I need to restrict the user's login based on their mac address,and I have deployed the project inside k8s, but there is a problem that I cannot get the mac address of the client.
I've tried these:
Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();However, this method can only obtain the mac address of the server, not the mac address of the client.- use 'arp -a ipaddress', because the project is deployed in k8s, you also cannot get the client's mac address
So, how can I get the mac address of the client? thanks a lot.
As you want to read the MAC address of "the user" on the login, I suppose you mean the MAC address of the network interface that is used in the client machine to establish the network connection to the server.
Unfortunately this is not possible, because the networking stack that the internet protocol (IP) uses, keeps this information only for the local network. This doesn't even mean for the whole LAN, but only for the network segement a machine is directly connected to, so you can find the MAC address only for IP addresses that can be reached without using the configured "gateway".
Only for those IP addresses you could use the mentioned
arptool (ARP = address resolution protocol).For all other addresses this information is not kept in the network packages.
But on the other hand it's good for you: The MAC address can easily be faked (this means that you can set any MAC address for any of your network interfaces if you know what to do, sometimes even the device drivers in Windows provide a nice UI for that...), so it is a very bad idea to rely on such information for a login.
Maybe a better solution would be to rely on a properly set up network infrastructure and limit the range of the allowed incoming IP addresses. While it's also not hard to fake the senders IP address in a network package, it is not useful for a login procedure because that usually needs an answer, and with a faked sender address, the answer will never reach the original sender.