使用spring拦截器进行ip white list & basic authorization验证

繁星水

浏览: 531878 次

最近访客更多访客>>

mft8899

hjg8858

zjstudio

dys_198102

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

springmvc

HandlerInterceptorAdapter basic authorization

public class BasicAuthorizationInterceptor extends HandlerInterceptorAdapter {

	private static final Logger logger = LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);

	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		
		String authorization = request.getHeader("Authorization");
		logger.info("Authorization is [{}]", authorization);
		
		boolean isAuthSuccess = false;
		
		isAuthSuccess = httpBasicAuth(authorization);
		
		if(isAuthSuccess){
			return true;
		}else{
			
			response.setStatus(403);
			response.getWriter().print("Forbidden, unauthorized user");
			return false;
		}

		

	}

	
	public boolean httpBasicAuth(String authorization) throws IOException{
		
		UserConfig userconf = UserConfig.getInstanced();
		
		if (authorization!=null&&authorization.split(" ").length == 2) {
			String userAndPass = new String(new BASE64Decoder().decodeBuffer(authorization.split(" ")[1]));
			String user = userAndPass.split(":").length == 2 ? userAndPass.split(":")[0] : null;
			String pass = userAndPass.split(":").length == 2 ? userAndPass.split(":")[1] : null;
			logger.info("Username is [{}],Password is [{}]", user, pass);
			
			if(user == null || user.equals("") || pass == null || pass.equals("") ){
				return false;
			}
			
			UserInfo userinfo = userconf.getUser(user);
			
			if(userinfo == null || !pass.equals(userinfo.getPassword())){
				return false;
			}else{
				return true;
			}
		}
		return false;
	}
	
	
}

Ip white list:

public class IPWhiteListApiInterceptor extends HandlerInterceptorAdapter {

	private static final Logger logger = LoggerFactory.getLogger(IPWhiteListApiInterceptor.class);
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		String ip = request.getRemoteHost().equals("0:0:0:0:0:0:0:1")?"127.0.0.1":request.getRemoteHost();
		logger.info("Request From [{}]",ip);
		String url = request.getRequestURI();
		logger.debug(url);
		
		List<String> ip_white_List = SystemConfig.query_Ip_white_list();
		
		if(ip_white_List.contains(ip)){
			return true;
		}else{
			response.setStatus(403);
			response.getWriter().print("Forbidden, unauthorized IP ["+ip+"]");
			return false;
		}
		
	}
	
}

spring.xml 配置：

<interceptors>
		<interceptor>
		
			<mapping path="/**" />
			<beans:bean class="com.pccw.pns.apiserver.IPWhiteListApiInterceptor" />
		</interceptor>
		
		<interceptor>
			<mapping path="/**"/>
			<beans:bean class="com.pccw.pns.apiserver.BasicAuthorizationInterceptor"/>
		</interceptor>
		
		
	</interceptors>

分享到：

log4j.xml & logback.xml实例 | （转）eclipse中解除jdk的访问限制（以BA ...

2017-08-09 15:25
浏览 1631
评论(0)
分类:互联网
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

使用spring拦截器进行ip white list & basic authorization验证

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

使用spring拦截器进行ip white list & basic authorization验证

评论

发表评论

相关推荐

(转)@RequestParam、@RequestBody和@ModelAttribute区别

restful RequestMapping POST\PUT 示例&要点

(转）Spring MVC 参数传递与表单交互

通过HttpServletRequest转换获得json对象

springMVC REST 上传文件

DispatcherServlet作用

catch no mapping url error in spring mvc

（转）SpringMVC关于json、xml自动转换的原理研究

(转）（记录）How exactly works the Spring @ResponseBody annotation in this RESTful app

springMVC 返回json

最近访客更多访客>>