoteAddr().
 
R

Raymond DeCampo

Juha said:
See http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/ServletRequest.html#getRemoteAddr()




Yep, in this case getRemoteAddr() will only show the address of your
reverse proxy. You'll have to get the proxy to report the end-client
address somehow -- and mostly this would be to have the proxy to add
a header to the incoming request, and make your application to parse
that header. If possible, you might try to extend your application
server so that you intercept the request before it reaches your
server, and move the IP information from the HTTP header to the
place where getRemoteAddr() can pick it. This way, your application
still only uses the getRemoteAddr().
Click to expand...

Additionally you will have the clients themselves potentially living
behind a proxy, leaving you with whole swaths of clients with the same
IP address.

Ray
 
A

Alvin Ryder

Tim said:
I've just read a proposal for a new J2EE web system - or maybe a
cut-down version of an existing one. Regardless, there are some new
requirements. One of those is to record the IP address of the user.

I'm using Struts, so my Action objects get passed an
HttpServletRequest object and an HttpServletResponse object. I can't
figure out how to get the IP address of the user from those things. I
can get HTTP headers, but it's not there. I can get an HttpSession
object, but it doesn't seem to be there. There's a ServletContext
object that can be obtained from the HttpSession, but that doesn't
seem to do it either.
Click to expand...

Hi,

HttpServletRequest request has getRemoteAddr() so its just
request.getRemoteAddr() but ...

You cannot rely on remote addresses or hostname, this is not because of
J2EE but because of HTTP/CGI and network infrastructure.

HTTP/CGI doesn't guarantee you'll get an address or if you do it's
often the address of a proxy or some network equipment, maybe on your
side, the client's side, something in between or all of the above.

For example all AOL users may appear to have the same address and
there's nothing you can do to overcome that. Addresses are often also
translated eg using NAT so you might get an address but it won't be the
real one ...

The simple upshot is, remote ip and remote host cannot be relied on.
 
T

Thomas Hawtin

Raymond said:
Additionally you will have the clients themselves potentially living
behind a proxy, leaving you with whole swaths of clients with the same
IP address.
Click to expand...

Or potentially one client with many IP addresses of a clustered proxy.

Tom Hawtin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User IP address 2
Demonstration of a Self-Written HTTP Server for an Online Store 0
Want to host websites that I will probably be the only user from home. Sacrilege, I know, but it has always been a dream of mine. Where do I start? 2
Raspberry Pi Open Source PLC Communication Wonder LECPython, and Example of Communication with Omron PLC 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Hi, I am a webflow user. I am looking for CSS code that can KEEP ALL ELEMENTS POSITIONED in the SAME spot across all resolutions 0
Help design HTA 0
Geo Location extracted from visitors ip address 33

Members online

No members online now.
Total: 151 (members: 1, guests: 150)
Robots: 278

Forum statistics

Threads
474,432
Messages
2,571,680
Members
48,796
Latest member
Greg L.

Latest Threads

Top