横云断岭 2016-01-16
http://my.oschina.net/wnjustdoit/blog/603566
方式:
1、实现接口:org.springframework.web.servlet.HandlerInterceptor
2、继承抽象类:org.springframework.web.servlet.handler.HandlerInterceptorAdapter
spring配置文件:
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/restapi/user/identifycode/**" /> <mvc:mapping path="/restapi/user/email/edit" /> <bean class="com.maijia.ucenter.rest.web.interceptors.IdentifyCodeInterceptor" /> </mvc:interceptor> </mvc:interceptors>
全局拦截器:
<mvc:interceptors> <bean class="com.app.mvc.MyInteceptor" /> </mvc:interceptors>
或
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"> <property name="interceptors"> <list> <bean class="com.mvc.MyInteceptor"></bean> </list> </property> </bean>
拦截器类:
package com.caiya.ucenter.rest.web.interceptors; import java.util.Date; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import com.caiya.ucenter.rest.web.utils.ClientIpUtils; import com.caiya.cache.ICache; /** * 短信校验码拦截器,只允许60秒之后重发一次 * ADD 邮箱验证码 * 涉及找回密码 & 绑定邮箱 */ public class IdentifyCodeInterceptor extends HandlerInterceptorAdapter { @Resource private ICache cache; private static Logger logger = Logger.getLogger(IdentifyCodeInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String path = request.getRequestURI(); String ip = ClientIpUtils.getClientIP(request); if(path.contains("/restapi/user/identifycode/sms")){ // 发送短信验证码 String mobile = request.getParameter("mobile"); if(cache.get(createCacheKey(mobile)) != null){ logger.error(new StringBuilder("ip:").append(ip).append(",mobile:").append(mobile).append(" 在1分钟内再次请求短信验证码,请求拒绝!")); throw new IllegalAccessException("短信验证码需在1分钟之后再次请求!"); } }else if(path.contains("/restapi/user/identifycode/email") || path.contains("/restapi/user/email/edit")){ // 发送邮箱验证码 String email = request.getParameter("email"); if(cache.get(createCacheKey(email)) != null){ logger.error(new StringBuilder("ip:").append(ip).append(",email:").append(email).append(" 在1分钟内再次请求邮箱验证码,请求拒绝!")); throw new IllegalAccessException("邮箱验证码需在1分钟之后再次请求!"); } } // ip另外限制 if(cache.get(createCacheKey(ip)) != null){ logger.error(new StringBuilder("ip:").append(ip).append(",ip:").append(ip).append(" 在1分钟内再次请求验证码,请求拒绝!")); throw new IllegalAccessException("验证码请求需在1分钟之后再次请求!"); } return super.preHandle(request, response, handler); } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { String path = request.getRequestURI(); String ip = ClientIpUtils.getClientIP(request); if(path.contains("/restapi/user/identifycode/sms")){ // 发送短信验证码 String mobile = request.getParameter("mobile"); try{ // 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去 cache.set(createCacheKey(mobile), new Date(), 60); }catch(Exception e){ logger.error(e.getMessage(), e); } }else if(path.contains("/restapi/user/identifycode/email") || path.contains("/restapi/user/email/edit")){ // 发送邮箱验证码 String email = request.getParameter("email"); try{ // 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去 cache.set(createCacheKey(email), new Date(), 60); }catch(Exception e){ logger.error(e.getMessage(), e); } } // ip另外限制 try{ // 一般1分钟过期,如果在preHandle中获取到这个缓存,那么不允许他继续下去 cache.set(createCacheKey(ip), new Date(), 60); }catch(Exception e){ logger.error(e.getMessage(), e); } super.postHandle(request, response, handler, modelAndView); } private String createCacheKey(String address){ return new StringBuilder("ic_").append(address).toString(); } }