I had recently been able to secure my web application and authenticate the user by using basic authentication. An added requirement was to check against user's ip address from request parameter and I leveraged use of Custom authentication details source and override of BASIC_AUTH_FILTER. (see:http://stackoverflow.com/questions/9854592/accessing-httpservletrequest-during-daoauthenticationprovider-authenticate-in-sp)
Now I have a Spring Web Service that uses SimplePasswordValidationCallbackHandler and the same AuthenticationManager / Provider configuration as above (except for the http namespace configuration which has all my custom filter logic). I would like to do a similar activity to authenticate a user completely only if their ip addresses match when authenticating in a Web Service. I pass the username and password in the SOAP headers and authentication happens without any issues. Any thoughts if i can reuse my existing configuration here for the AuthenticationDetailsSource and Custom filter. Is this even achievable or am I on a completely different track here? Thanks.
I added a RequestContext Listener to my web.xml and got access to the HttpServletRequest using a RequestContextHolder during my authentication process in a custom DAOProvider. Anyone with a better solution, let me know !
