springboot之过滤器实现放行项目内的接口拦截其他外部接口

项目场景：

适用：使用过滤器拦截外部接口，同时解决跨域问题

---

问题描述：

有时会有恶意攻击接口的情况，以防万一，需要将不属于我们的接口名称，进行拦截。以保证安全

---

解决方案：

代码如下。

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

@Configuration
@WebFilter(urlPatterns = "/*", filterName = "ContianUrl")
public class ContianUrl_Filter implements Filter {
    
    
    private Logger logger = LoggerFactory.getLogger(getClass());

    private static List<String> URLS = new ArrayList<>();
    @Autowired private WebApplicationContext applicationContext;
    @Override public void init(FilterConfig filterConfig) throws ServletException {
    
    
        applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods().forEach((k, v) -> {
    
     k.getPatternsCondition().getPatterns().stream().forEach(s-> URLS.add(s)); });
        logger.info("过滤器初始化");
    }

    @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
    
    
//        logger.info("开始校验");
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String requestName = request.getRequestURI();

        /*顺手解决跨域问题*/
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");

        logger.info(requestName);
        if (URLS.contains(requestName)) {
    
    
            logger.info("请求存在，放行");
            chain.doFilter(servletRequest, servletResponse);
        } else {
    
    
            logger.info("请求不存在，终止");
            response.setCharacterEncoding("UTF-8");//设置将字符以"UTF-8"编码输出到客户端浏览器
            response.setHeader("content-type", "text/html;charset=UTF-8");//通过设置响应头控制浏览器以UTF-8的编码显示数据，如果不加这句话，那么浏览器显示的将是乱码
            response.getWriter().write("请求不存在");
        }
        logger.info("--------------------------------------------------------");

    }

    @Override
    public void destroy() {
    
    
        logger.info("过滤器销毁了");

    }
}