zuul简单实现ip⿊⽩名单机制微服务--zuul简单实现ip⿊⽩名单机制 ⽹关zuul中简单的实现对访问ip的⿊⽩名单机制,控制服务访问ip,⼀定程度上提⾼系统安全性。
⽬录
⼀、从HttpServletRequest获取访问ip⽅法
public static String getIpAddress(HttpServletRequest request) {
String ip = Header("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = RemoteAddr();
}
return ip;
}
简易
过滤器⼆、继承ZuulFilter过滤器,重写run⽅法,实现
kj.feec.filter;
import com.alibaba.fastjson.JSON;
import comflix.zuul.ZuulFilter;
import t.RequestContext;
import ption.ZuulException;
import com.yuantiaokjmonmodule.base.SysRes;
import com.yuantiaokj.dao.manager.IpTblDao;
import com.yuantiaokj.dict.paycentre_manager.DictIpStatus;
import io.swagger.annotations.ApiOperation;
slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import java.io.IOException;
import java.util.ArrayList;
import java.util.ArrayList;
import java.util.List;
/**
* ***********************************************************
* Copyright © 2019 Inc.All rights reserved. * *
* **********************************************************
*
* @program: financial_eco-environment_cloud
* @name: LoginFilter
* @author: Mr.Cnzz
* @create: 2019-12-11 15:27
* @description: 登录认证过滤器
**/
@Component
@Slf4j
@RestController
@RequestMapping("IpFilter")
public class IpFilter extends ZuulFilter {
@Resource
private IpTblDao ipTblDao;
//全局⽩名单ip List
static List<String> whitelist = new ArrayList<>();
/
/ ⾃定义过虑器需要继承 ZuulFilter,ZuulFilter是⼀个抽象类,需要覆盖它的4个⽅法,如下: // filterType:返回字符串代表过滤器的类型,返回值有:
// route:在请求路由时调⽤
// post:请求路由之后调⽤,也就是在route和errror过滤器之后调⽤
// error:处理请求发⽣错误时调⽤
// filterOrder:此⽅法返回整型数值,通过此数值来定义过滤器的执⾏顺序,数字越⼩优先级越⾼。
// shouldFilter:返回Boolean值,判断该过滤器是否执⾏。返回true表⽰要执⾏此过虑器,false不执⾏。// run:过滤器的业务逻辑。
@Override
public String filterType() {
//请求路由前调⽤
//log.info("请求路由前调⽤pre====");
return "pre";
}
@Override
public int filterOrder() {
//int值来定义过滤器的执⾏顺序,数值越⼩优先级越⾼
return 1;
}
@Override
public boolean shouldFilter() {
//该过滤器是否执⾏,true|执⾏,false不执⾏
return true;
}
@Override
public Object run() throws ZuulException {
RequestContext context = CurrentContext();
HttpServletRequest request = Request();
//ip ⿊⽩名单机制
String ip = getIpAddress(request);
log.info("当前请求ip={}", ip);
// 在⿊名单中禁⽤
//ip⽩名单
whitelist.add("127.0.0.1");
if (!ains(ip)) {
//⾮⽩名单
context.set("isSuccess", false);
context.setSendZuulResponse(false);
context.JSONString(SysRes.failure("403", "⽼铁,你还不是⽩名单⽤户!ip=" + ip))); Response().setContentType("application/json; charset=utf-8");
return null;
}
return null;
}
public static String getIpAddress(HttpServletRequest request) {
String ip = Header("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Header("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = RemoteAddr();
}
return ip;
}
@ApiOperation("⽩名单⽣效")
@PostMapping("/whiteIpEffect")
public SysRes whiteIpEffect() {
whitelist = ipTblDao.findIps(DictIpStatus.Index());
log.info("⽩名单⽣效|whitelist={}", whitelist);
return SysRes.success(whitelist);
}
}
总结
我这⾥是ip存储到库⾥,加了个后门刷新,也可以写个定时任务触发。
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议