springboot 过滤链设置(接口调用限制)

        

package com.ssj.management.filter;

import com.ssj.management.util.common.Commons;
import com.ssj.management.util.common.StringUtil;
import com.ssj.management.util.redis.SpringRedisUtil;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/**
 * 限流自定义过滤器
 */
public class ImposeFilter implements Filter {

    // 调用次数
    public final int callCount = 20;

    // 时间段(s)
    public final int time = 3;

    // 路径集合
    private static final String[] url = {"userTypeInfo/selectAll", "userInfo/selectAll", "accountInfo/selectAccountInfoByNotIsDelete",
            "companyInfo/selectCompanyInfoSelective", "memberSetInfo/selectMemberSetInfoSelective", "memberSetInfo/selectMemberSetInfoSelective",
            "memberSetInfo/selectMemberSetInfoSelective", "userLogin/login", "/swagger-ui.html", "/webjars/**", "/v2/**", "/swagger-resources/**", "/websocket/**"};

    // set
    private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(url)));

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        try {
            // 请求
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            HttpServletResponse response = (HttpServletResponse) servletResponse;

            // 请求路径
            String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");

            if (!ALLOWED_PATHS.contains(path)) {
                // 获取token
                String token = request.getHeader("token");
                if (StringUtil.isNotBlank(token)) {
                    // 验证是否存在
                    String isToken = SpringRedisUtil.getKeyValue(token);
                    // 调用次数
                    int call = 0;
                    if (StringUtil.isNotBlank(isToken)) {
                        call = Integer.valueOf(isToken);
                        call = call + 1;
                    }
                    // 校验接口调用次数
                    if (callCount < call) {
                        Commons.respondJson(request, response, 402, "interface", "刷新过快!", 0);
                    }
                    SpringRedisUtil.setKeyValue(token, String.valueOf(call), time);
                }
                filterChain.doFilter(servletRequest, servletResponse);
            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override
    public void destroy() {

    }
}
package com.ssj.management.filter.conf;

import com.ssj.management.filter.HTTPBasicAuthorizeHandler;
import com.ssj.management.filter.ImposeFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

/**
 * 全局filter 过滤链 配置
 */
@Configuration
public class FilterConfig {

    @Bean
    public FilterRegistrationBean httpBasicAuthorizeHandlerBean() {
        FilterRegistrationBean bean = new FilterRegistrationBean();
        bean.setFilter(new HTTPBasicAuthorizeHandler());
        bean.addUrlPatterns("/*");
        bean.setName("HTTPBasicAuthorizeHandler");
        bean.setOrder(Integer.MAX_VALUE);
        return bean;
    }

    @Bean
    public FilterRegistrationBean imposeFilter() {
        FilterRegistrationBean bean = new FilterRegistrationBean();
        bean.setFilter(new ImposeFilter());
        bean.addUrlPatterns("/*");
        bean.setName("ImposeFilter");
        bean.setOrder(Integer.MAX_VALUE - 1);
        return bean;
    }


}
package com.ssj.management.filter;


import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.ssj.management.listener.MySessionContext;
import com.ssj.management.util.common.Commons;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.logging.Logger;

// @WebFilter(filterName = "basicFilter", urlPatterns = "/management/*")
// @Component
public class HTTPBasicAuthorizeHandler implements Filter {
    //"/userInfo/addUserAccount"
    private static final String[] url = {"/userLogin/login", "/verify/verifyCode", "/shareInfo/**", "/swagger-ui.html", "/webjars/**", "/v2/**",
            "/swagger-resources/**", "/websocket/**", "/alipay/**", "/wxpay/**", "/wxLogin/**", "/wxUserInfo/**"};
    private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(url)));


    public static Log log = LogFactory.getLog(HTTPBasicAuthorizeHandler.class);

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        try {
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            HttpServletResponse response = (HttpServletResponse) servletResponse;
            String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
            log.info(path);
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
            System.out.println(path + ":" + simpleDateFormat.format(new Date()));
            Boolean allowedPath = false;
            for (String allow : ALLOWED_PATHS) {
                if (path.equals(allow)) {
                    allowedPath = true;
                    break;
                } else if (allow.indexOf("**") != -1) {
                    String left = allow.substring(0, allow.indexOf("**") - 1);
                    String right = allow.substring(allow.lastIndexOf("**") + 2);
                    if (path.indexOf(left) != -1 && path.indexOf(right) != -1) {
                        allowedPath = true;
                        break;
                    }
                }
            }

            if (allowedPath) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                String token = request.getHeader("token");
                // token认证
                int auth = MySessionContext.auth(token);
                switch (auth) {
                    case MySessionContext.STATU_LOGIN:
                        filterChain.doFilter(servletRequest, servletResponse);
                        break;
                    case MySessionContext.STATU_NOT_LOGIN:
                        Commons.respondJson(request, response, 402, "login", "未登录,无权访问!", 0);
                        break;
                    case MySessionContext.STATU_KICK_OUT:
                        Commons.respondJson(request, response, 402, "login", "用户已在其他地方登录!", 0);
                        break;
                    default:
                        Commons.respondJson(request, response, 402, "login", "认证失败,请重新登录!", 0);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override
    public void destroy() {

    }
}

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
实现接口调用频率限制可以使用AOP和ConcurrentHashMap结合的方式。 首先,在Spring Boot中,我们可以使用AOP来拦截接口调用。我们可以定义一个切面,使用@Aspect注解标注,然后在切入点方法中定义需要拦截的注解。 例如,我们可以定义一个@FrequencyLimit注解,用于标注需要限制调用频率的方法: ```java @Retention(RetentionPolicy.RUNTIME) @Target({ ElementType.METHOD }) public @interface FrequencyLimit { // 限制时间段,单位为秒 int interval() default 60; // 时间段内最大请求次数 int maxCount() default 10; } ``` 然后,在切面中,我们可以拦截该注解标注的方法,并且进行限制调用频率的操作。可以使用ConcurrentHashMap来存储每个接口调用次数和最后一次调用时间。 ```java @Component @Aspect public class FrequencyLimitAspect { private ConcurrentHashMap<String, Long> lastRequestTimeMap = new ConcurrentHashMap<>(); private ConcurrentHashMap<String, Integer> requestCountMap = new ConcurrentHashMap<>(); @Around("@annotation(frequencyLimit)") public Object frequencyLimit(ProceedingJoinPoint joinPoint, FrequencyLimit frequencyLimit) throws Throwable { Object result = null; String methodName = joinPoint.getSignature().toLongString(); long currentTime = System.currentTimeMillis(); int interval = frequencyLimit.interval(); int maxCount = frequencyLimit.maxCount(); synchronized (this) { // 获取最后一次请求时间和请求次数 Long lastRequestTime = lastRequestTimeMap.get(methodName); Integer requestCount = requestCountMap.get(methodName); if (lastRequestTime == null || currentTime - lastRequestTime >= interval * 1000) { // 如果该接口限制时间段内没有被调用过,则重置请求次数和最后一次请求时间 lastRequestTimeMap.put(methodName, currentTime); requestCountMap.put(methodName, 1); } else { // 如果该接口限制时间段内已经被调用过,则增加请求次数 requestCount++; if (requestCount > maxCount) { // 如果请求次数超过了限制,则抛出异常 throw new RuntimeException("Exceeded maximum request limit"); } lastRequestTimeMap.put(methodName, currentTime); requestCountMap.put(methodName, requestCount); } } // 调用原始方法 result = joinPoint.proceed(); return result; } } ``` 在切面中,我们使用synchronized关键字来保证线程安全,因为ConcurrentHashMap并不能完全保证线程安全。同时,我们使用了@Around注解来拦截被@FrequencyLimit注解标注的方法,然后在方法中实现限制调用频率的逻辑。 这样,我们就可以实现接口调用频率限制了。在需要限制调用频率的方法中,我们只需要加上@FrequencyLimit注解即可。例如: ```java @GetMapping("/test") @FrequencyLimit(interval = 60, maxCount = 10) public String test() { return "test"; } ``` 这样,每个IP地址每分钟内最多只能调用该方法10次,超过次数会抛出异常。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值