[英]blacklisting a set of ipAdresses in a microservice created using java and SpringBoot framework
I have a micro-service designed to interrogate devices of different types and Operating Systems, but for a set of reasons, I want to blacklist a handful of IPs.我有一个微服务,旨在询问不同类型和操作系统的设备,但出于一系列原因,我想将少数 IP 列入黑名单。 Is there a way I can achieve that?
有没有办法我可以做到这一点?
Have you tried using HandlerInterceptor interface?您是否尝试过使用 HandlerInterceptor 接口?
Combine with WebMvcConfigurerAdapter.与 WebMvcConfigurerAdapter 结合使用。 This should do the job.
这应该可以完成这项工作。
Something like this, not exact working code here像这样的东西,这里不是确切的工作代码
//Call after request processing, but before the view is rendered (after controller method call)
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
String ip = IPAddressUtil.getClientIpAddress(httpServletRequest);
List<BlackList> blackLists = blackListDao.findByIp(ip);
if (blackLists == null || blackLists.size() == 0){
urlHandle(httpServletRequest, 5000, 10);
} else {
//Forced control jump
modelAndView.setViewName("/errorpage/error.html");
}
}
BlackListDao class can be something like this BlackListDao class 可以是这样的
@Mapper
public interface BlackListDao {
//Find records by IP
List<BlackList> findByIp(String IP);
//Add record
int addBlackList(@Param("blackList") BlackList blackList);
}
Configure the Interceptor Webmvcconfigureradapter for spring MVC.为 spring MVC 配置拦截器 Webmvcconfigureradapter。
@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {
@Bean // inject our interceptor as bean
public HandlerInterceptor getMyInterceptor(){
return new URLInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
//Multiple interceptors form an interceptor chain
//Addpathpatterns is used to add interception rules. Here we assume that all links after interception / URL
//Excludepathpatterns user exclusion
registry.addInterceptor(getMyInterceptor()).addPathPatterns("/url/**");
super.addInterceptors(registry);
}
The best way is to check it in the HttpFirewall
which can check if a HttpServletRequest
is potentially dangerous or not before allowing it to go through FilterChainProxy
.最好的方法是在
HttpFirewall
中检查它,它可以在通过FilterChainProxy
允许它到 go 之前检查HttpServletRequest
是否存在潜在危险。
Basically you need to override the default StrictHttpFirewall
and add the logic to check if the source IP of the request is in the blacklist, something likes:基本上,您需要覆盖默认的
StrictHttpFirewall
并添加逻辑以检查请求的源 IP 是否在黑名单中,例如:
public class MyFirewall extends StrictHttpFirewall {
private Set<String> backlistIPs;
public MyFirewall(Set<String> backlistIPs){
this.backlistIPs = backlistIPs;
}
@Override
public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
String sourceIp = getClientIpAddress(request);
if(backlistIPs.contains(sourceIp)){
throw new RequestRejectedException("IP is blacklisted");
}
return super.getFirewalledRequest(request);
}
}
Note: Refer this for how to implement getClientIpAddress()注意:请参阅此处了解如何实现 getClientIpAddress()
Then configure to use it:然后配置使用它:
@EnableWebSecurity
public class Config extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.httpFirewall(new MyFirewall(Set.of("123.123.123.123" ,"123.123.123.124"));
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.