前言:
在一些业务需求中有的是只能当前主机登录熊系统,或者说是当前的网段内用户可以访问,这时候就需要用到了servlet中的过滤器了。
放行指定IP:
1、编写过滤器:
package com.mixky.app.bjcc.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
/**
* @author zhangzhixi
* @version 1.0
* @date 2021-8-16 16:38
*/
public class NoteFilter implements Filter {
private FilterConfig config = null;
//ip白名单
private String ipTable = null;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("note filter initial");
this.config = filterConfig;
/*获取白名单*/
this.ipTable = config.getInitParameter("ipTable");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("do filter starting");
/*校验ip地址:不是白名单就直接结束*/
if (!verifyIP(request, response)) {
return;
}
long befor = System.currentTimeMillis();
config.getServletContext().log("before call note Filter");
chain.doFilter(request, response);
config.getServletContext().log("after call note Filter");
long after = System.currentTimeMillis();
String name = "";
if (request instanceof HttpServletRequest) {
name = ((HttpServletRequest) request).getRequestURI();
}
config.getServletContext().log("Note Filter : name:" + name + " time :" + (after - befor) + "ms");
}
@Override
public void destroy() {
}
/**
* 验证IP
*
* @param request 请求
* @param response 响应
* @return 校验结果
*/
private boolean verifyIP(ServletRequest request, ServletResponse response) {
/*获取本机IP地址*/
String ip = request.getLocalAddr();
/*windows下本机测试*/
if ("0:0:0:0:0:0:0:1".equals(ip)) {
ip = "127.0.0.1";
System.out.println("请求ip:" + ip);
}
System.out.println("本机IP是:" + ip);
System.out.println("ipTable白名单:" + ipTable);
/*是白名单用户*/
if (ipTable.equals(ip)) {
return true;
} else {
System.out.println("校验不通过");
/*设置编码*/
try {
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = null;
try {
out = response.getWriter();
out.print("<h1>对不起,你的ip不能访问服务器</h1>");
out.flush();
out.close();
} catch (IOException e) {
e.printStackTrace();
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return false;
}
}
}
2、编写web.xml配置文件:
<!--IP过滤--> <filter> <filter-name>ip</filter-name> <filter-class>com.mixky.app.bjcc.filter.NoteFilter</filter-class> <init-param> <param-name>ipTable</param-name> <!--设置的白名单IP--> <param-value>127.0.0.1</param-value> </init-param> </filter> <filter-mapping> <filter-name>ip</filter-name> <!--过滤所有请求--> <url-pattern>/*</url-pattern> </filter-mapping>
放行指定IP以及相应的网段:
说明:
在上一个的基础上增加了可以过滤掉不是当前局域网的IP,使他们不能够访问系统
并且加入了配置文件,可以在配置文件中手动更改设置白名单IP
1、编写过滤器:
package com.mixky.app.bjcc.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.util.Arrays;
import java.util.Properties;
/**
* @author zhangzhixi
* @version 1.0
* @date 2021-8-16 16:38
*/
public class IPFilter implements Filter {
private FilterConfig config;
@Override
public void init(FilterConfig config) throws ServletException {
this.config = config;
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
/*1、获得不过滤的IP段:192.168.31*/
String noFilterIp = config.getInitParameter("FilteredIP");
/*2、获取本机的IP地址*/
String ipAddress = request.getLocalAddr();
System.out.println("获取本机的IP地址:" + ipAddress);
/*3、读取配置文件:可以自定义放行的IP*/
String url = this.getClass().getResource("").getPath();
String path = url.substring(0, url.indexOf("WEB-INF")) + "WEB-INF/ipwhitelist.properties";
Properties config = new Properties();
InputStream inputStream = new FileInputStream(path);
config.load(inputStream);
final String ips = config.getProperty("ips");
/*4、按照,进行分割放行IP*/
String[] split = null;
/*5.1、判断网段过滤*/
if (ipAddress.contains(noFilterIp)) {
System.out.println("=======================通过了网段IP过滤器=====================");
arg2.doFilter(request, response);
return;
}
/*5.2、配置文件中有数据情况下,判断白名单过滤*/
if (ips != null) {
split = ips.split(",");
for (String ip : split) {
/*包含不过滤的IP地址,通过过滤器*/
if (ipAddress.equals(ip)) {
System.out.println("=======================通过了白名单IP过滤器=====================");
arg2.doFilter(request, response);
return;
}
}
}
/*6、没有匹配成功~*/
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = null;
out = response.getWriter();
out.print("<h1>对不起,你的ip不能访问服务器</h1>");
out.flush();
out.close();
}
@Override
public void destroy() {
}
}
2、编写web.xml配置文件:
<!--IP过滤:指定网段-->
<filter>
<filter-name>FilterIP</filter-name>
<filter-class>com.mixky.app.bjcc.filter.IPFilter</filter-class>
<!-- 配置初始化参数 -->
<init-param>
<!-- 配置允许通过的IP网段 -->
<param-name>FilteredIP</param-name>
<param-value>192.168.31</param-value>
</init-param>
</filter>
<!-- 配置映射 -->
<filter-mapping>
<filter-name>FilterIP</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、ipwhitelist.properties配置文件(白名单IP)
#自定义放行的IP,用,进行分割 ips=192.168.31.144,127.0.0.1
测试一下:
注释掉peoperties配置文件:
这里我的网段并不在配置文件中,因为我的地址是本地回环地址,所以就主要看配置文件中设置的白名单了:
