你可以这样做的一个方法是使用Spring Security的网络安全表达式。例如：

 < http use-expressions =true> 
< intercept-url pattern =/ admin *
 access =hasRole（'admin'）and hasIpAddress（'192.168.1.0/24'）/> 
 ... 
< / http> 
 

I wonder how to filter users' access to my web app by their IP using Spring Security. Should I extend AbstractAuthenticationProcessingFilter or something like that and override it's methods in my own way? If so, could you give an example of such extending and example of filter description in web.xml? Thanks in advance.

P.S. In my app I also have Spring Security support (using default org.springframework.web.filter.DelegatingFilterProxy), but I want it to check not only user credentials, but their IP's as well.

One way you can do this is to use Spring Security's Web Security Expressions. For example:

<http use-expressions="true">
    <intercept-url pattern="/admin*"
        access="hasRole('admin') and hasIpAddress('192.168.1.0/24')"/>
    ...
</http>