您的位置: 首页  >  IT文章  >  使用spring拦截器开展ip white list & basic authorization验证

使用spring拦截器开展ip white list & basic authorization验证

分类: IT文章 2024-10-24 16:50:42
使用spring拦截器进行ip white list & basic authorization验证
public class BasicAuthorizationInterceptor extends HandlerInterceptorAdapter {

	private static final Logger logger = LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);

	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		
		String authorization = request.getHeader("Authorization");
		logger.info("Authorization is [{}]", authorization);
		
		boolean isAuthSuccess = false;
		
		isAuthSuccess = httpBasicAuth(authorization);
		
		if(isAuthSuccess){
			return true;
		}else{
			
			response.setStatus(403);
			response.getWriter().print("Forbidden, unauthorized user");
			return false;
		}

		

	}

	
	public boolean httpBasicAuth(String authorization) throws IOException{
		
		UserConfig userconf = UserConfig.getInstanced();
		
		if (authorization!=null&&authorization.split(" ").length == 2) {
			String userAndPass = new String(new BASE64Decoder().decodeBuffer(authorization.split(" ")[1]));
			String user = userAndPass.split(":").length == 2 ? userAndPass.split(":")[0] : null;
			String pass = userAndPass.split(":").length == 2 ? userAndPass.split(":")[1] : null;
			logger.info("Username is [{}],Password is [{}]", user, pass);
			
			if(user == null || user.equals("") || pass == null || pass.equals("") ){
				return false;
			}
			
			UserInfo userinfo = userconf.getUser(user);
			
			if(userinfo == null || !pass.equals(userinfo.getPassword())){
				return false;
			}else{
				return true;
			}
		}
		return false;
	}
	
	
}

 Ip white list:

public class IPWhiteListApiInterceptor extends HandlerInterceptorAdapter {

	private static final Logger logger = LoggerFactory.getLogger(IPWhiteListApiInterceptor.class);
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		String ip = request.getRemoteHost().equals("0:0:0:0:0:0:0:1")?"127.0.0.1":request.getRemoteHost();
		logger.info("Request From [{}]",ip);
		String url = request.getRequestURI();
		logger.debug(url);
		
		List<String> ip_white_List = SystemConfig.query_Ip_white_list();
		
		if(ip_white_List.contains(ip)){
			return true;
		}else{
			response.setStatus(403);
			response.getWriter().print("Forbidden, unauthorized IP ["+ip+"]");
			return false;
		}
		
	}
	
}

 

spring.xml 配置:

<interceptors>
		<interceptor>
		
			<mapping path="/**" />
			<beans:bean class="com.pccw.pns.apiserver.IPWhiteListApiInterceptor" />
		</interceptor>
		
		<interceptor>
			<mapping path="/**"/>
			<beans:bean class="com.pccw.pns.apiserver.BasicAuthorizationInterceptor"/>
		</interceptor>
		
		
	</interceptors>

 

相关推荐