} catch (UserIpRestrictedException e) { log.info("Incorrect user IP: {} {} - {}", login, ipAddress); throw new BadCredentialsException(e.getMessage()); } catch (LoginException e) { log.info("Authentication failed: {} {} - {}", login, ipAddress, e.getMessage());
@Override public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException { if (credentials instanceof AbstractClientCredentials) { AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials; if (clientCredentials.isCheckClientPermissions() && clientCredentials.getIpAddress() != null) { String ipAddress = clientCredentials.getIpAddress(); UserSession session = authenticationDetails.getSession(); if (session.getUser().getIpMask() != null) { IpMatcher ipMatcher = new IpMatcher(session.getUser().getIpMask()); if (!ipMatcher.match(ipAddress)) { log.info("IP address {} is not permitted for user {}", ipAddress, session.getUser()); throw new UserIpRestrictedException(messages.getMessage(MSG_PACK, "LoginException.invalidIP")); } } } } }