public class BasicAuthorizationInterceptor extends HandlerInterceptorAdapter {
private static final Logger logger = LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String authorization = request.getHeader("Authorization");
logger.info("Authorization is [{}]", authorization);
boolean isAuthSuccess = false;
isAuthSuccess = httpBasicAuth(authorization);
if(isAuthSuccess){
return true;
}else{
response.setStatus(403);
response.getWriter().print("Forbidden, unauthorized user");
return false;
}
}
public boolean httpBasicAuth(String authorization) throws IOException{
UserConfig userconf = UserConfig.getInstanced();
if (authorization!=null&&authorization.split(" ").length == 2) {
String userAndPass = new String(new BASE64Decoder().decodeBuffer(authorization.split(" ")[1]));
String user = userAndPass.split(":").length == 2 ? userAndPass.split(":")[0] : null;
String pass = userAndPass.split(":").length == 2 ? userAndPass.split(":")[1] : null;
logger.info("Username is [{}],Password is [{}]", user, pass);
if(user == null || user.equals("") || pass == null || pass.equals("") ){
return false;
}
UserInfo userinfo = userconf.getUser(user);
if(userinfo == null || !pass.equals(userinfo.getPassword())){
return false;
}else{
return true;
}
}
return false;
}
}
Ip white list:
public class IPWhiteListApiInterceptor extends HandlerInterceptorAdapter {
private static final Logger logger = LoggerFactory.getLogger(IPWhiteListApiInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String ip = request.getRemoteHost().equals("0:0:0:0:0:0:0:1")?"127.0.0.1":request.getRemoteHost();
logger.info("Request From [{}]",ip);
String url = request.getRequestURI();
logger.debug(url);
List<String> ip_white_List = SystemConfig.query_Ip_white_list();
if(ip_white_List.contains(ip)){
return true;
}else{
response.setStatus(403);
response.getWriter().print("Forbidden, unauthorized IP ["+ip+"]");
return false;
}
}
}
spring.xml 配置:
<interceptors>
<interceptor>
<mapping path="/**" />
<beans:bean class="com.pccw.pns.apiserver.IPWhiteListApiInterceptor" />
</interceptor>
<interceptor>
<mapping path="/**"/>
<beans:bean class="com.pccw.pns.apiserver.BasicAuthorizationInterceptor"/>
</interceptor>
</interceptors>