SpringBoot+Redis防止惡意刷新與暴力請求接口的實現
本項目采用 springboot+Redis的方式來實現;所采用的全部參考文獻在文末,包括軟件的安裝、測試等等
實驗環境: centos 7 安裝Redis ,采用wget安裝,
IDE :IDEA
配置
pom文件:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>springbootRefusePost</artifactId>
<version>1.0-SNAPSHOT</version>
<dependencies>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<version>2.3.0.RELEASE</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.67</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.13.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
</dependencies>
</project>
目錄結構
因為隻測試瞭一個接口暴力請求,所以並沒有分包,對於全局異常隻是在後臺拋出,並沒有在前端做全局的捕獲返回
飄紅的原因是idea的受檢異常,可忽略
application.yml配置類
實現代碼
文章中用到的六個類包括啟動類如下所示:
package com.ApiTest;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 自定義註解,用於攔截過於頻繁的請求
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AccessLimit {
int seconds();
int maxCount();
boolean needLogin() default true;
}
package com.ApiTest;
import com.ApiTest.MyException;
import com.ApiTest.AccessLimit;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.concurrent.TimeUnit;
/**
* 自定義攔截器
*/
@Component
public class AccessLimtInterceptor implements HandlerInterceptor {
@Autowired
private RedisTemplate redisTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod hm = (HandlerMethod) handler;
AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);
if (null == accessLimit) {
return true;
}
int seconds = accessLimit.seconds();
int maxCount = accessLimit.maxCount();
boolean needLogin = accessLimit.needLogin();
if (needLogin) {
//判斷是否登錄
}
String ip=request.getRemoteAddr();
String key = request.getServletPath() + ":" + ip ;
System.out.println(ip);
System.out.println(key);
//獲取key鍵對應的值。
Integer count = (Integer) redisTemplate.opsForValue().get(key);
System.out.println(count);
if (null == count || -1 == count) {
//redisTemplate.opsForValue().set 增⼀個字符串類型的值,key是鍵,value是值。
//⽅法含義:新增⼀個字符串類型的值,並且設置變量值的過期時間。key是鍵,value是值,timeout 過期時間,unit 過期時間單位
//鏈接:https://wenku.baidu.com/view/f0de3ecc1ae8b8f67c1cfad6195f312b3169ebd1.html
System.out.println("初次進入");
redisTemplate.opsForValue().set(key, 1,seconds, TimeUnit.SECONDS);
return true;
}
if (count < maxCount) {
count = count+1;
//⽅法含義:覆蓋從指定位置開始的值
redisTemplate.opsForValue().set(key, count,0);
return true;
}
// response 返回 json 請求過於頻繁請稍後再試
throw new MyException("20001","操作過於頻繁");
}
return true;
}
}
package com.ApiTest;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class AppHomeController {
@GetMapping("/index")
@AccessLimit(seconds = 2, maxCount = 5) //2秒內 允許請求5次
@ResponseBody
public String getImageList(){
return "請求成功";
}
}
package com.ApiTest;
/**
* 自定義異常類
*/
public class MyException extends Exception {
// 異常代碼
private String code;
//異常信息
private String message;
//構造方法
public MyException(String code, String message) {
this.code = code;
this.message = message;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
@Override
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
package com.ApiTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* 在webconfig中配置攔截器
*/
@Configuration
public class MyWebMvcConfigurer extends WebMvcConfigurerAdapter {
@Autowired
private AccessLimtInterceptor accessLimtInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(accessLimtInterceptor);
super.addInterceptors(registry);
}
}
```java
package com;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.web.client.RestTemplate;
@SpringBootApplication
public class Application {
@Bean
public RestTemplate restTemplate() {
return new RestTemplate();
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
到此這篇關於SpringBoot+Redis防止惡意刷新與暴力請求接口的實現的文章就介紹到這瞭,更多相關SpringBoot防止惡意刷新 暴力請求接口內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!
推薦閱讀:
- Spring Boot如何利用攔截器加緩存完成接口防刷操作
- SpringBoot防止大量請求攻擊的實現
- java秒殺之redis限流操作詳解
- SpringBoot基於Redis的分佈式鎖實現過程記錄
- SpringBoot項目中接口防刷的完整代碼