Servlet中过滤器:放行指定IP

 

前言:

  在一些业务需求中有的是只能当前主机登录熊系统,或者说是当前的网段内用户可以访问,这时候就需要用到了servlet中的过滤器了。

放行指定IP:

1、编写过滤器:  

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package com.mixky.app.bjcc.filter;
 
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
 
/**
 * @author zhangzhixi
 * @version 1.0
 * @date 2021-8-16 16:38
 */
public class NoteFilter implements Filter {
 
    private FilterConfig config = null;
 
    //ip白名单
    private String ipTable = null;
 
 
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        System.out.println("note filter initial");
        this.config = filterConfig;
        /*获取白名单*/
        this.ipTable = config.getInitParameter("ipTable");
    }
 
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        System.out.println("do filter starting");
 
        /*校验ip地址:不是白名单就直接结束*/
        if (!verifyIP(request, response)) {
            return;
        }
 
        long befor = System.currentTimeMillis();
        config.getServletContext().log("before call note Filter");
 
        chain.doFilter(request, response);
 
        config.getServletContext().log("after call note Filter");
        long after = System.currentTimeMillis();
 
        String name = "";
        if (request instanceof HttpServletRequest) {
            name = ((HttpServletRequest) request).getRequestURI();
        }
        config.getServletContext().log("Note Filter : name:" + name + " time :" + (after - befor) + "ms");
    }
 
    @Override
    public void destroy() {
 
    }
 
    /**
     * 验证IP
     *
     * @param request  请求
     * @param response 响应
     * @return 校验结果
     */
    private boolean verifyIP(ServletRequest request, ServletResponse response) {
        /*获取本机IP地址*/
        String ip = request.getLocalAddr();
 
        /*windows下本机测试*/
        if ("0:0:0:0:0:0:0:1".equals(ip)) {
            ip = "127.0.0.1";
            System.out.println("请求ip:" + ip);
        }
        System.out.println("本机IP是:" + ip);
        System.out.println("ipTable白名单:" + ipTable);
        /*是白名单用户*/
        if (ipTable.equals(ip)) {
            return true;
        } else {
            System.out.println("校验不通过");
            /*设置编码*/
            try {
                request.setCharacterEncoding("UTF-8");
                response.setContentType("text/html;charset=UTF-8");
                PrintWriter out = null;
                try {
                    out = response.getWriter();
                    out.print("<h1>对不起,你的ip不能访问服务器</h1>");
                    out.flush();
                    out.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
            }
            return false;
        }
    }
}

2、编写web.xml配置文件:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<!--IP过滤-->
<filter>
    <filter-name>ip</filter-name>
    <filter-class>com.mixky.app.bjcc.filter.NoteFilter</filter-class>
    <init-param>
        <param-name>ipTable</param-name>
        <!--设置的白名单IP-->
        <param-value>127.0.0.1</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>ip</filter-name>
    <!--过滤所有请求-->
    <url-pattern>/*</url-pattern>
</filter-mapping>

放行指定IP以及相应的网段:

说明:

  在上一个的基础上增加了可以过滤掉不是当前局域网的IP,使他们不能够访问系统

  并且加入了配置文件,可以在配置文件中手动更改设置白名单IP

1、编写过滤器:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package com.mixky.app.bjcc.filter;
 
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.util.Arrays;
import java.util.Properties;
 
/**
 * @author zhangzhixi
 * @version 1.0
 * @date 2021-8-16 16:38
 */
public class IPFilter implements Filter {
 
    private FilterConfig config;
 
    @Override
    public void init(FilterConfig config) throws ServletException {
        this.config = config;
    }
 
    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) arg0;
        HttpServletResponse response = (HttpServletResponse) arg1;
 
        /*1、获得不过滤的IP段:192.168.31*/
        String noFilterIp = config.getInitParameter("FilteredIP");
 
        /*2、获取本机的IP地址*/
        String ipAddress = request.getLocalAddr();
        System.out.println("获取本机的IP地址:" + ipAddress);
 
        /*3、读取配置文件:可以自定义放行的IP*/
        String url = this.getClass().getResource("").getPath();
        String path = url.substring(0, url.indexOf("WEB-INF")) + "WEB-INF/ipwhitelist.properties";
        Properties config = new Properties();
        InputStream inputStream = new FileInputStream(path);
        config.load(inputStream);
        final String ips = config.getProperty("ips");
        /*4、按照,进行分割放行IP*/
        String[] split = null;
 
        /*5.1、判断网段过滤*/
        if (ipAddress.contains(noFilterIp)) {
            System.out.println("=======================通过了网段IP过滤器=====================");
            arg2.doFilter(request, response);
            return;
        }
 
        /*5.2、配置文件中有数据情况下,判断白名单过滤*/
        if (ips != null) {
            split = ips.split(",");
            for (String ip : split) {
                /*包含不过滤的IP地址,通过过滤器*/
                if (ipAddress.equals(ip)) {
                    System.out.println("=======================通过了白名单IP过滤器=====================");
                    arg2.doFilter(request, response);
                    return;
                }
            }
        }
 
        /*6、没有匹配成功~*/
        request.setCharacterEncoding("UTF-8");
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = null;
        out = response.getWriter();
        out.print("<h1>对不起,你的ip不能访问服务器</h1>");
        out.flush();
        out.close();
    }
 
    @Override
    public void destroy() {
    }
}

2、编写web.xml配置文件: 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<!--IP过滤:指定网段-->
<filter>
    <filter-name>FilterIP</filter-name>
    <filter-class>com.mixky.app.bjcc.filter.IPFilter</filter-class>
    <!-- 配置初始化参数 -->
    <init-param>
        <!-- 配置允许通过的IP网段 -->
        <param-name>FilteredIP</param-name>
        <param-value>192.168.31</param-value>
    </init-param>
</filter>
<!-- 配置映射 -->
<filter-mapping>
    <filter-name>FilterIP</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

3、ipwhitelist.properties配置文件(白名单IP)  

?
1
2
#自定义放行的IP,用,进行分割
ips=192.168.31.144,127.0.0.1

测试一下:

注释掉peoperties配置文件:

  这里我的网段并不在配置文件中,因为我的地址是本地回环地址,所以就主要看配置文件中设置的白名单了:

 

  

posted @   Java小白的搬砖路  阅读(584)  评论(0编辑  收藏  举报
编辑推荐:
· go语言实现终端里的倒计时
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
阅读排行:
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 按钮权限的设计及实现
· 25岁的心里话
历史上的今天:
2020-08-16 ServletConfig中的方法
2020-08-16 Servlet的生命周期

喜欢请打赏

扫描二维码打赏

支付宝打赏

点击右上角即可分享
微信分享提示
AI IDE Trae