Home > Net >  blacklisting a set of ipAdresses in a microservice created using java and SpringBoot framework
blacklisting a set of ipAdresses in a microservice created using java and SpringBoot framework

Time:01-18

I have a micro-service designed to interrogate devices of different types and Operating Systems, but for a set of reasons , I want to blacklist a handful of IPs . Is there a way I can achieve that?

CodePudding user response:

Have you tried using HandlerInterceptor interface?

Combine with WebMvcConfigurerAdapter. This should do the job.

Something like this, not exact working code here

//Call after request processing, but before the view is rendered (after controller method call)
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
    String ip = IPAddressUtil.getClientIpAddress(httpServletRequest);
    List<BlackList> blackLists = blackListDao.findByIp(ip);
    if (blackLists == null || blackLists.size() == 0){
        urlHandle(httpServletRequest, 5000, 10);
    } else {
         //Forced control jump
         modelAndView.setViewName("/errorpage/error.html");
    }
}

BlackListDao class can be something like this

@Mapper
public interface BlackListDao {
    //Find records by IP
    List<BlackList> findByIp(String IP);
    //Add record
    int addBlackList(@Param("blackList") BlackList blackList);
}

Configure the Interceptor Webmvcconfigureradapter for spring MVC.

@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {
    @Bean // inject our interceptor as bean
    public HandlerInterceptor getMyInterceptor(){
    return new URLInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
    //Multiple interceptors form an interceptor chain
    //Addpathpatterns is used to add interception rules. Here we assume that all links after interception / URL
    //Excludepathpatterns user exclusion
registry.addInterceptor(getMyInterceptor()).addPathPatterns("/url/**");
            super.addInterceptors(registry);
}

CodePudding user response:

The best way is to check it in the HttpFirewall which can check if a HttpServletRequest is potentially dangerous or not before allowing it to go through FilterChainProxy.

Basically you need to override the default StrictHttpFirewall and add the logic to check if the source IP of the request is in the blacklist , something likes:

public class MyFirewall extends StrictHttpFirewall {

    private Set<String> backlistIPs;

    public MyFirewall(Set<String> backlistIPs){
         this.backlistIPs = backlistIPs;
    }

    @Override
    public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
        
        String sourceIp = getClientIpAddress(request);

        if(backlistIPs.contains(sourceIp)){
          throw new RequestRejectedException("IP is blacklisted");
        }

        return super.getFirewalledRequest(request);
    }
}

Note : Refer this for how to implement getClientIpAddress()

Then configure to use it :

@EnableWebSecurity
public class Config extends WebSecurityConfigurerAdapter {
    
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.httpFirewall(new MyFirewall(Set.of("123.123.123.123" ,"123.123.123.124"));
    }
}

Page link:https//www.codepudding.com/net/266384.html

Prev:Spring Scheduler doesn't execute for blocking tasks
Next:Spring boot : Field names from properties file, and field values at runtime
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding