方式:
1、实现接口:org.springframework.web.servlet.HandlerInterceptor
2、继承抽象类:org.springframework.web.servlet.handler.HandlerInterceptorAdapter
spring配置文件:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/restapi/user/identifycode/**" />
<mvc:mapping path="/restapi/user/email/edit" />
<bean class="com.maijia.ucenter.rest.web.interceptors.IdentifyCodeInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
全局拦截器:
<mvc:interceptors>
<bean class="com.app.mvc.MyInteceptor" />
</mvc:interceptors>
或
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"> <property name="interceptors">
<list>
<bean class="com.mvc.MyInteceptor"></bean>
</list>
</property>
</bean>
拦截器类:
package com.caiya.ucenter.rest.web.interceptors;
import java.util.Date;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.caiya.ucenter.rest.web.utils.ClientIpUtils;
import com.caiya.cache.ICache;
/**
* 短信校验码拦截器,只允许60秒之后重发一次
* ADD 邮箱验证码
* 涉及找回密码 & 绑定邮箱
*/
public class IdentifyCodeInterceptor extends HandlerInterceptorAdapter {
@Resource
private ICache cache;
private static Logger logger = Logger.getLogger(IdentifyCodeInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
String path = request.getRequestURI();
String ip = ClientIpUtils.getClientIP(request);
if(path.contains("/restapi/user/identifycode/sms")){
// 发送短信验证码
String mobile = request.getParameter("mobile");
if(cache.get(createCacheKey(mobile)) != null){
logger.error(new StringBuilder("ip:").append(ip).append(",mobile:").append(mobile).append(" 在1分钟内再次请求短信验证码,请求拒绝!"));
throw new IllegalAccessException("短信验证码需在1分钟之后再次请求!");
}
}else if(path.contains("/restapi/user/identifycode/email") || path.contains("/restapi/user/email/edit")){
// 发送邮箱验证码
String email = request.getParameter("email");
if(cache.get(createCacheKey(email)) != null){
logger.error(new StringBuilder("ip:").append(ip).append(",email:").append(email).append(" 在1分钟内再次请求邮箱验证码,请求拒绝!"));
throw new IllegalAccessException("邮箱验证码需在1分钟之后再次请求!");
}
}
// ip另外限制
if(cache.get(createCacheKey(ip)) != null){
logger.error(new StringBuilder("ip:").append(ip).append(",ip:").append(ip).append(" 在1分钟内再次请求验证码,请求拒绝!"));
throw new IllegalAccessException("验证码请求需在1分钟之后再次请求!");
}
return super.preHandle(request, response, handler);
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
String path = request.getRequestURI();
String ip = ClientIpUtils.getClientIP(request);
if(path.contains("/restapi/user/identifycode/sms")){
// 发送短信验证码
String mobile = request.getParameter("mobile");
try{
// 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去
cache.set(createCacheKey(mobile), new Date(), 60);
}catch(Exception e){
logger.error(e.getMessage(), e);
}
}else if(path.contains("/restapi/user/identifycode/email") || path.contains("/restapi/user/email/edit")){
// 发送邮箱验证码
String email = request.getParameter("email");
try{
// 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去
cache.set(createCacheKey(email), new Date(), 60);
}catch(Exception e){
logger.error(e.getMessage(), e);
}
}
// ip另外限制
try{
// 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去
cache.set(createCacheKey(ip), new Date(), 60);
}catch(Exception e){
logger.error(e.getMessage(), e);
}
super.postHandle(request, response, handler, modelAndView);
}
private String createCacheKey(String address){
return new StringBuilder("ic_").append(address).toString();
}
}