基於註解實現 SpringBoot 接口防刷的方法
該示例項目通過自定義註解,實現接口訪問次數控制,從而實現接口防刷功能,項目結構如下:
一、編寫註解類 AccessLimit
package cn.mygweb.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * 訪問控制註解(實現接口防刷功能) */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface AccessLimit { /** * 限制周期(單位為秒) * * @return */ int seconds(); /** * 規定周期內限制次數 * * @return */ int maxCount(); /** * 是否需要登錄 * * @return */ boolean needLogin() default false; }
二、在Interceptor攔截器中實現攔截邏輯
package cn.mygweb.interceptor; import cn.mygweb.annotation.AccessLimit; import cn.mygweb.entity.Result; import cn.mygweb.entity.StatusCode; import com.alibaba.fastjson.JSON; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.OutputStream; import java.util.HashMap; import java.util.Map; /** * 訪問控制攔截器 */ @Component public class AccessLimitInterceptor extends HandlerInterceptorAdapter { //模擬數據存儲,實際業務中可以自定義實現方式 private static Map<String, AccessInfo> accessInfoMap = new HashMap<>(); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //判斷請求是否屬於方法的請求 if (handler instanceof HandlerMethod) { HandlerMethod hm = (HandlerMethod) handler; //獲取方法中的註解,看是否有該註解 AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class); if (accessLimit == null) { return true; } int seconds = accessLimit.seconds(); int maxCount = accessLimit.maxCount(); boolean needLogin = accessLimit.needLogin(); String key = request.getRequestURI(); //如果需要登錄 if (needLogin) { //獲取登錄的session進行判斷 //…… key += " " + "userA";//這裡假設用戶是userA,實際項目中可以改為userId } //模擬從redis中獲取數據 AccessInfo accessInfo = accessInfoMap.get(key); if (accessInfo == null) { //第一次訪問 accessInfo = new AccessInfo(); accessInfo.setFirstVisitTimestamp(System.currentTimeMillis()); accessInfo.setAccessCount(1); accessInfoMap.put(key, accessInfo); } else if (accessInfo.getAccessCount() < maxCount) { //訪問次數加1 accessInfo.setAccessCount(accessInfo.getAccessCount() + 1); accessInfoMap.put(key, accessInfo); } else { //超出訪問次數,判斷時間是否超出設定時間 if ((System.currentTimeMillis() - accessInfo.getFirstVisitTimestamp()) <= seconds * 1000) { //如果還在設定時間內,則為不合法請求,返回錯誤信息 render(response, "達到訪問限制次數,請稍後重試!"); return false; } else { //如果超出設定時間,則為合理的請求,將之前的請求清空,重新計數 accessInfo.setFirstVisitTimestamp(System.currentTimeMillis()); accessInfo.setAccessCount(1); accessInfoMap.put(key, accessInfo); } } } return true; } /** * 向頁面發送消息 * * @param response * @param msg * @throws Exception */ private void render(HttpServletResponse response, String msg) throws Exception { response.setContentType("application/json;charset=UTF-8"); OutputStream out = response.getOutputStream(); String str = JSON.toJSONString(new Result(true, StatusCode.ACCESSERROR, msg)); out.write(str.getBytes("UTF-8")); out.flush(); out.close(); } /** * 封裝的訪問信息對象 */ class AccessInfo { /** * 一個計數周期內第一次訪問的時間戳 */ private long firstVisitTimestamp; /** * 訪問次數統計 */ private int accessCount; public long getFirstVisitTimestamp() { return firstVisitTimestamp; } public void setFirstVisitTimestamp(long firstVisitTimestamp) { this.firstVisitTimestamp = firstVisitTimestamp; } public int getAccessCount() { return accessCount; } public void setAccessCount(int accessCount) { this.accessCount = accessCount; } @Override public String toString() { return "AccessInfo{" + "firstVisitTimestamp=" + firstVisitTimestamp + ", accessCount=" + accessCount + '}'; } } }
三、把Interceptor註冊到springboot中
package cn.mygweb.config; import cn.mygweb.interceptor.AccessLimitInterceptor; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * 攔截器註冊配置 */ @Configuration public class WebConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { //註冊攔截器 registry.addInterceptor(new AccessLimitInterceptor()); } }
四、在Controller中加入註解實現接口防刷
package cn.mygweb.controller; import cn.mygweb.annotation.AccessLimit; import cn.mygweb.entity.Result; import cn.mygweb.entity.StatusCode; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("/access") public class AccessController { @AccessLimit(seconds = 5, maxCount = 2)//訪問控制,5秒內隻能訪問2次 @GetMapping public Result access() { return new Result(true, StatusCode.OK, "訪問成功!"); } }
五、測試訪問
附:StatusCode.java、Result.java、application.yml
StatusCode類
package cn.mygweb.entity; /** * 返回狀態碼 */ public class StatusCode { public static final int OK = 20000;//成功 public static final int ERROR = 20001;//失敗 public static final int LOGINERROR = 20002;//用戶名或密碼錯誤 public static final int ACCESSERROR = 20003;//權限不足 public static final int REMOTEERROR = 20004;//遠程調用失敗 public static final int REPERROR = 20005;//重復操作 public static final int NOTFOUNDERROR = 20006;//沒有對應的搶購數據 }
Result類:
package cn.mygweb.entity; import java.io.Serializable; /** * 響應結果 */ public class Result<T> implements Serializable { private boolean flag;//是否成功 private Integer code;//返回碼 private String message;//返回消息 private T data;//返回數據 public Result(boolean flag, Integer code, String message, Object data) { this.flag = flag; this.code = code; this.message = message; this.data = (T) data; } public Result(boolean flag, Integer code, String message) { this.flag = flag; this.code = code; this.message = message; } public Result() { this.flag = true; this.code = StatusCode.OK; this.message = "操作成功!"; } public boolean isFlag() { return flag; } public void setFlag(boolean flag) { this.flag = flag; } public Integer getCode() { return code; } public void setCode(Integer code) { this.code = code; } public String getMessage() { return message; } public void setMessage(String message) { this.message = message; } public T getData() { return data; } public void setData(T data) { this.data = data; } }
applications.yml:
server: port: 8080
到此這篇關於基於註解實現 SpringBoot 接口防刷的方法的文章就介紹到這瞭,更多相關SpringBoot 接口防刷內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!
推薦閱讀:
- SpringBoot+Redis防止惡意刷新與暴力請求接口的實現
- SpringBoot防止大量請求攻擊的實現
- springboot 自定義異常並捕獲異常返給前端的實現代碼
- SpringBoot自定義註解開發指南
- SpringBoot 統一公共返回類的實現