springboot中对接口请求进行ip白名单过滤

1. 请求拦截器代码

/**
 * @author: 
 * @date: 2021-10-19 16:44
 * @description: 拦截http请求并加载请求url信息
 */
@Component
public class RequestUrlInterceptor implements HandlerInterceptor {

    @Value("${ipList}")
    private String ipList;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception{
        String url = request.getRequestURL().toString();
        if (StrUtil.isNotEmpty(ipList)){
            String[] ipArr = ipList.split(",");
            List<String> ipLists = CollUtil.newArrayList(ipArr);
            String nowIp = IpUtils.getRealIP(request);
            if (StrUtil.isNotEmpty(nowIp)){
                if (!ipLists.contains(nowIp)){
                    response.getWriter().append("<h1 style=\"text-align:center;\">IP is not in the whitelist, please contact the administrator!</h1>");
                    return false;
                }
            }
        }
        return true;
    }
}

2.WebMvcConfigurer代码

这里配置需要拦截的url地址

/**
 * @author: 
 * @date: 2021-10-19 16:46
 * @description: 配置拦截的请求url
 */
@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Autowired
    private RequestUrlInterceptor requestUrlInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(requestUrlInterceptor).addPathPatterns("/api/open/**");
    }

}

3.获取请求ip地址

/**
 * @author: 
 * @date: 2021-11-02 9:50
 * @description: 获取ip地址的工具类
 */
public class IpUtils {

    /**
     * 获取用户真实IP地址，不使用request.getRemoteAddr()的原因是有可能用户使用了代理软件方式避免真实IP地址,
     * 可是，如果通过了多级反向代理的话，X-Forwarded-For的值并不止一个，而是一串IP值
     * @return ip
     */
    public static String getRealIP(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for");
        if (ip != null && ip.length() != 0 && ! "unknown".equalsIgnoreCase(ip)) {
            // 多次反向代理后会有多个ip值，第一个ip才是真实ip
            if( ip.indexOf(",") != -1 ){
                ip = ip.split(",")[0];
            }
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
            System.out.println("Proxy-Client-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
            System.out.println("WL-Proxy-Client-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_CLIENT_IP");
            System.out.println("HTTP_CLIENT_IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
            System.out.println("HTTP_X_FORWARDED_FOR ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Real-IP");
            System.out.println("X-Real-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
            System.out.println("getRemoteAddr ip: " + ip);
        }
        return ip;
    }
}