I'm using IpAddressMatcher for address matching outside Spring Security.
Network 0.0.0.0/0 should match to any IP address, but only matches to 0.0.0.0. If mask is given as "0", the matches() method handles the mask as if it was not given at all (or was given as 32). Perhaps differentiate the situations by assigning nMaskBits a null value if it's not defined at all?
It would also be nice to have a version of the matches() method that takes a String network address instead of a HttpServletRequest as a parameter.
Attached is a diff from my fix.