11.自定义拦截器
发表于:2017-06-24 10:28:14 分类:博客源码 阅读:629次
这块里加了一段逻辑,用来防止恶意访问,后来发现根本没有什么用——也许可以防爬虫抓数据,先留着了。
MyInterceptor
package top.ersredma.blog.interceptor; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import top.ersredma.blog.bean.User; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.util.concurrent.ConcurrentHashMap; /** * Created by ersredma on 2017/6/15. */ public class MyInterceptor implements HandlerInterceptor { private ConcurrentHashMap<String,String> coreMap=new ConcurrentHashMap<String,String>(50); private ConcurrentHashMap<String,Long> BlankMap=new ConcurrentHashMap<String,Long>(); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { String url = request.getRequestURL().toString(); String ip=getIpAddr(request); if(access(ip,System.currentTimeMillis())){ if(url.contains("/mng/")){ HttpSession session=request.getSession(); User user=(User)session.getAttribute("USER"); if(user==null){ response.sendRedirect("/loginUI"); return false; } } //返回true代表继续往下执行 return true; }else{ return false; } } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } //获得客户端真实IP地址的方法二: private String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } //判断是否拦截该ip public synchronized boolean access(String ip,long time){ if(BlankMap.get(ip)!=null){ System.out.println("拒绝黑名单IP:"+ip); return false; } if(coreMap.get(ip)!=null){ String timeAndCount=coreMap.get(ip); String[] arrss=timeAndCount.split("#"); if(Integer.parseInt(arrss[1])>=50){ System.out.println("拒绝超过50次危险访问IP:"+ip); BlankMap.put(ip,time); System.out.println("加入危险ip到黑名单成功!"); return false; }else{ if(time-Long.parseLong(arrss[0])<500){ coreMap.put(ip,time+"#"+(Integer.parseInt(arrss[1])+1)); System.out.println("危险访问次数加1,ip:"+ip); }else if(time-Long.parseLong(arrss[0])>5000){ coreMap.put(ip,time+"#"+1); System.out.println("正常访问,重置危险访问次数,ip:"+ip); }else{ coreMap.put(ip,time+"#"+(Integer.parseInt(arrss[1]))); System.out.println("正常的重复访问,ip:"+ip); } return true; } }else{ coreMap.put(ip,time+"#"+1); if(coreMap.size()>=50){ coreMap=new ConcurrentHashMap<String,String>(50); } return true; } } }
关键词:blog源码,拦截器
-
阿里郎