Fork me on GitHub

IP address validation (v5.3)

pac4j allows you to validate incoming IP address.

1) Dependency

You need to use the following module: pac4j-http.

Example (Maven dependency):


2) IpRegexpAuthenticator

The IpRegexpAuthenticator allows you to check that a given IP address is valid. It is generally defined for an IpClient.

After a successful credentials validation, it “returns” an IpProfile.


IpClient ipClient = new IpClient(new IpRegexpAuthenticator("10\\..*"));

The IP address is retrieved via the context.getRemoteAddr() method. Though, on some infrastructure, the IP address is available in an HTTP header (like X-Forwarded-For or x-real-ip). So you can define the HTTP headers (one or more) from which you preferably want to retrieve the IP address. You can set the proxy IP, so pac4j can check if the remote address of the request is from your proxy server before searching in headers.


IpClient ipClient = new IpClient(new IpRegexpAuthenticator("10\\..*"));

IpExtractor ipHeaderExtractor = new IpExtractor(ipClient.getName());
ipHeaderExtractor.setAlternateIpHeaders("X-Forwarded-For", "x-real-ip");