我的這個項目用了SpringMVC
參考網上寫了個IPFilter
/** * IP過濾器
* @author zytim
* ip-pattern中配置允許訪問的IP范圍,允許"*"和"-"
*/
public class IPFilter implements Filter {
private final static Logger logger = LoggerFactory.getLogger(IPFilter.class);
private String ipPattern;
public String getIpPattern() {
return ipPattern;
}
public void setIpPattern(String ipPattern) {
this.ipPattern = ipPattern;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.ipPattern =PropertyUtil.getProperty("ip-pattern");
//從properties配置文件中取參數,也可以從web.xml的param-value里取參數,參數以“;”隔開
//this.ipPattern = filterConfig.getInitParameter("ip-pattern");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String ip = request.getRemoteHost();
String reqUrl = ((HttpServletRequest) request).getRequestURI();
if (reqUrl.contains("nouser")) {
chain.doFilter(request, response);//進入下一個Filter
return;
}
if (validateIP(ip, ipPattern)) {
//logger.info(ip+" is Permissible.");
chain.doFilter(request, response);
}
else {
logger.info(ip+" 拒絕訪問。");//日志記錄
((HttpServletResponse) response).sendRedirect("/nouser.jsp");
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
/**
* IP校驗方法
* 功能描述: ip地址權限校驗,允許"192.168.1.*"和"192.169.1.0-254"格式
* @param ipStr 請求ip
* @param ipPattern 權限ip列表 以;隔開
* @return 校驗是否通過
*
*/
public static boolean validateIP(String ipStr, String ipPattern) {
if ( ipStr == null || ipPattern == null) {
return false;
}
String[] patternList = ipPattern.split( ";");
// for(String str : patternList){
// System.out.println("Permissible IP:"+str);
// }
//參數打印測試
for (String pattern : patternList) {
if ( passValidate(ipStr, pattern)) {
return true;
}
}
return false;
}
private static boolean passValidate(String ipStr, String pattern) {
String[] ipStrArr = ipStr.split("\\.");
String[] patternArr = pattern.split("\\.");
if ( ipStrArr. length != 4 || patternArr. length != 4) {
return false;
}
int end = ipStrArr. length;
if ( patternArr[3].contains( "-")) {
end = 3;
String[] rangeArr = patternArr[3].split( "-");
int from = Integer.valueOf(rangeArr[0]).intValue();
int to = Integer.valueOf(rangeArr[1]).intValue();
int value = Integer.valueOf(ipStrArr[3]).intValue();
if ( value < from || value > to) {
return false;
}
}
for ( int i = 0; i < end; i++) {
if ( patternArr[i].equals("*")) {
continue;
}
if (!patternArr[i].equalsIgnoreCase(ipStrArr[i])) {
return false;
}
}
return true;
}
}
配置web.xml,過濾所有.htm的請求:
<!-- IP filter -->
<filter>
<filter-name>IPFilter </filter-name>
<filter-class>com.xiaoniu.auth.filter.IPFilter </filter-class>
<init-param>
<param-name>ip-pattern</param-name>
<param-value> </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IPFilter </filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
之前在配置時 url-pattern 中使用的是 /*,過濾了所有的請求,包括讀取css樣式文件等操作,導致錯誤提示頁面變成原始挫頁。這里只配置后只過濾了.htm請求,過濾了對核心業務的訪問,保留了測試和頁面調用的文件。
