java

关注公众号 jb51net

关闭
首页 > 软件编程 > java > springboot防盗链功能

springboot实现防盗链功能的示例代码

作者:Mercury_@22

防盗链(Hotlink Protection)是一种防止其他网站直接链接到你网站的资源,从而节省带宽和保护内容的有效手段,下面我们就来看看如何使用springboot实现防盗链功能吧

防盗链(Hotlink Protection)是一种防止其他网站直接链接到你网站的资源(如图片、视频等),从而节省带宽和保护内容的有效手段。在Spring Boot应用程序中实现防盗链功能,可以通过多种方式来达成,例如使用过滤器(Filter)、拦截器(Interceptor),或者通过配置Nginx等反向代理服务器。

以下是几种实现防盗链的方法:

1. 使用过滤器(Filter)

你可以创建一个自定义过滤器,在请求到达实际资源之前检查HTTP头中的`Referer`字段。如果`Referer`不在允许的域名列表中,则返回403 Forbidden响应或重定向到其他页面。

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

public class HotlinkProtectionFilter implements Filter {

    private final String[] allowedDomains = {"yourdomain.com"};

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String referer = httpRequest.getHeader("Referer");

        // Allow if there's no Referer (like direct access or bookmarks)
        if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) {
            chain.doFilter(request, response);
        } else {
            HttpServletResponse httpResponse = (HttpServletResponse) response;
            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed");
        }
    }

    @Override
    public void destroy() {}
}

然后你需要将这个过滤器注册到Spring的上下文中:

import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class WebConfig {

    @Bean
    public FilterRegistrationBean<HotlinkProtectionFilter> loggingFilter(){
        FilterRegistrationBean<HotlinkProtectionFilter> registrationBean = new FilterRegistrationBean<>();

        registrationBean.setFilter(new HotlinkProtectionFilter());
        registrationBean.addUrlPatterns("/resources/*"); // 替换为你的资源路径

        return registrationBean;
    }
}

2. 使用拦截器(Interceptor)

如果你更倾向于MVC模式,可以创建一个拦截器来执行相同的逻辑:

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component
public class HotlinkProtectionInterceptor implements HandlerInterceptor {

    private final String[] allowedDomains = {"yourdomain.com"};

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String referer = request.getHeader("Referer");

        if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) {
            return true;
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed");
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {}

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {}
}

接着,需要注册该拦截器:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Autowired
    private HotlinkProtectionInterceptor hotlinkProtectionInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(hotlinkProtectionInterceptor).addPathPatterns("/resources/**");
    }
}

3. 配置Nginx

如果你的应用程序是通过Nginx或其他反向代理服务器访问的,那么可以在Nginx配置文件中添加防盗链规则,这种方法通常更为高效:

location /resources/ {
    valid_referers none blocked yourdomain.com *.yourdomain.com;
    if ($invalid_referer) {
        return 403;
    }
}

这三种方法都可以有效地防止其他网站直接链接到你的资源。选择哪种方法取决于你的具体需求和技术栈。

以上就是springboot实现防盗链功能的示例代码的详细内容,更多关于springboot防盗链功能的资料请关注脚本之家其它相关文章!

您可能感兴趣的文章:
阅读全文