11.自定义拦截器
发表于:2017-06-24 10:28:14 分类:博客源码 阅读:629次
这块里加了一段逻辑,用来防止恶意访问,后来发现根本没有什么用——也许可以防爬虫抓数据,先留着了。
MyInterceptor
package top.ersredma.blog.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import top.ersredma.blog.bean.User;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.concurrent.ConcurrentHashMap;
/**
* Created by ersredma on 2017/6/15.
*/
public class MyInterceptor implements HandlerInterceptor {
private ConcurrentHashMap<String,String> coreMap=new ConcurrentHashMap<String,String>(50);
private ConcurrentHashMap<String,Long> BlankMap=new ConcurrentHashMap<String,Long>();
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
String url = request.getRequestURL().toString();
String ip=getIpAddr(request);
if(access(ip,System.currentTimeMillis())){
if(url.contains("/mng/")){
HttpSession session=request.getSession();
User user=(User)session.getAttribute("USER");
if(user==null){
response.sendRedirect("/loginUI");
return false;
}
}
//返回true代表继续往下执行
return true;
}else{
return false;
}
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
//获得客户端真实IP地址的方法二:
private String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
//判断是否拦截该ip
public synchronized boolean access(String ip,long time){
if(BlankMap.get(ip)!=null){
System.out.println("拒绝黑名单IP:"+ip);
return false;
}
if(coreMap.get(ip)!=null){
String timeAndCount=coreMap.get(ip);
String[] arrss=timeAndCount.split("#");
if(Integer.parseInt(arrss[1])>=50){
System.out.println("拒绝超过50次危险访问IP:"+ip);
BlankMap.put(ip,time);
System.out.println("加入危险ip到黑名单成功!");
return false;
}else{
if(time-Long.parseLong(arrss[0])<500){
coreMap.put(ip,time+"#"+(Integer.parseInt(arrss[1])+1));
System.out.println("危险访问次数加1,ip:"+ip);
}else if(time-Long.parseLong(arrss[0])>5000){
coreMap.put(ip,time+"#"+1);
System.out.println("正常访问,重置危险访问次数,ip:"+ip);
}else{
coreMap.put(ip,time+"#"+(Integer.parseInt(arrss[1])));
System.out.println("正常的重复访问,ip:"+ip);
}
return true;
}
}else{
coreMap.put(ip,time+"#"+1);
if(coreMap.size()>=50){
coreMap=new ConcurrentHashMap<String,String>(50);
}
return true;
}
}
}关键词:blog源码,拦截器
-
阿里郎