欧美亚洲一区在线,国产精品都在这里,美洲精品一卡2卡三卡4卡四卡

CXF WebService 對(duì)IP地址的限制訪問(wèn)

Posted on 2012-03-27 23:11 為自己代言閱讀(8024) 評(píng)論(1) 編輯收藏

首先介紹下CXF的攔截器:
簡(jiǎn)單地說(shuō)，CXF使用流水線型(或者說(shuō)總線型)處理機(jī)制，它的核心是一個(gè)Bus。一個(gè)客戶端的請(qǐng)求或者一個(gè)對(duì)客戶端樁代碼的調(diào)用被組織成為一個(gè)Message。同時(shí)，所有的CXF功能都組織成Interceptor掛接在Bus上，分階段依次處理Message。Message本質(zhì)上是一個(gè)Map數(shù)據(jù)結(jié)構(gòu)，既包含系統(tǒng)公共的也包含Interceptor自定義的數(shù)據(jù)。

AbstractPhaseInterceptor<Message>這個(gè)抽象類攔截器類,自定義攔截器類可以繼承它實(shí)現(xiàn)它其中一個(gè)抽象方法public void handleMessage(Message message) throws Fault

如下代碼實(shí)現(xiàn):

package com.jd.train.service.webservice.ipinterceptor;

import com.jd.train.service.util.CodesUtil;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

/**
* Created by IntelliJ IDEA.
* User: zhangzhaozhao
* Date: 12-3-26
* Time: 下午4:06
* To change this template use File | Settings | File Templates.
*/
public class IpAddressInInterceptor extends AbstractPhaseInterceptor<Message> {
//這個(gè)屬性是注入進(jìn)來(lái)的,你也可以從properties,xml文件中去讀取,也可以從數(shù)據(jù)庫(kù)中去獲取;
private List<String> ipList;

    public void setIpList(List<String> ipList) {
        this.ipList = ipList;
    }

    private final static Logger logger = LogManager.getLogger(IpAddressInInterceptor.class);
    public IpAddressInInterceptor() {
        super(Phase.RECEIVE);
    }

    public void handleMessage(Message message) throws Fault {
        //指定CXF獲取客戶端的HttpServletRequest : http-request；
        HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
        String ipAddress="";
        boolean flag = false;
        if (null != request) {
            ipAddress = getUserIpAddr(request); // 取客戶端IP地址
            logger.info("請(qǐng)求客戶端的IP地址:" + ipAddress);
            for (String s : ipList) {
                if (s.equals(ipAddress)) {
                    flag = true;
                    break;
                }
            }
        }
        if(!flag) {
            throw new Fault(new IllegalAccessException("IP address " + ipAddress + " is stint"));
        }
    }

    /**
     * 獲取IP地址的方法
     * @param request
     * @return
     */
    private String getUserIpAddr(HttpServletRequest request) {
        //獲取經(jīng)過(guò)代理的客戶端的IP地址; 排除了request.getRemoteAddr() 方法在通過(guò)了Apache,Squid等反向代理軟件就不能獲取到客戶端的真實(shí)IP地址了
        String ip = CodesUtil.getIpAddr(request);
        if (ip != null && ip.indexOf(",") > 0) {
            logger.info("取到客戶多個(gè)ip1====================" + ip);
            String[] arr = ip.split(",");
            ip = arr[arr.length - 1].trim();//有多個(gè)ip時(shí)取最后一個(gè)ip
            logger.info("取到客戶多個(gè)ip2====================" + ip);
        }
        return ip;
    }
}

看下Spring 配置文件的信息:

<jaxws:endpoint id="messageNotifyServices" address="/MessageNotifyServices" >
        <jaxws:implementor>
            <bean class="com.jd.train.service.webservice.impl.MessageNotifyServicesImpl"/>
        </jaxws:implementor>
        <jaxws:inInterceptors>
            <ref bean="ipInterceptor"/>
        </jaxws:inInterceptors>
    </jaxws:endpoint>
    
    <jaxws:endpoint id="orderStatusServices" address="/OrderStatusServices">
        
        <jaxws:implementor>
            <bean class="com.jd.train.service.webservice.impl.OrderStatusServicesImpl"/>
        </jaxws:implementor>
        <jaxws:inInterceptors>
            <ref bean="ipInterceptor"/>
        </jaxws:inInterceptors>
    </jaxws:endpoint>

<http-conf:conduit name="${train.api.domain.name}.*">
        <http-conf:client ConnectionTimeout="10000" ReceiveTimeout="20000"/>
    </http-conf:conduit>

<cxf:bus>
       <cxf:inInterceptors>
           <ref bean="logIn"/>
       </cxf:inInterceptors>
       <cxf:outInterceptors>
           <ref bean="logOut" />
       </cxf:outInterceptors>
   </cxf:bus>

</beans>

解釋下里面東西:
<jaxws:endpoint id="messageNotifyServices" address="/MessageNotifyServices" >
<jaxws:implementor>
    <bean class="com.jd.train.service.webservice.impl.MessageNotifyServicesImpl"/>
</jaxws:implementor>
<jaxws:inInterceptors>
    <ref bean="ipInterceptor"/>
</jaxws:inInterceptors>
</jaxws:endpoint>


<jaxws:endpoint id="orderStatusServices" address="/OrderStatusServices">

<jaxws:implementor>
    <bean class="com.jd.train.service.webservice.impl.OrderStatusServicesImpl"/>
</jaxws:implementor>
<jaxws:inInterceptors>
    <ref bean="ipInterceptor"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
這兩個(gè)是我發(fā)布出去的WebService 接口(這里需要你自己去實(shí)現(xiàn),我并沒(méi)有把代碼貼出來(lái));
<jaxws:inInterceptors>
    <ref bean="ipInterceptor"/>
</jaxws:inInterceptors> 這個(gè)是自定義的攔截器類

說(shuō)到這里需要注意下了:如果把自定義的攔截器引入到發(fā)布出去的接口當(dāng)中,而不是引入到全局的<cxf:bus>中,這樣只對(duì)你發(fā)布出去的接口起作用
如果配置到全局的<cxf:bus>中對(duì)你訪問(wèn)第三方的WebService接口和別人訪問(wèn)你發(fā)布出去的WebService接口,都起到攔截作用,我開(kāi)發(fā)過(guò)程遇到此問(wèn)題,我調(diào)用第三方的webService接口時(shí)候也被攔截了,其中在自定義攔截器的HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
request是null ,并且IP也被過(guò)過(guò)濾掉了,使其我不能訪問(wèn)第三方的接口了.

第二個(gè)問(wèn)題:就是Spring 配置文件的頭信息 http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd搞進(jìn)去!

第三個(gè)問(wèn)題:就是在獲取客戶IP時(shí)候,request.getRemoteAddr()取得客戶端的IP地址,但是在通過(guò)了Apache,Squid等反向代理軟件就不能獲取到客戶端的真實(shí)IP地址了。
經(jīng)過(guò)代理以后，由于在客戶端和服務(wù)之間增加了中間層，因此服務(wù)器無(wú)法直接拿到客戶端的IP，服務(wù)器端應(yīng)用也無(wú)法直接通過(guò)轉(zhuǎn)發(fā)請(qǐng)求的地址返回給客戶端。但是在轉(zhuǎn)發(fā)請(qǐng)求的HTTP頭信息中，增加了X－FORWARDED－FOR信息用以跟蹤原有的客戶端IP地址和原來(lái)客戶端請(qǐng)求的服務(wù)器地址。
給出比較靠譜實(shí)現(xiàn):
public static String getIpAddr(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
        }
        return ip;
    }
如果通過(guò)了多級(jí)反向代理的話，X-Forwarded-For的值并不止一個(gè)，而是一串ip值，其中哪個(gè)才是真正的用戶端的真實(shí)IP呢？
答案是取X-Forwarded-For中第一個(gè)非unknown的有效IP字符串。如：X-Forwarded-For：192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100,用戶真實(shí)IP為： 192.168.1.110
如果朋友遇到以上問(wèn)題,請(qǐng)多加注意.

評(píng)論

# re: CXF WebService 對(duì)IP地址的限制訪問(wèn) 回復(fù) 更多評(píng)論

2015-11-30 09:53 by admin

fsfsdfsafdsaf

新用戶注冊(cè) 刷新評(píng)論列表


只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 Chat2DB C++博客博問(wèn) 管理

JAVA

CXF WebService 對(duì)IP地址的限制訪問(wèn)

評(píng)論

# re: CXF WebService 對(duì)IP地址的限制訪問(wèn) 回復(fù) 更多評(píng)論

日歷

隨筆分類

文章分類

搜索

最新評(píng)論

閱讀排行榜