拦截器01

原创 于 2014-01-21 14:24:32 发布 · 91 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#java #web.xml

读取auth.properties中的ip信息,并判断是否和登录IP一致,不一致返回FORBIDDEN

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC
        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
	<filter-mapping>
	    <filter-name>authFilter</filter-name>
	    <url-pattern>/*</url-pattern>
    </filter-mapping>

	<filter>
		<filter-name>authFilter</filter-name>
		<filter-class>
		   com.vtradex.server.webservice.web.filter.AuthFilter
		</filter-class>
	</filter>
</web-app>

 AuthFilter.java

import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.Date;
import java.util.Properties;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.vtradex.server.model.interfaceLog.InterfaceVisitLog;
import com.vtradex.swms.server.service.common.CommonInterfaceManager;
import com.vtradex.thorn.server.model.EntityFactory;

/**
 * Filename    :   AuthFilter.java
 *
 * @description:   
 */
public class AuthFilter implements Filter {
	protected static ApplicationContext ac;
	protected static CommonInterfaceManager commonInterfaceManager;
	
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain filterChain) throws IOException, ServletException {
		String ip = this.getIp((HttpServletRequest)request);
		Boolean checkIp = checkIp(ip);
		if(!checkIp) {
			PrintWriter pw = response.getWriter();
			pw.write("FORBIDDEN!");
			InterfaceVisitLog visitLog = EntityFactory.getEntity(InterfaceVisitLog.class);
			visitLog.setIp(ip);
			visitLog.setContext(request.getContentType());
			visitLog.setVisitTime(new Date());
			visitLog.setStatus("FORBIDDEN");
			commonInterfaceManager.storeVisitLog(visitLog);
		} else {
			filterChain.doFilter(request, response);
		}
	}
	
	public void init(FilterConfig fc) throws ServletException {
		ac = WebApplicationContextUtils.getRequiredWebApplicationContext(fc.getServletContext());
		AuthFilter.commonInterfaceManager = (CommonInterfaceManager) ac.getBean("commonInterfaceManager");
	}

	public void destroy() {
		
	}

	private String getIp(HttpServletRequest request) {
		String ip = request.getHeader("x-forwarded-for");
	     if(ip == null || ip.length() == 0 || ip.equalsIgnoreCase("unknown")) ip = request.getHeader("Proxy-Client-IP"); 
	     	System.out.println(ip);
	     if(ip == null || ip.length() == 0 || ip.equalsIgnoreCase("unknown")) ip = request.getHeader("WL-Proxy-Client-IP");
	     	System.out.println(ip);
	     if(ip == null || ip.length() == 0 || ip.equalsIgnoreCase("unknown")) ip = request.getRemoteAddr();
	     	System.out.println(ip);
	     return ip;
	}
	
	private Boolean checkIp(String ip) {
		System.out.println("---------------------------------------------------------ip: "+ip);
		InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("auth.properties");
		Properties p = new Properties();
		try {
			p.load(inputStream);
			String ips = p.getProperty("ip");
			String[] ipstrs = ips.split(",");
			for(String s : ipstrs) {
				if(ip.equals(s)) {
					return Boolean.TRUE;
				}
			}
		} catch (IOException e) {
			e.printStackTrace();
			return Boolean.FALSE;
		}
		return Boolean.FALSE;
	}

}

 auth.properties

ip=127.0.0.1,0:0:0:0:0:0:0:1,221.226.28.34,221.178.251.172

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值