| springboot之过滤器实现放行项目内的接口拦截其他外部接口 | 您所在的位置:网站首页 › springsecurity放行指定的restful接口 › springboot之过滤器实现放行项目内的接口拦截其他外部接口 |
|
项目场景:
适用:使用过滤器拦截外部接口,同时解决跨域问题 问题描述:有时会有恶意攻击接口的情况,以防万一,需要将不属于我们的接口名称,进行拦截。以保证安全 解决方案:代码如下。 import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; import java.util.List; @Configuration @WebFilter(urlPatterns = "/*", filterName = "ContianUrl") public class ContianUrl_Filter implements Filter { private Logger logger = LoggerFactory.getLogger(getClass()); private static List URLS = new ArrayList(); @Autowired private WebApplicationContext applicationContext; @Override public void init(FilterConfig filterConfig) throws ServletException { applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods().forEach((k, v) -> { k.getPatternsCondition().getPatterns().stream().forEach(s-> URLS.add(s)); }); logger.info("过滤器初始化"); } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { // logger.info("开始校验"); HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String requestName = request.getRequestURI(); /*顺手解决跨域问题*/ response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); logger.info(requestName); if (URLS.contains(requestName)) { logger.info("请求存在,放行"); chain.doFilter(servletRequest, servletResponse); } else { logger.info("请求不存在,终止"); response.setCharacterEncoding("UTF-8");//设置将字符以"UTF-8"编码输出到客户端浏览器 response.setHeader("content-type", "text/html;charset=UTF-8");//通过设置响应头控制浏览器以UTF-8的编码显示数据,如果不加这句话,那么浏览器显示的将是乱码 response.getWriter().write("请求不存在"); } logger.info("--------------------------------------------------------"); } @Override public void destroy() { logger.info("过滤器销毁了"); } } |
| CopyRight 2018-2019 实验室设备网 版权所有 |