springboot实现防盗链功能的示例代码
作者:Mercury_@22
防盗链(Hotlink Protection)是一种防止其他网站直接链接到你网站的资源,从而节省带宽和保护内容的有效手段,下面我们就来看看如何使用springboot实现防盗链功能吧
防盗链(Hotlink Protection)是一种防止其他网站直接链接到你网站的资源(如图片、视频等),从而节省带宽和保护内容的有效手段。在Spring Boot应用程序中实现防盗链功能,可以通过多种方式来达成,例如使用过滤器(Filter)、拦截器(Interceptor),或者通过配置Nginx等反向代理服务器。
以下是几种实现防盗链的方法:
1. 使用过滤器(Filter)
你可以创建一个自定义过滤器,在请求到达实际资源之前检查HTTP头中的`Referer`字段。如果`Referer`不在允许的域名列表中,则返回403 Forbidden响应或重定向到其他页面。
import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import java.io.IOException; public class HotlinkProtectionFilter implements Filter { private final String[] allowedDomains = {"yourdomain.com"}; @Override public void init(FilterConfig filterConfig) throws ServletException {} @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; String referer = httpRequest.getHeader("Referer"); // Allow if there's no Referer (like direct access or bookmarks) if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) { chain.doFilter(request, response); } else { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed"); } } @Override public void destroy() {} }
然后你需要将这个过滤器注册到Spring的上下文中:
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class WebConfig { @Bean public FilterRegistrationBean<HotlinkProtectionFilter> loggingFilter(){ FilterRegistrationBean<HotlinkProtectionFilter> registrationBean = new FilterRegistrationBean<>(); registrationBean.setFilter(new HotlinkProtectionFilter()); registrationBean.addUrlPatterns("/resources/*"); // 替换为你的资源路径 return registrationBean; } }
2. 使用拦截器(Interceptor)
如果你更倾向于MVC模式,可以创建一个拦截器来执行相同的逻辑:
import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @Component public class HotlinkProtectionInterceptor implements HandlerInterceptor { private final String[] allowedDomains = {"yourdomain.com"}; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String referer = request.getHeader("Referer"); if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) { return true; } else { response.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed"); return false; } } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {} @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {} }
接着,需要注册该拦截器:
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class WebConfig implements WebMvcConfigurer { @Autowired private HotlinkProtectionInterceptor hotlinkProtectionInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(hotlinkProtectionInterceptor).addPathPatterns("/resources/**"); } }
3. 配置Nginx
如果你的应用程序是通过Nginx或其他反向代理服务器访问的,那么可以在Nginx配置文件中添加防盗链规则,这种方法通常更为高效:
location /resources/ { valid_referers none blocked yourdomain.com *.yourdomain.com; if ($invalid_referer) { return 403; } }
这三种方法都可以有效地防止其他网站直接链接到你的资源。选择哪种方法取决于你的具体需求和技术栈。
以上就是springboot实现防盗链功能的示例代码的详细内容,更多关于springboot防盗链功能的资料请关注脚本之家其它相关文章!