fastdfs 防盗链 java_FastDFS防盗链

FastDFS扩展模块内置了通过token来实现防盗链的功能。开启防盗链后，访问文件是需要在url中加两个参数：token和ts。ts为时间戳，token为系统根据时间戳和密码生成的信物。为了系统的安全，下面一起来开启防盗链吧！

1. 配置http访问

1.1 开启防盗链检查

vim /etc/fdfs/http.conf

# HTTP default content type

http.default_content_type = application/octet-stream

# MIME types mapping filename

# MIME types file format: MIME_type extensions

# such as: image/jpeg jpeg jpg jpe

# you can use apache‘s MIME file: mime.types

http.mime_types_filename=mime.types

# if use token to anti-steal

# default value is false (0)

http.anti_steal.check_token=true # 修改1，开启防盗链检查

# token TTL (time to live), seconds

# default value is 600

http.anti_steal.token_ttl=900 # 选择性修改token的过期时间

# secret key to generate anti-steal token

# this parameter must be set when http.anti_steal.check_token set to true·

# the length of the secret key should not exceed 128 bytes

http.anti_steal.secret_key=123456 # 修改2，防盗链密码

# return the content of the file when check token fail

# default value is empty (no file sepecified)

http.anti_steal.token_check_fail=/root/error.jpg # 修改3，配置拒绝访问后显示的图片，需要是个有效可访问的图片

# if support multi regions for HTTP Range

# default value is true

http.multi_range.enabed = true

1.2 重启nginx

service nginx restart

# 或

nginx -s reload

1.3 验证

没有开启防盗链，文件可以正常访问：

成功开启防盗链后，访问文件时携带了错误的token，文件不能访问并且显示访问出错的图片

携带正确的token，效果已经达到，只要保证密码不被泄露，我们的文件就是相对安全的

2. 开发服务端代码修改

2.1 fdfs_client.conf配置

http.anti_steal_token = true # 启动防盗链

http.secret_key = 123456 # 防盗链密码

tracker_server=192.168.56.10:22122

tracker_server=192.168.56.11:22122

2.2 服务器端

服务器端为文件访问生成token

remoteFilename:不能加group1(group name)

package com.aixin.tuna.fdfs;importorg.csource.common.MyException;importorg.csource.fastdfs.ProtoCommon;importjava.io.UnsupportedEncodingException;importjava.security.NoSuchAlgorithmException;/**

* Created by dailin on 2018/6/12.*/publicclassFdfsFDL {

public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {

String fileName= "M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png";

String host= "http://192.168.56.10:8888";

String secretKey= "123456";

String sourceUrl=getSourceUrl(fileName, host, secretKey);

System.out.println(sourceUrl);

}/**

*生成防盗链token* @param remoteFilename 文件路径，不带group：M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png*@param httpHost 文件服务器web访问地址*@param secretKey 密码* @return

*@throws UnsupportedEncodingException*@throws NoSuchAlgorithmException*@throws MyException*/public static String getSourceUrl(String remoteFilename, String httpHost,String secretKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, MyException {

int lts= (int)(System.currentTimeMillis() / 1000);

String token= ProtoCommon.getToken(remoteFilename, lts, secretKey); //初始化secret_keyreturn httpHost + "/" + remoteFilename + "?token=" + token + "&ts=" +lts;

}

}

得到

http://192.168.56.10:8888/M00/00/00/wKg4C1tFmTWAFPKBAADdeFFxlXA240.png?token=2fd428c6acc14126239e3a7d7d1d872b&ts=153

原文：https://www.cnblogs.com/xiaolinstudy/p/9341779.html