This article mainly introduces the spring boot interceptor implementation IP blacklist example code, which has certain reference value. Interested friends can refer to it
Preface
Recently I have been working on Hexo+GithubPage to build a personal blog, so I haven’t learned much about SpringBoot. So today I made some modifications to the last "Second Anti-Refresh". Last time, annotations and interceptors (@Aspect) were used to implement the function. However, if the requirement is for a global interceptor to intercept most URLs, it is obviously impossible to add them one by one by yourself. Moreover, the last interceptor had requirements for the parameters of the Controller, which was always inconvenient for others to actually reference. Therefore, this time I used inherited HandlerInterceptor to implement the interceptor.
Functional requirements
Intercept certain types of URLs in the project. If a user accesses a large number of the links in a short period of time, the user's IP will be blacklisted and prohibited. User visits web page. (At the same time, you can use @Async to create scheduled tasks to help users unlock the ban.)
Knowledge Record
The functions of spring's interceptor HandlerInterceptor are the same as FilterSimilar, but provides finer control: before the request is responded to, after the request is responded to, Before the view is rendered, and after the request is completed. We cannot modify the request content through the interceptor, but we can suspend the execution of the request by throwing an exception (or returning false).
Configuring interceptors is also very simple. Spring provides the basic class WebMvcConfigurerAdapter for this. We only need to rewrite the addInterceptors method to add registered interceptors.
It only takes 3 steps to implement a custom interceptor:
1. Create our own interceptor class and implement HandlerInterceptor interface.
2. Create a Java class that inherits WebMvcConfigurerAdapter and overrides the addInterceptors method.
3. Instantiate our custom interceptor, and then manually add the object to the interceptor chain (added in the addInterceptors method).
Official start of work
IP tool class
Since the user agent is not clear, it is best to use a tool class to obtain the user's real IP. You can find this on Google, so I won’t post the code.
Database
I am using MySQL database, and the persistence layer framework is MyBatis. Please refer to the "Preparation" steps for details.
I create a table "blaclist" in the "myboot" database. The attributes are as follows:
| Field name | Explanation |
|---|---|
| id | The id of the record |
| ip | User’s real IP |
| iptime | IP locked time |
Entity Class
public class BlackList {
private int id;
private String ip;
private Date iptime; // 日期类型,格式:yyyy-MM-dd HH:mm:ss
//构造器
public BlackList() {
}
public BlackList(String ip, Date iptime) {
this.ip = ip;
this.iptime = iptime;
}
// get && set 方法
}Dao layer
NoteXML configuration and corresponding entity configuration (omitted).
@Mapper
public interface BlackListDao {
// 根据IP来查找记录
List<BlackList> findByIp(String ip);
// 添加记录
int addBlackList(@Param("blackList") BlackList blackList);
}Implement HandlerInterceptor interface
public class URLInterceptor implements HandlerInterceptor {
@Autowired
BlackListDao blackListDao;
private Map<String, Integer> redisTemplate = new HashMap<String, Integer>();
private static final Logger logger = LoggerFactory.getLogger(URLInterceptor.class);
//在请求处理之前进行调用(Controller方法调用之前)
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
return true;
}
//请求处理之后进行调用,但是在视图被渲染之前(Controller方法调用之后)
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
String ip = IPAddressUtil.getClientIpAddress(httpServletRequest);
List<BlackList> blackLists = blackListDao.findByIp(ip);
if (blackLists == null || blackLists.size() == 0){
urlHandle(httpServletRequest, 5000, 10);
} else {
//强制控制跳转
modelAndView.setViewName("/errorpage/error.html");
}
}
//在整个请求结束之后被调用
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
public void urlHandle(HttpServletRequest request, long limitTime,int limitCount) throws RequestLimitException {
/**
* 省略业务逻辑部分,参考"准备"步骤
*/
if (count > limitCount){ //符合锁定条件
Calendar calendar = Calendar.getInstance();
Date iptime=calendar.getTime();
BlackList blackList = new BlackList(ip, iptime);
blackListDao.addBlackList(blackList);
throw new RequestLimitException();
}
}
}WebMvcConfigurerAdapter class
Configure the spring mvc interceptor WebMvcConfigurerAdapter.
@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {
@Bean //把我们的拦截器注入为bean
public HandlerInterceptor getMyInterceptor(){
return new URLInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 多个拦截器组成一个拦截器链
// addPathPatterns 用于添加拦截规则, 这里假设拦截 /url 后面的全部链接
// excludePathPatterns 用户排除拦截
registry.addInterceptor(getMyInterceptor()).addPathPatterns("/url/**");
super.addInterceptors(registry);
}
}Controller Class
@RequestMapping("/url/test")
@ResponseBody
public String URLtest() {
return "success";
}【Related Recommendations】
2. Comprehensive analysis of Java annotations
3. Alibaba Java Development Manual
The above is the detailed content of Code example for implementing IP blacklist in java. For more information, please follow other related articles on the PHP Chinese website!