zoukankan      html  css  js  c++  java
  • springboot过滤器禁止ip频繁访问

    https://blog.csdn.net/qq_37228713/article/details/81662119?utm_source=blogxgwz0

    1.编写一个过滤器: 

    package com.solian.web.filter;

    import java.io.IOException;
    import java.util.Iterator;
    import java.util.Map;
    import java.util.Set;

    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletContext;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.annotation.WebFilter;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    import com.solian.web.util.Ipsettings;
    /**
    * 自定义过滤器,用来判断IP访问次数是否超限
    * 如果前台用户访问网站的频率过快(达到超过50次/秒),则判定该ip恶意刷新操作,
    * 限制该IP的访问,1小时后自己解除限制
    *
    * @author wukaikai
    *
    */
    @WebFilter(urlPatterns="/*")
    public class IpFilter implements Filter{

    /**
    * 默认限制时间(单位:ms)
    */
    private static final long LIMITED_TIME_MILLIS = 60 * 60 * 1000;

    /**
    * 用户连续访问最高阀值,超过该值则认定为恶意操作的IP,进行限制
    */
    private static final int LIMIT_NUMBER = 50;

    /**
    * 用户访问最小安全时间,在该时间内如果访问次数大于阀值,则记录为恶意IP,否则视为正常访问
    */
    private static final int MIN_SAFE_TIME = 5000;
    private FilterConfig config;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    this.config = filterConfig; //设置属性filterConfig
    }

    /* (non-Javadoc)
    * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
    */
    @SuppressWarnings("unchecked")
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
    throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    ServletContext context = config.getServletContext();
    // 获取限制IP存储器:存储被限制的IP信息
    Map<String, Long> limitedIpMap = (Map<String, Long>) context.getAttribute("limitedIpMap");
    // 过滤受限的IP
    filterLimitedIpMap(limitedIpMap);
    // 获取用户IP
    String ip = Ipsettings.getRemoteHost(request);
    System.err.println("ip:"+ip);
    // 判断是否是被限制的IP,如果是则跳到异常页面
    if (isLimitedIP(limitedIpMap, ip)) {
    long limitedTime = limitedIpMap.get(ip) - System.currentTimeMillis();
    // 剩余限制时间(用为从毫秒到秒转化的一定会存在些许误差,但基本可以忽略不计)
    request.setAttribute("remainingTime", ((limitedTime / 1000) + (limitedTime % 1000 > 0 ? 1 : 0)));
    //request.getRequestDispatcher("/error/overLimitIP").forward(request, response);
    System.err.println("ip访问过于频繁:"+ip);
    //response.setCharacterEncoding("gb2312"); //设置输出内容编码格式
    // response.reset();
    // response.setCharacterEncoding("utf-8"); //设置输出内容编码格式
    // PrintWriter out = response.getWriter();
    // out.println("<b>由于您访问过于频繁,被系统自动认定为机器人。1个小时自动解除</b>");、
    return;
    }
    // 获取IP存储器
    Map<String, Long[]> ipMap = (Map<String, Long[]>) context.getAttribute("ipMap");
    // 判断存储器中是否存在当前IP,如果没有则为初次访问,初始化该ip
    // 如果存在当前ip,则验证当前ip的访问次数
    // 如果大于限制阀值,判断达到阀值的时间,如果不大于[用户访问最小安全时间]则视为恶意访问,跳转到异常页面
    if (ipMap.containsKey(ip)) {
    Long[] ipInfo = ipMap.get(ip);
    ipInfo[0] = ipInfo[0] + 1;
    System.out.println("当前第[" + (ipInfo[0]) + "]次访问");
    if (ipInfo[0] > LIMIT_NUMBER) {
    Long ipAccessTime = ipInfo[1];
    Long currentTimeMillis = System.currentTimeMillis();
    if (currentTimeMillis - ipAccessTime <= MIN_SAFE_TIME) {
    limitedIpMap.put(ip, currentTimeMillis + LIMITED_TIME_MILLIS);
    request.setAttribute("remainingTime", LIMITED_TIME_MILLIS);
    System.err.println("ip访问过于频繁:"+ip);
    request.getRequestDispatcher("/error/overLimitIP").forward(request, response);
    return;
    } else {
    initIpVisitsNumber(ipMap, ip);
    }
    }
    } else {
    initIpVisitsNumber(ipMap, ip);
    System.out.println("您首次访问该网站");
    }
    context.setAttribute("ipMap", ipMap);
    chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
    // TODO Auto-generated method stub
    }

    /**
    * @Description 过滤受限的IP,剔除已经到期的限制IP
    * @param limitedIpMap
    */
    private void filterLimitedIpMap(Map<String, Long> limitedIpMap) {
    if (limitedIpMap == null) {
    return;
    }
    Set<String> keys = limitedIpMap.keySet();
    Iterator<String> keyIt = keys.iterator();
    long currentTimeMillis = System.currentTimeMillis();
    while (keyIt.hasNext()) {
    long expireTimeMillis = limitedIpMap.get(keyIt.next());
    if (expireTimeMillis <= currentTimeMillis) {
    keyIt.remove();
    }
    }
    }

    /**
    * @Description 是否是被限制的IP
    * @param limitedIpMap
    * @param ip
    * @return true : 被限制 | false : 正常
    */
    private boolean isLimitedIP(Map<String, Long> limitedIpMap, String ip) {
    if (limitedIpMap == null || ip == null) {
    // 没有被限制
    return false;
    }
    Set<String> keys = limitedIpMap.keySet();
    Iterator<String> keyIt = keys.iterator();
    while (keyIt.hasNext()) {
    String key = keyIt.next();
    if (key.equals(ip)) {
    // 被限制的IP
    return true;
    }
    }
    return false;
    }

    /**
    * 初始化用户访问次数和访问时间
    *
    * @param ipMap
    * @param ip
    */
    private void initIpVisitsNumber(Map<String, Long[]> ipMap, String ip) {
    Long[] ipInfo = new Long[2];
    ipInfo[0] = 0L;// 访问次数
    ipInfo[1] = System.currentTimeMillis();// 初次访问时间
    ipMap.put(ip, ipInfo);
    }

    }
    2. 创建一个监听器:需要初始化俩个容器:

    package com.solian.web.listener;

    import java.util.HashMap;
    import java.util.Map;

    import javax.servlet.ServletContext;
    import javax.servlet.ServletContextEvent;
    import javax.servlet.ServletContextListener;
    import javax.servlet.annotation.WebListener;

    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    @WebListener
    public class MyApplicationListener implements ServletContextListener {
    private Logger logger = LoggerFactory.getLogger(MyApplicationListener.class);
    @Override
    public void contextInitialized(ServletContextEvent sce) {
    logger.info("liting: contextInitialized");
    System.err.println("MyApplicationListener初始化成功");
    ServletContext context = sce.getServletContext();
    // IP存储器
    Map<String, Long[]> ipMap = new HashMap<String, Long[]>();
    context.setAttribute("ipMap", ipMap);
    // 限制IP存储器:存储被限制的IP信息
    Map<String, Long> limitedIpMap = new HashMap<String, Long>();
    context.setAttribute("limitedIpMap", limitedIpMap);
    logger.info("ipmap:"+ipMap.toString()+";limitedIpMap:"+limitedIpMap.toString()+"初始化成功。。。。。");
    }

    @Override
    public void contextDestroyed(ServletContextEvent sce) {
    // TODO Auto-generated method stub

    }
    }
     3.需要在springboot启动类里面添加以上监听器和过滤器的扫描包路径:

    @ServletComponentScan(basePackages="com.solian.web")
    ————————————————
    版权声明:本文为CSDN博主「Bolck_Kevin」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
    原文链接:https://blog.csdn.net/qq_37228713/java/article/details/81662119

  • 相关阅读:
    ISCC 2018——write up
    图的存储结构(十字链表、邻接多重表、边集数组)
    图的存储结构
    树梅派(Raspberry Pi 3b)安装kali linux 2.0
    树梅派3B kali2.0 启用SSH进行远程登录
    VS+VAssistX自动添加注释
    libtiff库使用
    word采用尾注进行参考文献排版的一些问题
    vs2008安装opencv2.4.6
    Altera CYCLONE III FPGA BGA布线
  • 原文地址:https://www.cnblogs.com/zhoading/p/12980587.html
Copyright © 2011-2022 走看看