使用spring拦截器进行ip white list & basic authorization验证

public class BasicAuthorizationInterceptor extends HandlerInterceptorAdapter {

  private static final Logger logger = LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);

  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
      throws Exception {
    
    String authorization = request.getHeader("Authorization");
    logger.info("Authorization is [{}]", authorization);
    
    boolean isAuthSuccess = false;
    
    isAuthSuccess = httpBasicAuth(authorization);
    
    if(isAuthSuccess){
      return true;
    }else{
      
      response.setStatus(403);
      response.getWriter().print("Forbidden, unauthorized user");
      return false;
    }

    

  }

  
  public boolean httpBasicAuth(String authorization) throws IOException{
    
    UserConfig userconf = UserConfig.getInstanced();
    
    if (authorization!=null&&authorization.split(" ").length == 2) {
      String userAndPass = new String(new BASE64Decoder().decodeBuffer(authorization.split(" ")[1]));
      String user = userAndPass.split(":").length == 2 ? userAndPass.split(":")[0] : null;
      String pass = userAndPass.split(":").length == 2 ? userAndPass.split(":")[1] : null;
      logger.info("Username is [{}],Password is [{}]", user, pass);
      
      if(user == null || user.equals("") || pass == null || pass.equals("") ){
        return false;
      }
      
      UserInfo userinfo = userconf.getUser(user);
      
      if(userinfo == null || !pass.equals(userinfo.getPassword())){
        return false;
      }else{
        return true;
      }
    }
    return false;
  }
  
  
}

 Ip white list:

public class IPWhiteListApiInterceptor extends HandlerInterceptorAdapter {

  private static final Logger logger = LoggerFactory.getLogger(IPWhiteListApiInterceptor.class);
  
  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
      throws Exception {
    String ip = request.getRemoteHost().equals("0:0:0:0:0:0:0:1")?"127.0.0.1":request.getRemoteHost();
    logger.info("Request From [{}]",ip);
    String url = request.getRequestURI();
    logger.debug(url);
    
    List<String> ip_white_List = SystemConfig.query_Ip_white_list();
    
    if(ip_white_List.contains(ip)){
      return true;
    }else{
      response.setStatus(403);
      response.getWriter().print("Forbidden, unauthorized IP ["+ip+"]");
      return false;
    }
    
  }
  
}

spring.xml 配置：

<interceptors>
    <interceptor>
    
      <mapping path="/**" />
      <beans:bean class="com.pccw.pns.apiserver.IPWhiteListApiInterceptor" />
    </interceptor>
    
    <interceptor>
      <mapping path="/**"/>
      <beans:bean class="com.pccw.pns.apiserver.BasicAuthorizationInterceptor"/>
    </interceptor>
    
    
  </interceptors>