該示例項(xiàng)目通過自定義注解,實(shí)現(xiàn)接口訪問次數(shù)控制,從而實(shí)現(xiàn)接口防刷功能,項(xiàng)目結(jié)構(gòu)如下:
一、編寫注解類 AccessLimit
package cn.mygweb.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 訪問控制注解(實(shí)現(xiàn)接口防刷功能)
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AccessLimit {
/**
* 限制周期(單位為秒)
*
* @return
*/
int seconds();
/**
* 規(guī)定周期內(nèi)限制次數(shù)
*
* @return
*/
int maxCount();
/**
* 是否需要登錄
*
* @return
*/
boolean needLogin() default false;
}
二、在Interceptor攔截器中實(shí)現(xiàn)攔截邏輯
package cn.mygweb.interceptor;
import cn.mygweb.annotation.AccessLimit;
import cn.mygweb.entity.Result;
import cn.mygweb.entity.StatusCode;
import com.alibaba.fastjson.JSON;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.Map;
/**
* 訪問控制攔截器
*/
@Component
public class AccessLimitInterceptor extends HandlerInterceptorAdapter {
//模擬數(shù)據(jù)存儲(chǔ),實(shí)際業(yè)務(wù)中可以自定義實(shí)現(xiàn)方式
private static MapString, AccessInfo> accessInfoMap = new HashMap>();
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
Object handler) throws Exception {
//判斷請(qǐng)求是否屬于方法的請(qǐng)求
if (handler instanceof HandlerMethod) {
HandlerMethod hm = (HandlerMethod) handler;
//獲取方法中的注解,看是否有該注解
AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);
if (accessLimit == null) {
return true;
}
int seconds = accessLimit.seconds();
int maxCount = accessLimit.maxCount();
boolean needLogin = accessLimit.needLogin();
String key = request.getRequestURI();
//如果需要登錄
if (needLogin) {
//獲取登錄的session進(jìn)行判斷
//……
key += " " + "userA";//這里假設(shè)用戶是userA,實(shí)際項(xiàng)目中可以改為userId
}
//模擬從redis中獲取數(shù)據(jù)
AccessInfo accessInfo = accessInfoMap.get(key);
if (accessInfo == null) {
//第一次訪問
accessInfo = new AccessInfo();
accessInfo.setFirstVisitTimestamp(System.currentTimeMillis());
accessInfo.setAccessCount(1);
accessInfoMap.put(key, accessInfo);
} else if (accessInfo.getAccessCount() maxCount) {
//訪問次數(shù)加1
accessInfo.setAccessCount(accessInfo.getAccessCount() + 1);
accessInfoMap.put(key, accessInfo);
} else {
//超出訪問次數(shù),判斷時(shí)間是否超出設(shè)定時(shí)間
if ((System.currentTimeMillis() - accessInfo.getFirstVisitTimestamp()) = seconds * 1000) {
//如果還在設(shè)定時(shí)間內(nèi),則為不合法請(qǐng)求,返回錯(cuò)誤信息
render(response, "達(dá)到訪問限制次數(shù),請(qǐng)稍后重試!");
return false;
} else {
//如果超出設(shè)定時(shí)間,則為合理的請(qǐng)求,將之前的請(qǐng)求清空,重新計(jì)數(shù)
accessInfo.setFirstVisitTimestamp(System.currentTimeMillis());
accessInfo.setAccessCount(1);
accessInfoMap.put(key, accessInfo);
}
}
}
return true;
}
/**
* 向頁面發(fā)送消息
*
* @param response
* @param msg
* @throws Exception
*/
private void render(HttpServletResponse response, String msg) throws Exception {
response.setContentType("application/json;charset=UTF-8");
OutputStream out = response.getOutputStream();
String str = JSON.toJSONString(new Result(true, StatusCode.ACCESSERROR, msg));
out.write(str.getBytes("UTF-8"));
out.flush();
out.close();
}
/**
* 封裝的訪問信息對(duì)象
*/
class AccessInfo {
/**
* 一個(gè)計(jì)數(shù)周期內(nèi)第一次訪問的時(shí)間戳
*/
private long firstVisitTimest
/**
* 訪問次數(shù)統(tǒng)計(jì)
*/
private int accessCount;
public long getFirstVisitTimestamp() {
return firstVisitTimest
}
public void setFirstVisitTimestamp(long firstVisitTimestamp) {
this.firstVisitTimestamp = firstVisitTimest
}
public int getAccessCount() {
return accessCount;
}
public void setAccessCount(int accessCount) {
this.accessCount = accessCount;
}
@Override
public String toString() {
return "AccessInfo{" +
"firstVisitTimestamp=" + firstVisitTimestamp +
", accessCount=" + accessCount +
'}';
}
}
}
三、把Interceptor注冊(cè)到springboot中
package cn.mygweb.config;
import cn.mygweb.interceptor.AccessLimitInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* 攔截器注冊(cè)配置
*/
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
//注冊(cè)攔截器
registry.addInterceptor(new AccessLimitInterceptor());
}
}
四、在Controller中加入注解實(shí)現(xiàn)接口防刷
package cn.mygweb.controller;
import cn.mygweb.annotation.AccessLimit;
import cn.mygweb.entity.Result;
import cn.mygweb.entity.StatusCode;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/access")
public class AccessController {
@AccessLimit(seconds = 5, maxCount = 2)//訪問控制,5秒內(nèi)只能訪問2次
@GetMapping
public Result access() {
return new Result(true, StatusCode.OK, "訪問成功!");
}
}
五、測(cè)試訪問
附:StatusCode.java、Result.java、application.yml
StatusCode類
package cn.mygweb.entity;
/**
* 返回狀態(tài)碼
*/
public class StatusCode {
public static final int OK = 20000;//成功
public static final int ERROR = 20001;//失敗
public static final int LOGINERROR = 20002;//用戶名或密碼錯(cuò)誤
public static final int ACCESSERROR = 20003;//權(quán)限不足
public static final int REMOTEERROR = 20004;//遠(yuǎn)程調(diào)用失敗
public static final int REPERROR = 20005;//重復(fù)操作
public static final int NOTFOUNDERROR = 20006;//沒有對(duì)應(yīng)的搶購(gòu)數(shù)據(jù)
}
Result類:
package cn.mygweb.entity;
import java.io.Serializable;
/**
* 響應(yīng)結(jié)果
*/
public class ResultT> implements Serializable {
private boolean flag;//是否成功
private Integer code;//返回碼
private String message;//返回消息
private T data;//返回?cái)?shù)據(jù)
public Result(boolean flag, Integer code, String message, Object data) {
this.flag = flag;
this.code = code;
this.message = message;
this.data = (T) data;
}
public Result(boolean flag, Integer code, String message) {
this.flag = flag;
this.code = code;
this.message = message;
}
public Result() {
this.flag = true;
this.code = StatusCode.OK;
this.message = "操作成功!";
}
public boolean isFlag() {
return flag;
}
public void setFlag(boolean flag) {
this.flag = flag;
}
public Integer getCode() {
return code;
}
public void setCode(Integer code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public T getData() {
return data;
}
public void setData(T data) {
this.data = data;
}
}
applications.yml:
到此這篇關(guān)于基于注解實(shí)現(xiàn) SpringBoot 接口防刷的方法的文章就介紹到這了,更多相關(guān)SpringBoot 接口防刷內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!
您可能感興趣的文章:- SpringBoot 防止接口惡意多次請(qǐng)求的操作
- 使用SpringBoot跨系統(tǒng)調(diào)用接口的方案
- Springboot使用redis進(jìn)行api防刷限流過程詳解
- SpringBoot項(xiàng)目中接口防刷的完整代碼