使用单例获取yml配置的接口List,来为过滤器设置白名单
最近在涉及登录访问接口的问题,服务器被人给攻击了,考虑给接口加白名单,如果用注解的方式还要跑到接口上去加代码也不够灵活,那么如何使用过滤器来实现呢?
让我们来用demo实现看看。
第一步、首先新建一个demo项目
jdk11
新建一个springboot项目,配置pom.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <project xmlns="http://maven.apache.org/POM/4.0.0" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 5 <modelVersion>4.0.0</modelVersion> 6 7 <groupId>org.example</groupId> 8 <artifactId>demo</artifactId> 9 <version>1.0-SNAPSHOT</version> 10 11 <properties> 12 <maven.compiler.source>11</maven.compiler.source> 13 <maven.compiler.target>11</maven.compiler.target> 14 </properties> 15 16 <dependencies> 17 <dependency> 18 <groupId>org.springframework.boot</groupId> 19 <artifactId>spring-boot-starter-web</artifactId> 20 <version>2.7.7</version> 21 </dependency> 22 <dependency> 23 <groupId>org.springframework.boot</groupId> 24 <artifactId>spring-boot-starter-test</artifactId> 25 <version>2.7.7</version> 26 </dependency> 27 <dependency> 28 <groupId>org.springframework.boot</groupId> 29 <artifactId>spring-boot-configuration-processor</artifactId> 30 <version>2.7.7</version> 31 </dependency> 32 </dependencies> 33 34 </project>
新建一个启动类 DanielApplication
1 package com.daniel.web; 2 3 import org.springframework.boot.SpringApplication; 4 import org.springframework.boot.autoconfigure.SpringBootApplication; 5 6 @SpringBootApplication 7 public class DanielApplication { 8 9 public static void main(String[] args) { 10 SpringApplication.run(DanielApplication.class, args); 11 } 12 }
新建一个TestController
1 package com.daniel.web.controller; 2 3 import org.springframework.web.bind.annotation.GetMapping; 4 import org.springframework.web.bind.annotation.PathVariable; 5 import org.springframework.web.bind.annotation.RequestMapping; 6 import org.springframework.web.bind.annotation.RestController; 7 8 @RestController 9 @RequestMapping("/test") 10 public class TestController { 11 12 @GetMapping("/hi/{name}") 13 public String test(@PathVariable("name") String name) { 14 15 return "hi~ " + name; 16 } 17 }
测试一下接口
第二步、使用filter
新建DanielFilter
1 package com.daniel.web.filter; 2 3 import com.daniel.web.config.WhiteListConfig; 4 5 import javax.servlet.*; 6 import java.io.IOException; 7 8 public class DanielFilter implements Filter { 9 10 @Override 11 public void init(FilterConfig filterConfig) throws ServletException { 12 System.out.println("init DanielFilter"); 13 } 14 15 @Override 16 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { 17 System.out.println("test dofilter"); 18 WhiteListConfig whiteListConfig = WhiteListConfig.getWhiteListConfig(); 19 20 System.out.println(whiteListConfig.getWhiteList() == null ? 0 : whiteListConfig.getWhiteList().size()); 21 filterChain.doFilter(servletRequest,servletResponse); 22 } 23 }
新建Filter配置类FilterConfig
1 package com.daniel.web.config; 2 3 import com.daniel.web.filter.DanielFilter; 4 import org.springframework.boot.web.servlet.FilterRegistrationBean; 5 import org.springframework.context.annotation.Bean; 6 import org.springframework.context.annotation.Configuration; 7 8 @Configuration 9 public class FilterConfig { 10 11 @Bean 12 public FilterRegistrationBean<DanielFilter> registryDanielFilter() { 13 FilterRegistrationBean<DanielFilter> bean = new FilterRegistrationBean<>(); 14 bean.setFilter(new DanielFilter()); 15 bean.addUrlPatterns("/*"); 16 bean.setOrder(1); 17 return bean; 18 } 19 }
访问接口,日志如下
第三步、创建yml文件,创建单例类获取数据
新建application.yml文件
1 dog: 2 name: Andy 3 age: 3 4 hobbies: 5 - eat 6 - play 7 - swimming 8 9 uri: 10 whiteList: 11 - /user/ 12 - /name/
新建 WhiteListConfig
1 package com.daniel.web.config; 2 3 import org.springframework.boot.context.properties.ConfigurationProperties; 4 import org.springframework.stereotype.Component; 5 6 import java.util.List; 7 8 @Component 9 @ConfigurationProperties(prefix = "uri") 10 public class WhiteListConfig { 11 12 private WhiteListConfig(){ 13 System.out.println("create WhiteListConfig"); 14 } 15 16 private static final WhiteListConfig whiteListConfig = new WhiteListConfig(); 17 18 public static WhiteListConfig getWhiteListConfig(){ 19 return whiteListConfig; 20 } 21 22 private static List<String> whiteList; 23 24 public List<String> getWhiteList() { 25 return whiteList; 26 } 27 28 public void setWhiteList(List<String> whiteList) { 29 System.out.println("use set method modify whiteList"); 30 WhiteListConfig.whiteList = whiteList; 31 } 32 }
完成后启动springboot并访问接口,查看log
1 D:\dev\jdk11\bin\java.exe -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:52562,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -javaagent:C:\Users\YIQI\AppData\Local\JetBrains\IntelliJIdea2020.3\captureAgent\debugger-agent.jar -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -Dfile.encoding=UTF-8 -classpath "E:\javacode\demo\target\classes;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter-web\2.7.7\spring-boot-starter-web-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter\2.7.7\spring-boot-starter-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot\2.7.7\spring-boot-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-autoconfigure\2.7.7\spring-boot-autoconfigure-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter-logging\2.7.7\spring-boot-starter-logging-2.7.7.jar;C:\Users\YIQI\.m2\repository\ch\qos\logback\logback-classic\1.2.11\logback-classic-1.2.11.jar;C:\Users\YIQI\.m2\repository\ch\qos\logback\logback-core\1.2.11\logback-core-1.2.11.jar;C:\Users\YIQI\.m2\repository\org\apache\logging\log4j\log4j-to-slf4j\2.17.2\log4j-to-slf4j-2.17.2.jar;C:\Users\YIQI\.m2\repository\org\apache\logging\log4j\log4j-api\2.17.2\log4j-api-2.17.2.jar;C:\Users\YIQI\.m2\repository\org\slf4j\jul-to-slf4j\1.7.36\jul-to-slf4j-1.7.36.jar;C:\Users\YIQI\.m2\repository\jakarta\annotation\jakarta.annotation-api\1.3.5\jakarta.annotation-api-1.3.5.jar;C:\Users\YIQI\.m2\repository\org\yaml\snakeyaml\1.30\snakeyaml-1.30.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter-json\2.7.7\spring-boot-starter-json-2.7.7.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.13.4\jackson-datatype-jdk8-2.13.4.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.13.4\jackson-datatype-jsr310-2.13.4.jar;C:\Users\YIQI\.m2\repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.13.4\jackson-module-parameter-names-2.13.4.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter-tomcat\2.7.7\spring-boot-starter-tomcat-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\apache\tomcat\embed\tomcat-embed-core\9.0.70\tomcat-embed-core-9.0.70.jar;C:\Users\YIQI\.m2\repository\org\apache\tomcat\embed\tomcat-embed-el\9.0.70\tomcat-embed-el-9.0.70.jar;C:\Users\YIQI\.m2\repository\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.70\tomcat-embed-websocket-9.0.70.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-web\5.3.24\spring-web-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-beans\5.3.24\spring-beans-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-webmvc\5.3.24\spring-webmvc-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-aop\5.3.24\spring-aop-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-context\5.3.24\spring-context-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-expression\5.3.24\spring-expression-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-starter-test\2.7.7\spring-boot-starter-test-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-test\2.7.7\spring-boot-test-2.7.7.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-test-autoconfigure\2.7.7\spring-boot-test-autoconfigure-2.7.7.jar;C:\Users\YIQI\.m2\repository\com\jayway\jsonpath\json-path\2.7.0\json-path-2.7.0.jar;C:\Users\YIQI\.m2\repository\net\minidev\json-smart\2.4.7\json-smart-2.4.7.jar;C:\Users\YIQI\.m2\repository\net\minidev\accessors-smart\2.4.7\accessors-smart-2.4.7.jar;C:\Users\YIQI\.m2\repository\org\ow2\asm\asm\9.1\asm-9.1.jar;C:\Users\YIQI\.m2\repository\org\slf4j\slf4j-api\1.7.33\slf4j-api-1.7.33.jar;C:\Users\YIQI\.m2\repository\jakarta\xml\bind\jakarta.xml.bind-api\2.3.3\jakarta.xml.bind-api-2.3.3.jar;C:\Users\YIQI\.m2\repository\jakarta\activation\jakarta.activation-api\1.2.2\jakarta.activation-api-1.2.2.jar;C:\Users\YIQI\.m2\repository\org\assertj\assertj-core\3.22.0\assertj-core-3.22.0.jar;C:\Users\YIQI\.m2\repository\org\hamcrest\hamcrest\2.2\hamcrest-2.2.jar;C:\Users\YIQI\.m2\repository\org\junit\jupiter\junit-jupiter\5.8.2\junit-jupiter-5.8.2.jar;C:\Users\YIQI\.m2\repository\org\junit\jupiter\junit-jupiter-api\5.8.2\junit-jupiter-api-5.8.2.jar;C:\Users\YIQI\.m2\repository\org\opentest4j\opentest4j\1.2.0\opentest4j-1.2.0.jar;C:\Users\YIQI\.m2\repository\org\junit\platform\junit-platform-commons\1.8.2\junit-platform-commons-1.8.2.jar;C:\Users\YIQI\.m2\repository\org\apiguardian\apiguardian-api\1.1.2\apiguardian-api-1.1.2.jar;C:\Users\YIQI\.m2\repository\org\junit\jupiter\junit-jupiter-params\5.8.2\junit-jupiter-params-5.8.2.jar;C:\Users\YIQI\.m2\repository\org\junit\jupiter\junit-jupiter-engine\5.8.2\junit-jupiter-engine-5.8.2.jar;C:\Users\YIQI\.m2\repository\org\junit\platform\junit-platform-engine\1.8.2\junit-platform-engine-1.8.2.jar;C:\Users\YIQI\.m2\repository\org\mockito\mockito-core\4.5.1\mockito-core-4.5.1.jar;C:\Users\YIQI\.m2\repository\net\bytebuddy\byte-buddy\1.12.9\byte-buddy-1.12.9.jar;C:\Users\YIQI\.m2\repository\net\bytebuddy\byte-buddy-agent\1.12.9\byte-buddy-agent-1.12.9.jar;C:\Users\YIQI\.m2\repository\org\objenesis\objenesis\3.2\objenesis-3.2.jar;C:\Users\YIQI\.m2\repository\org\mockito\mockito-junit-jupiter\4.5.1\mockito-junit-jupiter-4.5.1.jar;C:\Users\YIQI\.m2\repository\org\skyscreamer\jsonassert\1.5.1\jsonassert-1.5.1.jar;C:\Users\YIQI\.m2\repository\com\vaadin\external\google\android-json\0.0.20131108.vaadin1\android-json-0.0.20131108.vaadin1.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-core\5.3.24\spring-core-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-jcl\5.3.24\spring-jcl-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\springframework\spring-test\5.3.24\spring-test-5.3.24.jar;C:\Users\YIQI\.m2\repository\org\xmlunit\xmlunit-core\2.9.0\xmlunit-core-2.9.0.jar;C:\Users\YIQI\.m2\repository\org\springframework\boot\spring-boot-configuration-processor\2.7.7\spring-boot-configuration-processor-2.7.7.jar;D:\dev\idea\IntelliJ IDEA 2020.3.4\lib\idea_rt.jar" com.daniel.web.DanielApplication 2 Connected to the target VM, address: '127.0.0.1:52562', transport: 'socket' 3 4 . ____ _ __ _ _ 5 /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ 6 ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ 7 \\/ ___)| |_)| | | | | || (_| | ) ) ) ) 8 ' |____| .__|_| |_|_| |_\__, | / / / / 9 =========|_|==============|___/=/_/_/_/ 10 :: Spring Boot :: (v2.7.7) 11 12 2023-06-08 10:58:17.247 INFO 9536 --- [ main] com.daniel.web.DanielApplication : Starting DanielApplication using Java 11.0.19 on WORK-LAPTOP-02 with PID 9536 (E:\javacode\demo\target\classes started by YIQI in E:\javacode\demo) 13 2023-06-08 10:58:17.247 INFO 9536 --- [ main] com.daniel.web.DanielApplication : No active profile set, falling back to 1 default profile: "default" 14 2023-06-08 10:58:18.554 INFO 9536 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http) 15 2023-06-08 10:58:18.570 INFO 9536 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat] 16 2023-06-08 10:58:18.570 INFO 9536 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.70] 17 2023-06-08 10:58:18.726 INFO 9536 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext 18 2023-06-08 10:58:18.726 INFO 9536 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1382 ms 19 init DanielFilter 20 create WhiteListConfig 21 create WhiteListConfig 22 use set method modify whiteList 23 2023-06-08 10:58:19.289 INFO 9536 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path '' 24 2023-06-08 10:58:19.304 INFO 9536 --- [ main] com.daniel.web.DanielApplication : Started DanielApplication in 3.027 seconds (JVM running for 5.242) 25 2023-06-08 10:58:28.568 INFO 9536 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 26 2023-06-08 10:58:28.569 INFO 9536 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 27 2023-06-08 10:58:28.575 INFO 9536 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms 28 test dofilter 29 2
在log中可以看到,启动时执行了filter的init方法及单例的构造方法,在调用接口时,获取到了单例中用以存放接口的list,接下来就可以在Filter中取到uri跟接口的List进行比较,来实现白名单。
浙公网安备 33010602011771号
