Source IP address

The source IP address gets set by the ServerAuthenticationContext when handling the SocketAddressCallback and it gets added to the runtime attributes (also see SocketAddressCallbackServerMechanismFactory).

Currently, it's possible to obtain the source IP address from only the RealmSuccessfulAuthenticationEvent using the authorizationIdentity as follows:

event.getAuthorizationIdentity().getRuntimeAttributes().get("Source-Address")

However, in the failed authentication case, the authorization identity won't get created and so it's not possible to obtain the source IP address from the authorization identity. I think the ServerAuthenticationContext state's runtimeAttributes would still contain the actual value though so we could check if we can obtain it that way and make it available from the event.

Requested URL

The host name and protocol for the current authentication request get set by the ServerAuthenticationContext when handling the MechanismInformationCallback (also see SetMechanismInformationMechanismFactory).

Currently, it's not possible to obtain this information from either the successful or failed events. However, it seems like it should be possible to get this from the ServerAuthenticationContext state's mechanismInformation so we could check if we can obtain it that way and make it available from both events.