原理:
利用拦截器来实现,定义注解,在需要的方法上加上该注解,通过拦截器拦截这些注解的方法,当用户多次请求时,我们可以累积他的请求次数,请求次数存储到redis中,达到了上限,我们就可以给他提示信息。
总结:采用注解方式加拦截器,结合redis来存储请求次数,可以灵活配置同一用户在规定的时间内请求同一接口最大次数。
代码:
1、定义注解
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import static java.lang.annotation.ElementType.METHOD;
/**
* 定义接口恶意请求多次注解
*/
@Retention(RUNTIME)//表示它在运行时
@Target(METHOD) //表示它只能放在方法上
@SuppressWarnings("all")
public @interface AccessLimit {
int seconds();//规定几秒
int maxCount();//最大请求数
}
2、配置拦截器
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
/**
* 拦截器
*/
@Component
public class LoginInterceptor extends HandlerInterceptorAdapter {
private final Log log = LogFactory.getLog(LoginInterceptor.class);
@Autowired
private RedisUtil redisUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
//获取方法中的注解,看是否有该注解,用于防止接口被恶意调用多次
AccessLimit accessLimit = handlerMethod.getMethodAnnotation(AccessLimit.class);
log.info("========================accessLimit==============================>"+ accessLimit);
if(accessLimit == null){
return true;
}
int seconds = accessLimit.seconds();
int maxCount = accessLimit.maxCount();
String ip=request.getRemoteAddr();
String key = request.getServletPath() + ":" + ip ;
String count = redisUtil.get(key);
if (null == count ) {
redisUtil.setex(key, "1",seconds);
String count1 = redisUtil.get(key);
return true;
}
if (Integer.parseInt(count) < maxCount) {
count = String.valueOf(Integer.parseInt(count)+1);
redisUtil.setex(key, count,seconds);
return true;
}
if (Integer.parseInt(count) >= maxCount) {
//response 返回 json 请求过于频繁请稍后再试
response.setStatus(401);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
response.setStatus(401);
response.getWriter().write(JsonUtils.obj2String("操作频繁,请稍后重试"));
return false;
}
};
}
}
3.注入拦截器
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class InterceptorConfig extends WebMvcConfigurerAdapter {
@Autowired
ResponseResultInterceptor responseResultInterceptor;
@Autowired
LoginInterceptor loginInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(responseResultInterceptor).addPathPatterns("/**");
//排除swagger拦截
registry.addInterceptor(loginInterceptor)
.excludePathPatterns("/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**");
}
}
4.在接口方上引用注解
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
@RestController
@RequestMapping("login")
public class LoginController {
@Autowired
WUserMapper usermapper;
@Autowired
private TencentServiceImpl tencentService;
@NoneAuth
@PostMapping(sendMsg")
@AccessLimit(seconds = 60, maxCount = 1) //60秒内 允许请求1次
public Result sendMsg(String phone) {
return tencentService.send(phone);
}
}