SpringBoot 添加Referer拦截器
拦截器代码
/**
* Referer拦截器
*/
public class RefererInterceptor extends HandlerInterceptorAdapter {
private final static Logger logger = LoggerFactory.getLogger(RefererInterceptor.class);
@Value("${http.referer.ip}")
private String ipAddress;
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
String referer = req.getHeader("referer");
String host = req.getServerName();
if (referer == null) {
// 状态置为404
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
return false;
}
java.net.URL url = null;
try {
url = new java.net.URL(referer);
} catch (MalformedURLException e) {
// URL解析异常,也置为404
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
return false;
}
logger.debug("method[preHandle] url.getHost():" + url.getHost());
logger.debug("method[preHandle] ipAddress:" + ipAddress);
// 首先判断请求域名和referer域名是否相同
if (!host.equals(url.getHost())) {
List<String> allowOriginIpList = Arrays.asList(ipAddress.split(","));
if (allowOriginIpList.contains(url.getHost())) {
return true;
}
return false;
}
return true;
}
}
SpringBoot注册拦截器
@EnableWebMvc
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Bean
public RefererInterceptor refererInterceptor() {
return new RefererInterceptor();
}
/**
* 注册拦截器
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
//referer拦截
registry.addInterceptor(refererInterceptor());
}
}