How to get client ip address during login


we’re trying to log the clients ip address during login. Login is done by Spring Security with a custom authentication provider:

    public AuthenticationProvider authenticationProvider() {
        return new AuthenticationProvider() {
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String username = authentication.getName();
                String password = authentication.getCredentials().toString();

                return securityService.login(username, password);

            public boolean supports(Class<?> clazz) {
                return clazz.equals(UsernamePasswordAuthenticationToken.class);

Login method of SecurityService:

public UsernamePasswordAuthenticationToken login(String username, String password) throws AuthenticationException {
        String address = VaadinSession.getCurrent().getBrowser().getAddress();

Somehow during login the VaadinSession is null

13:32:25 ERROR (system) org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.NullPointerException: Cannot invoke "com.vaadin.flow.server.VaadinSession.getBrowser()" because the return value of "com.vaadin.flow.server.VaadinSession.getCurrent()" is null
	at SecurityService.login( ~[classes/:?]
	at SecurityConfiguration$1.authenticate( ~[classes/:?]

We’re on Vaadin 24.3.11 with Spring Boot Parent 3.2.4.

Thanks for your help

SpringSecurity is practically a fancy WebFilter with API specifically built for authentication purposes. It catches the HttpRequest before it is let to be processed by Vaadin. So it is a gate keeper. When user has not logged in yet, no request has been passed to VaadinSession. Hence it does not exist yet. VaadinSession is established when first authenticated request is passed by SpringSecurity. So that is the reason why it is null. This is perfectly as expected.

You could check if this works for you: session - How to find users' IPs in Spring Security? - Stack Overflow

Thanks to both of you. Makes sense @Tatu2 and the solution provided works @ollit.1!