​在实际项目使用中,必须要考虑服务的安全性,当服务部署到互联网以后,就要考虑服务被恶意请求和暴力攻击的情况,下面的教程,通过Spring Boot提供的HandlerInterceptor和Redis 针对 Url + ip在一定时间内访问的次数来将ip禁用,可以根据自己的业务需求进行相应的修改,以达到自己的目的。

首先创建一个自定义的拦截器类,也是最核心的代码。

/** * @ProjectName: cdkj-framework * @Package: com.cdkjframework.core.spring.filter * @ClassName: FilterHandlerInterceptor * @Description: 拦截过滤 * @Author: xiaLin * @Date: 2022/6/22 13:36 * @Version: 1.0 */public class FilterHandlerInterceptor implements HandlerInterceptor {  /**   * 日志   */  private LogUtils logUtils = LogUtils.getLogger(FilterHandlerInterceptor.class);  /**   * redis锁   */  private final RedisLettuceLock redisLettuceLock;  /**   * IP头部变量(可能通过Nginx代理后)   */  private static final String HEADER_IP = "X-Real-IP";  /**   * 锁IP请求URL地址KEY   */  private static final String LOCK_IP_URL_KEY = "lock_ip_";  /**   * IP请求URL地址时间   */  private static final String IP_URL_REQ_TIME = "ip_url_times_";  /**   * 极限时间   */  private static final long LIMIT_TIMES = 5;  /**   * IP锁定时间 秒   */  private static final int IP_LOCK_TIME = 60;  /**   * 构建函数   */  public FilterHandlerInterceptor(RedisLettuceLock redisLettuceLock) {    this.redisLettuceLock = redisLettuceLock;  }  /**   * 预处理   *   * @param request  请求   * @param response 响应   * @param o        参数   * @return 返回结果   * @throws Exception 异常信息   */  @Override  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {    String ip = request.getHeader(HEADER_IP);    if (StringUtils.isNullAndSpaceOrEmpty(ip)) {      ip = request.getRemoteAddr();    }    logUtils.info("request 请求地址 Uri={},ip={}", request.getRequestURI(), ip);    if (ipIsLock(ip)) {      logUtils.info("ip访问被禁止={}", ip);      ResponseBuilder builder = ResponseBuilder.failBuilder("ip访问被禁止");      returnJson(response, builder);      return false;    }    if (!addRequest(ip, request.getRequestURI())) {      ResponseBuilder builder = ResponseBuilder.failBuilder("ip访问被禁止");      returnJson(response, builder);      return false;    }    return true;  }  @Override  public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {  }  @Override  public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {  }  /**   * IP 是否已锁   *   * @param ip IP 地址   * @return 返回是否成功   */  private Boolean ipIsLock(String ip) {    if (redisLettuceLock.lock(LOCK_IP_URL_KEY + ip)) {      return true;    }    return false;  }  /**   * 添加请求信息   *   * @param ip  IP 地址   * @param uri 请求路径   * @return 返回是否成功   */  private Boolean addRequest(String ip, String uri) {    String key = IP_URL_REQ_TIME + ip + uri;    if (RedisUtils.syncExists(key)) {      long time = RedisUtils.syncIncr(key, IntegerConsts.ONE);      if (time >= LIMIT_TIMES) {        redisLettuceLock.lock(LOCK_IP_URL_KEY + ip, IP_LOCK_TIME, ip);        return false;      }    } else {      redisLettuceLock.lock(key, (long) IntegerConsts.ONE, IntegerConsts.ONE);    }    return true;  }  /**   * 返回结果   *   * @param response 响应   * @param builder  返回结果   * @throws Exception 异常信息   */  private void returnJson(HttpServletResponse response, ResponseBuilder builder) throws Exception {    ResponseUtils.out(response, builder);  }}

  最后将上面自定义的拦截器通过WebMvcConfigurer下的registry.addInterceptor添加一下,就生效了。

/** * @ProjectName: cdkj-framework * @Package: com.cdkjframework.core.spring.filter * @ClassName: WebMvcFilterConfigurerAdapter * @Description: java类作用描述 * @Author: xiaLin * @Date: 2022/6/22 13:37 * @Version: 1.0 */@RequiredArgsConstructorpublic class WebMvcFilterConfigurerAdapter implements WebMvcConfigurer {    /**     * redis锁     */    private final RedisLettuceLock redisLettuceLock;    /**     * 过虑句柄拦截器     *     * @return 返回拦截器     */    @Bean    private FilterHandlerInterceptor filterHandlerInterceptor() {        return new FilterHandlerInterceptor(redisLettuceLock);    }    /**     * 添加 拦截器     *     * @param registry 拦截器注册     */    @Override    public void addInterceptors(InterceptorRegistry registry) {        registry.addInterceptor(filterHandlerInterceptor()).addPathPatterns("/**");    }}

  自己可以写一个for循环来测试改功能,这里就不具体详细介绍了。

文章中的工具类可参考:https://gitee.com/cdkjframework/common/tree/1.0.2/