<!-- 實現白名單的依賴>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
第一個類: 驗證入口
/*
* Title: V100R001C00<br>
* Description: [描述模塊的功能、作用、使用方法和注意事項]<br>
* Copyright: Copyright (c) 1988-2015<br>
* Company:
* @author
* @version
*/
package com.huawei.IpController.controller;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import io.restassured.RestAssured;
import io.restassured.response.Response;
/**
* <br>
*
* @see [相關類,可選、也可多條,對於重要的類或接口建議註釋]
* @since
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomIpAuthenticationProvider authenticationProvider;
@Override //此處重寫的方法適合ip個數比較多的情況
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
//auth.inMemoryAuthentication().withUser("john").password("{noop}123").authorities("ROLE_USER"); //簡化授權配置
auth.authenticationProvider(authenticationProvider); //與上面註釋掉的功能一樣,只是這裏需要下面的authenticationProvider 類而上面的不需要
}
/*@Override //此處重寫的方法可以單獨使用 適合ip個數比較少的情況
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/ipCo/**").permitAll()//對於所有的ip 即使不在白名單中也能訪問此處的資源
.antMatchers("/ipController/**").hasIpAddress("127.0.0.1") //特定ip可以不登錄獲取資源
.antMatchers("/ipControll/**").access("isAuthenticated() and hasIpAddress('127.0.0.1')")//特定ip必須登錄才能獲取
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().csrf().disable();
}
*/
}
第二個類: 實現多個ip白名單驗證的注入類
package com.huawei.IpController.controller;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Component;
@Component
public class CustomIpAuthenticationProvider implements AuthenticationProvider {
Set<String> whitelist = new HashSet<String>();
public CustomIpAuthenticationProvider() {
super();
whitelist.add("11.11.11.11");
whitelist.add("127.0.0.2");
}
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
WebAuthenticationDetails details = (WebAuthenticationDetails) auth.getDetails();
String userIp = details.getRemoteAddress();
System.out.println("*********"+userIp);
if(! whitelist.contains(userIp)){
throw new BadCredentialsException("Invalid IP Address");
}
final String name = auth.getName();
final String password = auth.getCredentials().toString();
if (name.equals("john") && password.equals("123")) {
List<GrantedAuthority> authorities =new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return new UsernamePasswordAuthenticationToken(name, password, authorities);
}
else{
throw new BadCredentialsException("Invalid username or password");
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}