IP Address in expression must be the same type as version returned by request

最新推荐文章于 2022-12-13 07:46:04 发布

iteye_3066

最新推荐文章于 2022-12-13 07:46:04 发布

阅读量179

点赞数

CC 4.0 BY-SA版权

分类专栏：异常和错误文章标签： Security Java Web Access Spring

本文链接：https://blog.csdn.net/iteye_3066/article/details/81862204

异常和错误专栏收录该内容

4 篇文章

订阅专栏

在使用Spring Security的hasIpAddress方法时遇到异常，因请求获取的IPV6地址与配置的IPV4不一致导致。解决办法是设置Tomcat参数支持IPV4。

当我在win7上做程序开发的时候，在使用哪个spring security的hasIpAddress('192.168.1.0/24')时后爆出异常

java.lang.IllegalArgumentException: Failed to evaluate expression 'hasIpAddress('192.168.1.0/24')'
	org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13)
	com.mawujun.util.security.CustomWebExpressionVoter.vote(CustomWebExpressionVoter.java:49)
	org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50)
	org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
	org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:109)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
	com.mawujun.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:124)

原因是：

IpAddressMatcher类的matches方法中的

InetAddress remoteAddress = parseAddress(request.getRemoteAddr());

        if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
            throw new IllegalArgumentException("IP Address in expression must be the same type as " +
                    "version returned by request");
        }

request.getRemoteAddr获取到的是IPV6的地址和定义的地址不一样，

解决方案：

修改tomgcat的，让他只支持IPV4

-Djava.net.preferIPv4Stack=true

如下图：