编写filter
package com.dstz.security.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.dstz.base.rest.util.IPUtils;
import com.dstz.security.IngoreChecker;
public class WhiteIpFilter extends IngoreChecker implements Filter {
protected Logger logger = LoggerFactory.getLogger(this.getClass());
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String path = req.getServletPath();
if(!path.contains("/btw")) {
chain.doFilter(request, response);
}else {
logger.debug("----- 验证该IP是否是白名单 - 开始 -------");
String realIP = IPUtils.getRealIP(req);
if(StringUtils.isNotBlank(realIP)) {
boolean isIngoreUrl = this.isIngores(realIP);
if (isIngoreUrl) {
logger.debug("该IP是白名单!");
chain.doFilter(request, response);
} else {
logger.debug("该IP不存在白名单中!拒绝访问!");
response.getWriter().print("你没有操作该api的操作权限");
}
}else {
response.getWriter().print("没有获取到请求的ip地址");
}
}
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
工具类
package com.dstz.base.rest.util;
import javax.servlet.http.HttpServletRequest;
public class IPUtils {
public static String getRealIP(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
if( ip.indexOf(",")!=-1 ){
ip = ip.split(",")[0];
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Real-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
}
配置文件
<security:http entry-point-ref="authenticationLoginEntry">
<security:remember-me key="rememberPrivateKey"/>
<security:custom-filter ref="whiteIpFilter" before="CAS_FILTER"/>
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="securityInterceptor"/>
<security:access-denied-handler ref="accessDeniedHandler"/>
<security:headers>
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
<security:csrf disabled="true"/>
</security:http>
<bean id="whiteIpFilter" class="com.dstz.security.filter.WhiteIpFilter">
<property name="ingores">
<list>
<value>192.168.31.164</value>
<value>127.0.0.1</value>
<value>localhost</value>
<value>47.106.139.29</value>
</list>
</property>
</bean>