ProxyTracer LogoProxyTracer
Skip to Content
DocsIntegrationSpring Boot (Java)

Spring Boot (Java)

For enterprise Java applications, the most robust way to integrate ProxyTracer is by creating a global HandlerInterceptor. This ensures every incoming HTTP request is verified before it reaches your controllers.

The Interceptor

This implementation safely extracts the IP from a load balancer (handling X-Forwarded-For), calls ProxyTracer using Java’s native HttpClient, and blocks the request if flagged.

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
 
@Component
public class ProxyTracerInterceptor implements HandlerInterceptor {
 
    private static final String API_KEY = System.getenv("PROXYTRACER_API_KEY");
    private final HttpClient httpClient = HttpClient.newBuilder()
            .connectTimeout(Duration.ofMillis(500)) // Strict timeout to prevent bottlenecking
            .build();
 
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        
        // 1. Safely extract the real IP behind load balancers/NGINX
        String ipAddress = request.getHeader("X-Forwarded-For");
        if (ipAddress == null || ipAddress.isEmpty()) {
            ipAddress = request.getRemoteAddr();
        } else {
            ipAddress = ipAddress.split(",")[0].trim();
        }
 
        // 2. Query ProxyTracer API
        HttpRequest ptRequest = HttpRequest.newBuilder()
                .uri(URI.create("https://api.proxytracer.com/v1/check/" + ipAddress))
                .header("Authorization", "Bearer " + API_KEY)
                .GET()
                .build();
 
        try {
            HttpResponse<String> ptResponse = httpClient.send(ptRequest, HttpResponse.BodyHandlers.ofString());
 
            if (ptResponse.statusCode() == 200) {
                // 3. Simple string matching (Avoids heavy JSON parsing libraries for raw speed)
                if (ptResponse.body().contains("\"proxy\": true") || ptResponse.body().contains("\"proxy\":true")) {
                    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                    response.getWriter().write("{\"error\": \"Access Denied: VPN or Proxy detected.\"}");
                    response.setContentType("application/json");
                    return false; // Drops the request
                }
            }
        } catch (Exception e) {
            // Fail open: log the error and allow the request through
            System.err.println("ProxyTracer validation failed: " + e.getMessage());
        }
 
        // 4. Traffic is clean, proceed to the controller
        return true; 
    }
}

Configuration:

Don’t forget to register this interceptor in your WebMvcConfigurer class to apply it globally to your application routes.

Last updated on
Ruby on Rails