Java秒杀实战 (七)安全优化

最新推荐文章于 2022-10-16 17:07:45 发布
最新推荐文章于 2022-10-16 17:07:45 发布
阅读量846 收藏 1
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_41305266/article/details/81174782
版权

一、隐藏秒杀地址

思路:秒杀开始前,先去请求接口获取秒杀地址

1.接口改造,带上PathVariable参数

2.添加生成地址的接口

3.秒杀收到请求,先验证PathVariable

 

二、数学公式验证码

1.添加生产验证码接口

2.在获取秒杀路径的时候,验证验证码

3.ScriptEngine使用

 

package com.wings.seckill.controller;

import java.awt.image.BufferedImage;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.List;

import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import com.wings.seckill.access.AccessLimit;
import com.wings.seckill.domain.SeckillOrder;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.rabbitmq.MQSender;
import com.wings.seckill.rabbitmq.SeckillMessage;
import com.wings.seckill.redis.GoodsKey;
import com.wings.seckill.redis.OrderKey;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.redis.SeckillKey;
import com.wings.seckill.result.CodeMsg;
import com.wings.seckill.result.Result;
import com.wings.seckill.service.GoodsService;
import com.wings.seckill.service.OrderService;
import com.wings.seckill.service.SeckillService;
import com.wings.seckill.service.SeckillUserService;
import com.wings.seckill.vo.GoodsVo;

@Controller
@RequestMapping("/seckill")
public class SeckillController implements InitializingBean {

	@Autowired
	SeckillUserService userService;

	@Autowired
	RedisService redisService;

	@Autowired
	GoodsService goodsService;

	@Autowired
	OrderService orderService;

	@Autowired
	SeckillService seckillService;

	@Autowired
	MQSender sender;

	private HashMap<Long, Boolean> localOverMap = new HashMap<Long, Boolean>();

	@Override
	public void afterPropertiesSet() throws Exception {
		List<GoodsVo> goodsList = goodsService.listGoodsVo();
		if (goodsList == null) {
			return;
		}
		for (GoodsVo goods : goodsList) {
			redisService.set(GoodsKey.getSeckillGoodsStock, "" + goods.getId(), goods.getStockCount());
			localOverMap.put(goods.getId(), false);
		}

	}

	@RequestMapping(value = "/{path}/do_seckill", method = RequestMethod.POST)
	@ResponseBody
	public Result<Integer> list(Model model, SeckillUser user, @RequestParam("goodsId") long goodsId,
			@PathVariable("path") String path) {
		model.addAttribute("user", user);
		if (user == null) {
			return Result.error(CodeMsg.SESSION_ERROR);
		}
		// 验证path
		boolean check = seckillService.checkPath(user, goodsId, path);
		if (!check) {
			return Result.error(CodeMsg.REQUEST_ILLEGAL);
		}
		// 内存标记,减少redis访问
		boolean over = localOverMap.get(goodsId);
		if (over) {
			return Result.error(CodeMsg.SECKill_OVER);
		}
		// 预减库存
		long stock = redisService.decr(GoodsKey.getSeckillGoodsStock, "" + goodsId);
		if (stock < 0) {
			localOverMap.put(goodsId, true);
			return Result.error(CodeMsg.SECKill_OVER);
		}
		// 判断是否已经秒杀到了
		SeckillOrder order = orderService.getSeckillOrderByUserIdGoodsId(user.getId(), goodsId);
		if (order != null) {
			return Result.error(CodeMsg.REPEATE_SECKILL);
		}
		// 入队
		SeckillMessage mm = new SeckillMessage();
		mm.setUser(user);
		mm.setGoodsId(goodsId);
		sender.sendSeckillMessage(mm);
		return Result.success(0);// 排队中

	}

	@RequestMapping(value = "/reset", method = RequestMethod.GET)
	@ResponseBody
	public Result<Boolean> reset(Model model) {
		List<GoodsVo> goodsList = goodsService.listGoodsVo();
		for (GoodsVo goods : goodsList) {
			goods.setStockCount(10);
			redisService.set(GoodsKey.getSeckillGoodsStock, "" + goods.getId(), 10);
			localOverMap.put(goods.getId(), false);
		}
		redisService.delete(OrderKey.getSeckillOrderByUidGid);
		redisService.delete(SeckillKey.isGoodsOver);
		seckillService.reset(goodsList);
		return Result.success(true);
	}

	/**
	 * orderId:成功 -1:秒杀失败 0: 排队中
	 */
	@RequestMapping(value = "/result", method = RequestMethod.GET)
	@ResponseBody
	public Result<Long> seckillResult(Model model, SeckillUser user, @RequestParam("goodsId") long goodsId) {
		model.addAttribute("user", user);
		if (user == null) {
			return Result.error(CodeMsg.SESSION_ERROR);
		}
		long result = seckillService.getSeckillResult(user.getId(), goodsId);
		return Result.success(result);
	}

	@AccessLimit(seconds = 5, maxCount = 5, needLogin = true)
	@RequestMapping(value = "/path", method = RequestMethod.GET)
	@ResponseBody
	public Result<String> getSeckillPath(HttpServletRequest request, SeckillUser user,
			@RequestParam("goodsId") long goodsId,
			@RequestParam(value = "verifyCode", defaultValue = "0") int verifyCode) {
		if (user == null) {
			return Result.error(CodeMsg.SESSION_ERROR);
		}
		boolean check = seckillService.checkVerifyCode(user, goodsId, verifyCode);
		if (!check) {
			return Result.error(CodeMsg.REQUEST_ILLEGAL);
		}
		String path = seckillService.createSeckillPath(user, goodsId);
		return Result.success(path);
	}

	@RequestMapping(value = "/verifyCode", method = RequestMethod.GET)
	@ResponseBody
	public Result<String> getSeckillVerifyCod(HttpServletResponse response, SeckillUser user,
			@RequestParam("goodsId") long goodsId) {
		if (user == null) {
			return Result.error(CodeMsg.SESSION_ERROR);
		}
		try {
			BufferedImage image = seckillService.createVerifyCode(user, goodsId);
			OutputStream out = response.getOutputStream();
			ImageIO.write(image, "JPEG", out);
			out.flush();
			out.close();
			return null;
		} catch (Exception e) {
			e.printStackTrace();
			return Result.error(CodeMsg.SECKILL_FAIL);
		}
	}
}

package com.wings.seckill.service;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.util.List;
import java.util.Random;

import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.wings.seckill.domain.OrderInfo;
import com.wings.seckill.domain.SeckillOrder;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.redis.SeckillKey;
import com.wings.seckill.util.Md5Util;
import com.wings.seckill.util.UUIDUtil;
import com.wings.seckill.vo.GoodsVo;

@Service
public class SeckillService {

	@Autowired
	GoodsService goodsService;

	@Autowired
	OrderService orderService;

	@Autowired
	RedisService redisService;

	@Transactional
	public OrderInfo seckill(SeckillUser user, GoodsVo goods) {
		// 减库存 下订单 写入秒杀订单
		boolean success = goodsService.reduceStock(goods);
		if (success) {
			// order_info maiosha_order
			return orderService.createOrder(user, goods);
		} else {
			setGoodsOver(goods.getId());
			return null;
		}
	}

	public long getSeckillResult(Long userId, long goodsId) {
		SeckillOrder order = orderService.getSeckillOrderByUserIdGoodsId(userId, goodsId);
		if (order != null) {// 秒杀成功
			return order.getOrderId();
		} else {
			boolean isOver = getGoodsOver(goodsId);
			if (isOver) {
				return -1;
			} else {
				return 0;
			}
		}
	}

	private void setGoodsOver(Long goodsId) {
		redisService.set(SeckillKey.isGoodsOver, "" + goodsId, true);
	}

	private boolean getGoodsOver(long goodsId) {
		return redisService.exists(SeckillKey.isGoodsOver, "" + goodsId);
	}

	public void reset(List<GoodsVo> goodsList) {
		goodsService.resetStock(goodsList);
		orderService.deleteOrders();
	}

	public boolean checkPath(SeckillUser user, long goodsId, String path) {
		if (user == null || path == null) {
			return false;
		}
		String pathOld = redisService.get(SeckillKey.getSeckillPath, "" + user.getId() + "_" + goodsId, String.class);
		return path.equals(pathOld);
	}

	public String createSeckillPath(SeckillUser user, long goodsId) {
		if (user == null || goodsId <= 0) {
			return null;
		}
		String str = Md5Util.md5(UUIDUtil.uuid() + "123456");
		redisService.set(SeckillKey.getSeckillPath, "" + user.getId() + "_" + goodsId, str);
		return str;
	}

	public BufferedImage createVerifyCode(SeckillUser user, long goodsId) {
		if (user == null || goodsId <= 0) {
			return null;
		}
		int width = 80;
		int height = 32;
		// create the image
		BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
		Graphics g = image.getGraphics();
		// set the background color
		g.setColor(new Color(0xDCDCDC));
		g.fillRect(0, 0, width, height);
		// draw the border
		g.setColor(Color.black);
		g.drawRect(0, 0, width - 1, height - 1);
		// create a random instance to generate the codes
		Random rdm = new Random();
		// make some confusion
		for (int i = 0; i < 50; i++) {
			int x = rdm.nextInt(width);
			int y = rdm.nextInt(height);
			g.drawOval(x, y, 0, 0);
		}
		// generate a random code
		String verifyCode = generateVerifyCode(rdm);
		g.setColor(new Color(0, 100, 0));
		g.setFont(new Font("Candara", Font.BOLD, 24));
		g.drawString(verifyCode, 8, 24);
		g.dispose();
		// 把验证码存到redis中
		int rnd = calc(verifyCode);
		redisService.set(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId, rnd);
		// 输出图片
		return image;
	}

	public boolean checkVerifyCode(SeckillUser user, long goodsId, int verifyCode) {
		if (user == null || goodsId <= 0) {
			return false;
		}
		Integer codeOld = redisService.get(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId,
				Integer.class);
		if (codeOld == null || codeOld - verifyCode != 0) {
			return false;
		}
		redisService.delete(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId);
		return true;
	}

	private static int calc(String exp) {
		try {
			ScriptEngineManager manager = new ScriptEngineManager();
			ScriptEngine engine = manager.getEngineByName("JavaScript");
			return (Integer) engine.eval(exp);
		} catch (Exception e) {
			e.printStackTrace();
			return 0;
		}
	}

	private static char[] ops = new char[] { '+', '-', '*' };

	/**
	 * + - *
	 */
	private String generateVerifyCode(Random rdm) {
		int num1 = rdm.nextInt(10);
		int num2 = rdm.nextInt(10);
		int num3 = rdm.nextInt(10);
		char op1 = ops[rdm.nextInt(3)];
		char op2 = ops[rdm.nextInt(3)];
		String exp = "" + num1 + op1 + num2 + op2 + num3;
		return exp;
	}
}

<!DOCTYPE HTML>
<html >
<head>
    <title>商品详情</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <!-- jquery -->
    <script type="text/javascript" src="/js/jquery.min.js"></script>
    <!-- bootstrap -->
    <link rel="stylesheet" type="text/css" href="/bootstrap/css/bootstrap.min.css" />
    <script type="text/javascript" src="/bootstrap/js/bootstrap.min.js"></script>
    <!-- jquery-validator -->
    <script type="text/javascript" src="/jquery-validation/jquery.validate.min.js"></script>
    <script type="text/javascript" src="/jquery-validation/localization/messages_zh.min.js"></script>
    <!-- layer -->
    <script type="text/javascript" src="/layer/layer.js"></script>
    <!-- md5.js -->
    <script type="text/javascript" src="/js/md5.min.js"></script>
    <!-- common.js -->
    <script type="text/javascript" src="/js/common.js"></script>
    <style type="text/css">
        html,body{
            height:100%;
            width:100%;
        }
        body{
            background:url('/img/bg2.jpg') no-repeat;
            background-size:100% 100%;
        }
        #goodslist td{
            border-top:1px solid #39503f61;
        }
    </style>
</head>
<body>

<div class="panel panel-default" style="height:100%;background-color:rgba(222,222,222,0.8)" >
  <div class="panel-heading">秒杀商品详情</div>
  <div class="panel-body">
  	<span id="userTip"> 您还没有登录,请登陆后再操作<br/></span>
  	<span>没有收货地址的提示。。。</span>
  </div>
  <table class="table" id="goodslist">
  	<tr>  
        <td>商品名称</td>  
        <td colspan="3" id="goodsName"></td> 
     </tr>  
     <tr>  
        <td>商品图片</td>  
        <td colspan="3"><img  id="goodsImg" width="200" height="200" /></td>  
     </tr>
     <tr>  
        <td>秒杀开始时间</td>  
        <td id="startTime"></td>
        <td >	
        	<input type="hidden" id="remainSeconds" />
        	<span id="seckillTip"></span>
        </td>
        <td>
        <!--  
        	<form id="seckillForm" method="post" action="/seckill/do_seckill">
        		<button class="btn btn-primary btn-block" type="submit" id="buyButton">立即秒杀</button>
        		<input type="hidden" name="goodsId"  id="goodsId" />
        	</form>-->
        	<div class="row">
        		<div class="form-inline">
		        	<img id="verifyCodeImg" width="80" height="32"  style="display:none" onclick="refreshVerifyCode()"/>
		        	<input id="verifyCode"  class="form-control" style="display:none"/>
		        	<button class="btn btn-primary" type="button" id="buyButton"onclick="getSeckillPath()">立即秒杀</button>
        		</div>
        	</div>
        	<input type="hidden" name="goodsId"  id="goodsId" />
        </td>
     </tr>
     <tr>  
        <td>商品原价</td>  
        <td colspan="3" id="goodsPrice"></td>  
     </tr>
      <tr>  
        <td>秒杀价</td>  
        <td colspan="3"  id="seckillPrice"></td>  
     </tr>
     <tr>  
        <td>库存数量</td>  
        <td colspan="3"  id="stockCount"></td>  
     </tr>
  </table>
</div>
</body>
<script>

function getSeckillPath(){
	var goodsId = $("#goodsId").val();
	g_showLoading();
	$.ajax({
		url:"/seckill/path",
		type:"GET",
		data:{
			goodsId:goodsId,
			verifyCode:$("#verifyCode").val()
		},
		success:function(data){
			if(data.code == 0){
				var path = data.data;
				doSeckill(path);
			}else{
				layer.msg(data.msg);
			}
		},
		error:function(){
			layer.msg("客户端请求有误");
		}
	});
}

function getSeckillResult(goodsId){
	g_showLoading();
	$.ajax({
		url:"/seckill/result",
		type:"GET",
		data:{
			goodsId:$("#goodsId").val(),
		},
		success:function(data){
			if(data.code == 0){
				var result = data.data;
				if(result < 0){
					layer.msg("对不起,秒杀失败");
				}else if(result == 0){//继续轮询
					setTimeout(function(){
						getSeckillResult(goodsId);
					}, 200);
				}else{
					layer.confirm("恭喜你,秒杀成功!查看订单?", {btn:["确定","取消"]},
							function(){
								window.location.href="/order_detail.htm?orderId="+result;
							},
							function(){
								layer.closeAll();
							});
				}
			}else{
				layer.msg(data.msg);
			}
		},
		error:function(){
			layer.msg("客户端请求有误");
		}
	});
}

function doSeckill(path){
	$.ajax({
		url:"/seckill/"+path+"/do_seckill",
		type:"POST",
		data:{
			goodsId:$("#goodsId").val()
		},
		success:function(data){
			if(data.code == 0){
				//window.location.href="/order_detail.htm?orderId="+data.data.id;
				getSeckillResult($("#goodsId").val());
			}else{
				layer.msg(data.msg);
			}
		},
		error:function(){
			layer.msg("客户端请求有误");
		}
	});
	
}

function render(detail){
	var seckillStatus = detail.seckillStatus;
	var  remainSeconds = detail.remainSeconds;
	var goods = detail.goods;
	var user = detail.user;
	if(user){
		$("#userTip").hide();
	}
	$("#goodsName").text(goods.goodsName);
	$("#goodsImg").attr("src", goods.goodsImg);
	$("#startTime").text(new Date(goods.startDate).format("yyyy-MM-dd hh:mm:ss"));
	$("#remainSeconds").val(remainSeconds);
	$("#goodsId").val(goods.id);
	$("#goodsPrice").text(goods.goodsPrice);
	$("#seckillPrice").text(goods.seckillPrice);
	$("#stockCount").text(goods.stockCount);
	countDown();
}

$(function(){
	//countDown();
	getDetail();
});

function getDetail(){
	var goodsId = g_getQueryString("goodsId");
	$.ajax({
		url:"/goods/detail/"+goodsId,
		type:"GET",
		success:function(data){
			if(data.code == 0){
				render(data.data);
			}else{
				layer.msg(data.msg);
			}
		},
		error:function(){
			layer.msg("客户端请求有误");
		}
	});
}

function countDown(){
	var remainSeconds = $("#remainSeconds").val();
	var timeout;
	if(remainSeconds > 0){//秒杀还没开始,倒计时
	   $("#buyButton").attr("disabled", true);
	   $("#seckillTip").html("秒杀倒计时:"+remainSeconds+"秒");
		timeout = setTimeout(function(){
			$("#countDown").text(remainSeconds - 1);
			$("#remainSeconds").val(remainSeconds - 1);
			countDown();
		},1000);
	}else if(remainSeconds == 0){//秒杀进行中
		$("#buyButton").attr("disabled", false);
		if(timeout){
			clearTimeout(timeout);
		}
		$("#seckillTip").html("秒杀进行中");
		$("#verifyCodeImg").attr("src", "/seckill/verifyCode?goodsId="+$("#goodsId").val());
		$("#verifyCodeImg").show();
		$("#verifyCode").show();
	}else{//秒杀已经结束
		$("#buyButton").attr("disabled", true);
		$("#seckillTip").html("秒杀已经结束");
		$("#verifyCodeImg").hide();
		$("#verifyCode").hide();
	}
}
function refreshVerifyCode(){
	$("#verifyCodeImg").attr("src", "/seckill/verifyCode?goodsId="+$("#goodsId").val()+"&timestamp="+new Date().getTime());
}
</script>
</html>

 

三、接口防刷

思路:对接口做限流

1.可以用拦截器减少对业务侵入

package com.wings.seckill.access;

import com.wings.seckill.domain.SeckillUser;

public class UserContext {
	
	private static ThreadLocal<SeckillUser> userHolder = new ThreadLocal<SeckillUser>();
	
	public static void setUser(SeckillUser user) {
		userHolder.set(user);
	}
	
	public static SeckillUser getUser() {
		return userHolder.get();
	}

}

package com.wings.seckill.access;

import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

import java.lang.annotation.Retention;
import java.lang.annotation.Target;

@Retention(RUNTIME)
@Target(METHOD)
public @interface AccessLimit {
	int seconds();
	int maxCount();
	boolean needLogin() default true;
}

package com.wings.seckill.access;

import java.io.OutputStream;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.alibaba.fastjson.JSON;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.redis.AccessKey;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.result.CodeMsg;
import com.wings.seckill.result.Result;
import com.wings.seckill.service.SeckillUserService;

@Service
public class AccessInterceptor  extends HandlerInterceptorAdapter{
	
	@Autowired
	SeckillUserService userService;
	
	@Autowired
	RedisService redisService;
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		if(handler instanceof HandlerMethod) {
			SeckillUser user = getUser(request, response);
			UserContext.setUser(user);
			HandlerMethod hm = (HandlerMethod)handler;
			AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);
			if(accessLimit == null) {
				return true;
			}
			int seconds = accessLimit.seconds();
			int maxCount = accessLimit.maxCount();
			boolean needLogin = accessLimit.needLogin();
			String key = request.getRequestURI();
			if(needLogin) {
				if(user == null) {
					render(response, CodeMsg.SESSION_ERROR);
					return false;
				}
				key += "_" + user.getId();
			}else {
				//do nothing
			}
			AccessKey ak = AccessKey.withExpire(seconds);
			Integer count = redisService.get(ak, key, Integer.class);
	    	if(count  == null) {
	    		 redisService.set(ak, key, 1);
	    	}else if(count < maxCount) {
	    		 redisService.incr(ak, key);
	    	}else {
	    		render(response, CodeMsg.ACCESS_LIMIT_REACHED);
	    		return false;
	    	}
		}
		return true;
	}
	
	private void render(HttpServletResponse response, CodeMsg cm)throws Exception {
		response.setContentType("application/json;charset=UTF-8");
		OutputStream out = response.getOutputStream();
		String str  = JSON.toJSONString(Result.error(cm));
		out.write(str.getBytes("UTF-8"));
		out.flush();
		out.close();
	}

	private SeckillUser getUser(HttpServletRequest request, HttpServletResponse response) {
		String paramToken = request.getParameter(SeckillUserService.COOKIE_TOKEN_NAME);
		String cookieToken = getCookieValue(request, SeckillUserService.COOKIE_TOKEN_NAME);
		if(StringUtils.isEmpty(cookieToken) && StringUtils.isEmpty(paramToken)) {
			return null;
		}
		String token = StringUtils.isEmpty(paramToken)?cookieToken:paramToken;
		return userService.getByToken( token, response);
	}
	
	private String getCookieValue(HttpServletRequest request, String cookiName) {
		Cookie[]  cookies = request.getCookies();
		if(cookies == null || cookies.length <= 0){
			return null;
		}
		for(Cookie cookie : cookies) {
			if(cookie.getName().equals(cookiName)) {
				return cookie.getValue();
			}
		}
		return null;
	}
	
}

package com.wings.seckill.config;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

import com.wings.seckill.access.AccessInterceptor;

@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {

	@Autowired
	private UserArgumentResolver userArgumentResolver;

	@Autowired
	AccessInterceptor accessInterceptor;

	@Override
	public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
		argumentResolvers.add(userArgumentResolver);
	}

	@Override
	public void addInterceptors(InterceptorRegistry registry) {
		registry.addInterceptor(accessInterceptor);
	}
}

 

 

 

插上小翅膀的程序猿Wings
关注
秒杀功能(7)安全优化
Serena0814的博客
05-13 457
安全优化 从本篇开始讲秒杀系统的安全优化。主要分为三大块: 秒杀接口地址隐藏 数学公式验证码 接口限流防刷 秒杀接口地址隐藏 每次点击秒杀按钮,才会生成秒杀地址,之前是不知道秒杀地址的。不是写死的,是从服务端获取,动态拼接而成的地址。(Http协议是明文传输,透明的,前端无法控制恶意用户进行攻击)安全校验还是要放在服务端,禁止掉这些恶意服务。 该操作:可以为了防止,恶意用户登陆之后,获取tok...
java秒杀实战
湫兮若风的博客
05-20 292
文章目录1. 分布式session2. 压测 1. 分布式session 使用redis作为session的存储容器。 2. 压测 使用JMeter进行压测,查看qps的数量。再根据服务器的top命令,查看哪些进程在消耗资源。 ...
Java秒杀实战 (三)秒杀基本功能开发
插上小翅膀的程序猿Wings
07-24 1411
一、数据库表 商品表 CREATE TABLE `goods` ( `id` BIGINT ( 20 ) NOT NULL AUTO_INCREMENT COMMENT '商品ID', `goods_name` VARCHAR ( 16 ) DEFAULT NULL COMMENT '商品名称', `goods_title` VARCHAR ( 64 ) DEFAULT NULL COMME...
Java秒杀系统完整项目实战——笔记
最新发布
qq_45915803的博客
10-16 522
Java秒杀系统完整项目实战——项目创建
JAVA电商秒杀实战(三)
lz564的博客
05-31 530
JAVA电商秒杀实战(三)- - 实现第三方登录QQ登录短信验证码登录 QQ登录 首先导入所需要的相关依赖: <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> <version>3.8.1</version> </dependency> <d
Java秒杀系统方案优化-高性能高并发实战
04-16
Java秒杀系统方案优化-高性能高并发实战 Java秒杀系统方案优化-高性能高并发实战
java秒杀实战.zip
03-09
本教程将通过"java秒杀实战.zip"这个压缩包,带你深入理解并实践如何使用Java技术栈,特别是SpringBoot框架,来构建一个高效、稳定的秒杀系统。 一、秒杀系统概述 秒杀系统的核心在于处理高并发下的订单创建,对...
Java秒杀系统方案优化 高性能高并发实战
08-23
### Java秒杀系统方案优化与高性能高并发实战 在当今互联网快速发展的背景下,高并发、高性能成为了考验系统架构的关键指标之一。特别是在电商领域中的“秒杀”活动,短时间内会有大量用户同时访问,这对系统的稳定...
Java秒杀系统方案优化——高性能高并发实战
04-10
第1章-课程介绍及项目框架搭建 第2章-实现用户登录以及分布式session功能 第3章秒杀功能开发及管理后台 ...第6章-服务级高并发秒杀优化(RabbitMQ+接口优化) 第7章-图形验证码及恶意防刷 第8章-课程总结及重难点回顾
秒杀项目 安全优化笔记
小白鼠丶
02-11 313
秒杀接口地址隐藏 防机器人 写一个接口以获取秒杀地址,接口中使用如用户ID+商品ID为key,value为UUID字符串设置到redis中,以便在第2步校验url是否正确,并返回UUID生成的字符串 拿到第1步生成的UUID字符串发送给真正的秒杀接口,校验UUID是否正确,若正确则继续秒杀接口逻辑 数学公式图形验证码 分散用户请求,防机器人 接口限流防刷 一段时间内访问接口...
秒杀项目 (7)安全优化
初心魏的博客
09-16 994
一、安全优化 1.1 思路 秒杀接口地址隐藏 数学公式验证码 接口限流防刷 1.2 隐藏秒杀地址原因 秒杀未开始前,如果抓包先获取path,在将path拼到秒杀地址上,也可以秒杀到商品(ps:不加验证码的情况下) 二、接口地址隐藏 2.1 秒杀之前,先去接口请求获取秒杀地址 思路 将生成的path存到redis中 @RequestMapping(value = "/path",method...
秒杀项目07-安全优化
qq_43478625的博客
10-25 3473
秒杀项目07-安全优化1. 秒杀接口地址隐藏1.1 接口改造,带上PathVariable参数1.2 添加生成地址的接口1.3 秒杀收到请求,先验证PathVariable2. 数学公式验证码3. 接口限流防刷 1. 秒杀接口地址隐藏 思路: 秒杀开始之前,先去请求接口获取秒杀地址 1.1 接口改造,带上PathVariable参数 1.2 添加生成地址的接口 1.3 秒杀收到请求,先验证PathVariable 2. 数学公式验证码 3. 接口限流防刷 ...
Java秒杀电商实战
g17860760315的博客
05-13 333
Java秒杀电商实战 实践过程 Spring Boot的环境搭建 通过IDEA创建springboot项目,FIle->New->Project->Spring initializr(选择mybatis、redis、Mysql、Thymaleaf的依赖)->Finish 集成Thymeleaf,Result结果封装 在配置文件中加入 spring.thymeleaf.prefix=classpath:/templates/ spring.thymeleaf.suffix=.h
Java电商秒杀实战
qq_42214025的博客
05-14 216
Java电商秒杀项目(一) 项目环境搭建 Spring Boot环境的搭建 集成Thymeleaf Result结果搭建 集成Mybatis+Druid 集成Jedis+Redis安装+通用缓存Key封装 进行环境搭建,然后添加一定的依赖: 一、加入依赖pom.xml 依次Spring Boot依赖、thymeleaf依赖、 Mybatis、 mysql、 druid、 Jedis的依赖,如下还要添加thymelefa的依赖: 二、添加配置文件application.properties spring.
JAVA秒杀系统实战(二)
qq_38197844的博客
08-23 331
第一章 项目环境的搭建 市面上最常用的微服务环境就是springBoot框架环境搭建 与springmvc不同的是,springmvc需要配置很多,springBoot是零配置的思想,这就是它非常流行的原因 pom.xml导入依赖 了解springboot,到时候方便讲解介绍 Controller中的输出分为两类 res...
gulimall——秒杀安全优化(三)
qq_38246328的博客
05-04 270
1.优化思路 (1)秒杀接口地址隐藏。防止有人恶意秒杀 (2)数学公式验证码。也能防止恶意秒杀。并且能够减轻秒杀系统的瞬时流量,减轻并发量。 (3)接口限流防刷。限制一个用户1分钟之内只能访问某个接口10次。 2.秒杀接口地址隐藏 每次点击秒杀按钮,才会生成秒杀地址,秒杀地址不是写死的,是从服务端获取,动态拼接而成的地址。(HTTP协议是明文传输,前端是防不住恶意用户的攻击,所以安全校验要放在服务端,从而禁止掉这些恶意攻击。) 实现思路: 在进行秒杀之前,去后端获取一个动态的秒杀地址path(服务
Java秒杀实战 (一)环境搭建
插上小翅膀的程序猿Wings
07-24 1226
1. SpringBoot环境搭建 以前使用springMVC的时候,要引入一大堆xml等配置文件。引入SpringBoot的目的,就是为了简化web配置。 pom依赖 &lt;parent&gt; &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt; &lt;artifactId&gt;spring-boot-start...
安全优化(拦截器实现接口限流防刷)
lahhass的博客
06-27 1700
接口限流防刷 防止用户大量重复访问,一分钟之内限制访问多少次 思路:对接口做限流,计时,并记录访问次数 将一个用户的访问次数写到缓存里,同时给数据加有效期,次数增加直接对数据+1 如果在有效期内,数据超过某数值,访问返回失败 有效期过了,重新存入数据 可以使用拦截器减少对业务侵入 定义注解@AccessLimit(seconds=5, maxCount=5,needLogin=true),定...
SpringMVC拦截所有Controller请求,实现自定义参数
树袋熊的博客
02-08 7258
SpringMVC拦截所有Controller请求,实现自定义参数1.自定义参数分解器重写addArgumentResolvers方法生产参数分解器2.重写拦截器方法需要继承HandlerInterceptorAdapter2.实现WebMvcConfigurer需要实现两个方法 1.自定义参数分解器 重写addArgumentResolvers方法生产参数分解器 需要实现HandlerMetho...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值