可以通过注解快速实现类似10分钟内仅可以搜索3次,以及N分钟尝试登陆多次即被禁止一小时等类似功能。
github地址
中文文档
<dependency>
<groupId>io.github.liuye744groupId>
<artifactId>simpleAuth-spring-boot-starterartifactId>
<version>1.3.3.RELEASEversion>
dependency>
可以为整个Controller添加,也可以为Controller中单个方法添加。访问超过限制则会抛出AccessIsRestrictedException
@RestController
public class MyController {
@GetMapping("say")
//10分钟内只允许访问5次,超过之后将会被禁止10分钟
@SimpleLimit(value = 5, seconds = 600, ban = 600)
public String say(){
return "Hello World";
}
}
当返回“success”时才记录操作,返回其他内容时不记录操作,不限制访问
@RestController
public class MyController {
@GetMapping("say")
@SimpleLimit(effectiveStrategic = MyEffectiveStrategic.class)
public String say(String str){
if (str.length()>3 && str.length()<12){
return "success";
}else {
return "fail";
}
}
}
public class MyEffectiveStrategic extends EffectiveStrategic {
@Override
public Boolean effective(HttpServletRequest request, ProceedingJoinPoint joinPoint, Object result) {
String myResult = (String)result;
//返回true则记录,false不记录
return "success".equals(myResult);
}
}
传递的参数不同访问限制不同(例如想要规定时间内每个资源只能点赞N次)
@RestController
public class MyController {
@GetMapping("say")
@SimpleLimit(signStrategic = MySignStrategic.class)
public String say(String str){
return "Hello World";
}
}
public class MySignStrategic extends SignStrategic {
@Override
public String sign(HttpServletRequest request, ProceedingJoinPoint joinPoint) {
final Object[] args = joinPoint.getArgs();
final Signature signature = joinPoint.getSignature();
//将参数拼接到用户sign中,保证每个用户传递不同的参数标志不相同
StringBuilder sb = new StringBuilder();
sb.append(signature);
for (Object arg : args) {
sb.append(arg.toString());
}
System.out.println(sb);
return sb.toString();
}
}
或者可以使用预制的DiffParameterSign
策略,来实现相同的效果
@RestController
public class MyController {
@GetMapping("say")
@SimpleLimit(signStrategic = DiffParameterSign.class)
public String say(String str){
return "Hello World";
}
}
//全局访问控制
@Component
public class MyInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
final String addr = request.getRemoteAddr();
//以用户的地址作为标志,每5分钟(300s)只允许访问2次,超过之后被禁止10分钟
//addRecord方法调用后可以访问则返回true,禁止访问返回false
return LimitInfoUtil.addRecord("GLOBAL_ACCESS_CONTROL", addr, 2, 300, 600);
}
}
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new MyInterceptor()).addPathPatterns("/*");
}
}