Spring boot攔截器實現IP黑名單的完整步驟
阿新 • • 發佈:2020-06-15
一·業務場景和需要實現的功能
以redis作為IP儲存地址實現。
業務場景:針對秒殺活動或者常規電商業務場景等,防止惡意指令碼不停的刷介面。
實現功能:寫一個攔截器攔截掉黑名單IP,額外增加一個介面,將ip地址新增到redis中,並且返回redis中當前全部ip
二·Springboot中定義一個攔截器
@Order(0) @Aspect @Component public class AopInterceptor { /** * 定義攔截器規則 */ @Pointcut("execution(* com.test.test.api.controller.test.test.*(..))") public void pointCut() { } /** * 攔截器具體實現 * * @throws Throwable */ @Around(value = "pointCut()") public Object around(ProceedingJoinPoint point) throws Throwable { try { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); //判斷是否為黑名單使用者 String ip = getIpAddress(request); if (checkIpBlack(ip)) { //ip在黑名單中返回false //return false; DefaultResponse defaultResponse = new DefaultResponse(); defaultResponse.setCode(-1); defaultResponse.setMessage("ip在黑名單中,拒絕訪問."); SysLogHelper.log("IpBlackAopInterceptor","當前請求ip" + ip,"ip在黑名單中,拒絕訪問"); return defaultResponse; } else { //ip不在黑名單中返回true SysLogHelper.log("IpBlackAopInterceptor","ip正常,允許訪問"); return point.proceed(); } } catch (Exception e) { e.printStackTrace(); SysLogHelper.error("IpBlackAopInterceptor黑名單攔截異常:",ExceptionUtils.getMessage(e) + "詳細" + ExceptionUtils.getStackTrace(e),null); } return point.getArgs(); } //對比當前請求IP是否在黑名單中,注意(對比黑名單ip存放在redis中) public boolean checkIpBlack(String ip) throws Exception { IpBlackBody body = new IpBlackBody(); body = cacheHelper.get("IpBlack:ips",IpBlackBody.class); if (body != null) { for (int i = 0; i < body.getIp().length; i++) { if (body.getIp()[i].equals(ip)) return true; } } return false; } }
三·獲取請求主機IP地址
public final static String getIpAddress(HttpServletRequest request) throws IOException { // 獲取請求主機IP地址,如果通過代理進來,則透過防火牆獲取真實IP地址 String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } } else if (ip.length() > 15) { String[] ips = ip.split(","); for (int index = 0; index < ips.length; index++) { String strIp = (String) ips[index]; if (!("unknown".equalsIgnoreCase(strIp))) { ip = strIp; break; } } } return ip; }
四·擴充套件介面,實現將黑名單IP寫入redis當中,並返回當前所有黑名單IP
@RestController public class IpBlackController { @Autowired(required = false) private CacheHelper cacheHelper; @PostMapping("/testIpBlack") public IpBlackBody IpBlack(@RequestBody IpBlackBody ipBlackBody) throws Exception { IpBlackBody body = new IpBlackBody(); body = cacheHelper.get("IpBlack:ips",IpBlackBody.class); if (body != null) { //拼接當前IP與redis中現有ip linkArray(body.getIp(),ipBlackBody.getIp()); //將資料賦給body body.setIp(linkArray(body.getIp(),ipBlackBody.getIp())); //setex中第二個引數時間為S,根據業務場景相應調整,此處我設定為一天 //將body中拼接後的ip地址資料寫入redis中 cacheHelper.setex("IpBlack:ips",86400,body); } else { cacheHelper.setex("IpBlack:ips",ipBlackBody); body = cacheHelper.get("IpBlack:ips",IpBlackBody.class); return body; } return body; } //拼接兩個String[]的方法 public static String[] linkArray(String[] array1,String[] array2) { List<String> list = new ArrayList<>(); if (array1 == null) { return array2; } if (array2 == null) { return array1; } for (int i = 0; i < array1.length; i++) { list.add(array1[i]); } for (int i = 0; i < array2.length; i++) { list.add(array2[i]); } String[] returnValue = new String[list.size()]; for (int i = 0; i < list.size(); i++) { returnValue[i] = list.get(i); } return returnValue; } }
總結:
首先根據需要攔截的controller攔截響應請求controller層,然後根據編寫相關攔截器的具體實現,其中包含兩部主要操作:
1.獲取到遠端請求主機的實際ip地址
2.對比當前ip是否在黑名單中(此次操作需要讀取redis中的黑名單ip列表)
然後根據當前需求增加了一個redis介面,實現將需要封禁的IP地址增加到redis黑名單中並返回當前所有的黑名單IP地址。
至此:至此springboot通過攔截器實現攔截黑名單功能已經實現。
到此這篇關於Spring boot攔截器實現IP黑名單的文章就介紹到這了,更多相關Springboot攔截器IP黑名單內容請搜尋我們以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援我們!