当前位置:首页 > 编程语言 > springboot过滤器禁止ip频繁访问

springboot过滤器禁止ip频繁访问

2021-02-20 15:20

阅读:491

标签:nbsp   oca   rate   map   not   cat   auto   package   move   

1.编写一个过滤器: 

import lombok.extern.slf4j.Slf4j;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

@Slf4j
@WebFilter(urlPatterns="/dyflight/*")
public class IpFilter implements Filter{

    /**
     * 默认限制时间(单位:ms)3600000,3600(s),
     */
    private static final long LIMITED_TIME_MILLIS = 10 * 1000;

    /**
     * 用户连续访问最高阀值,超过该值则认定为恶意操作的IP,进行限制
     */
    private static final int LIMIT_NUMBER = 5;

    /**
     * 用户访问最小安全时间,在该时间内如果访问次数大于阀值,则记录为恶意IP,否则视为正常访问
     */
    private static final int MIN_SAFE_TIME = 5000;

    private FilterConfig config;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        this.config = filterConfig;    //设置属性filterConfig
    }

    /* (non-Javadoc)
     * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
     */
    @SuppressWarnings("unchecked")
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        ServletContext context = config.getServletContext();
        // 获取限制IP存储器:存储被限制的IP信息
        //Map limitedIpMap = (Map) context.getAttribute("limitedIpMap");
        ConcurrentHashMap limitedIpMap = (ConcurrentHashMap)  context.getAttribute("limitedIpMap");
        // 过滤受限的IP
        filterLimitedIpMap(limitedIpMap);
        // 获取用户IP
        String ip = IPUtil.getRemoteIpAddr(request);
        System.err.println("ip:"+ip);
        // 判断是否是被限制的IP,如果是则跳到异常页面
        if (isLimitedIP(limitedIpMap, ip)) {
            long limitedTime = limitedIpMap.get(ip) - System.currentTimeMillis();
            // 剩余限制时间(用为从毫秒到秒转化的一定会存在些许误差,但基本可以忽略不计)
            request.setAttribute("remainingTime", ((limitedTime / 1000) + (limitedTime % 1000 > 0 ? 1 : 0)));
            System.err.println("ip访问过于频繁:"+ip);
            throw new RuntimeException("ip访问过于频繁");
        }
        // 获取IP存储器
        ConcurrentHashMap ipMap = (ConcurrentHashMap) context.getAttribute("ipMap");
        // 判断存储器中是否存在当前IP,如果没有则为初次访问,初始化该ip
        // 如果存在当前ip,则验证当前ip的访问次数
        // 如果大于限制阀值,判断达到阀值的时间,如果不大于[用户访问最小安全时间]则视为恶意访问,跳转到异常页面
        if (ipMap.containsKey(ip)) {
            Long[] ipInfo = ipMap.get(ip);
            ipInfo[0] = ipInfo[0] + 1;
            log.debug("当前第[" + (ipInfo[0]) + "]次访问");
            if (ipInfo[0] > LIMIT_NUMBER) {
                Long ipAccessTime = ipInfo[1];
                Long currentTimeMillis = System.currentTimeMillis();

                log.debug("ip访问过于频繁:currentTimeMillis: "+currentTimeMillis+"  - ipAccessTime:"+ipAccessTime+" : " + (currentTimeMillis - ipAccessTime) + " limitedIpMap) {
        if (limitedIpMap == null) {
            return;
        }
        Set keys = limitedIpMap.keySet();
        Iterator keyIt = keys.iterator();
        long currentTimeMillis = System.currentTimeMillis();
        while (keyIt.hasNext()) {
            long expireTimeMillis = limitedIpMap.get(keyIt.next());
            log.debug("expireTimeMillis  limitedIpMap, String ip) {
        if (limitedIpMap == null || ip == null) {
            // 没有被限制
            return false;
        }
        Set keys = limitedIpMap.keySet();
        Iterator keyIt = keys.iterator();
        while (keyIt.hasNext()) {
            String key = keyIt.next();
            if (key.equals(ip)) {
                // 被限制的IP
                return true;
            }
        }
        return false;
    }

    /**
     * 初始化用户访问次数和访问时间
     *
     * @param ipMap
     * @param ip
     */
    private void initIpVisitsNumber(ConcurrentHashMap ipMap, String ip) {
        Long[] ipInfo = new Long[2];
        ipInfo[0] = 0L;// 访问次数
        ipInfo[1] = System.currentTimeMillis();// 初次访问时间
        ipMap.put(ip, ipInfo);
    }



}

  

2. 创建一个监听器:需要初始化俩个容器:

import lombok.extern.slf4j.Slf4j;

import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
import java.util.concurrent.ConcurrentHashMap;


@Slf4j
@WebListener
public class MyApplicationListener implements ServletContextListener {

    @Override
    public void contextInitialized(ServletContextEvent sce) {
        log.debug("liting: contextInitialized");
        log.debug("MyApplicationListener初始化成功");
        ServletContext context = sce.getServletContext();
        // IP存储器
        ConcurrentHashMap ipMap = new ConcurrentHashMap();
        context.setAttribute("ipMap", ipMap);
        // 限制IP存储器:存储被限制的IP信息
        ConcurrentHashMap limitedIpMap = new ConcurrentHashMap();
        context.setAttribute("limitedIpMap", limitedIpMap);
        log.debug("ipmap:"+ipMap.toString()+";limitedIpMap:"+limitedIpMap.toString()+"初始化成功。。。。。");
    }

    @Override
    public void contextDestroyed(ServletContextEvent sce) {
        // TODO Auto-generated method stub

    }


}

  

3.iputil

import javax.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.UnknownHostException;

public class IPUtil {

    public static String getRemoteIpAddr(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_CLIENT_IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
            if("127.0.0.1".equals(ip)||"0:0:0:0:0:0:0:1".equals(ip)){
                //根据网卡取本机配置的IP
                InetAddress inet=null;
                try {
                    inet = InetAddress.getLocalHost();
                } catch (UnknownHostException e) {
                    e.printStackTrace();
                }
                ip= inet.getHostAddress();
            }
        }
        return ip;
    }


}

  

 

4配置

springboot启动类中添加过滤器和监听器的包扫描

@ServletComponentScan(basePackages="cn.xxx.common")

  

spring web.xml

过滤器

ipFiltercom.xxxx.common.filter.IpFilteripFilter/dyflight/**

  

监听器:

com.xxxx.common.Listener.MyApplicationListener

  

 

springboot过滤器禁止ip频繁访问

标签:nbsp   oca   rate   map   not   cat   auto   package   move   

原文地址:https://www.cnblogs.com/achengmu/p/12681190.html

上一篇:小白初学Java的一点点收获

下一篇:SpringMVC+MyBatis 事务管理一

文章来自:搜素材网编程语言模块,转载请注明文章出处。
文章标题:springboot过滤器禁止ip频繁访问
文章链接:http://soscw.com/index.php/essay/58037.html

评论

亲,登录后才可以留言!

热门文章

推荐文章

最新文章

置顶文章

关于我们 | 版权声明 | 常见问题 | 素材投稿 | 联系我们 | 网站地图 |
搜素材网素材除本站原创外均由用户分享,若发现权利被侵害,请联系及时联系我们,我们会在第一时间进行处理。
特别说明:本站所有资源除本站原创外仅供学习与参考,请勿用于商业用途,如有侵犯您的版权请联系客服服务QQ:点击这里给我发消息
Copyright © 2024 soscw.com 搜素材网素材网版权所有 蜀ICP备18015633号-1