当前位置:编程学习 > 网站相关 >>

防止用户恶意刷新过滤器

为了防止用户对网站页面刷新过于频繁,需要对这种恶意操作进行判断并且屏蔽.虽然公司要有这样的一个功能,但是我觉得太没有必要了.只要你服务器够好,你何必需要这样的功能呢?下面是全部代码(仅供大家参考,我觉得实际意义不是很大):
 
import java.io.IOException; 
import java.util.Map; 
import java.util.concurrent.ConcurrentHashMap; 
import java.util.concurrent.CopyOnWriteArrayList; 
 
import javax.servlet.Filter; 
import javax.servlet.FilterChain; 
import javax.servlet.FilterConfig; 
import javax.servlet.ServletException; 
import javax.servlet.ServletRequest; 
import javax.servlet.ServletResponse; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
 
import com.f139.frame.util.NetUtil; 
 
public class RefreshFilter implements Filter { 
 
    private static final Map<String, Integer> ipcount = new ConcurrentHashMap<String, Integer>(); 
 
    @Override 
    public void doFilter(ServletRequest request, ServletResponse response, 
            FilterChain chain) throws IOException, ServletException { 
 
        try { 
            filter((HttpServletRequest) request, 
                    (HttpServletResponse) response, chain); 
        } catch (InterruptedException e) { 
            e.printStackTrace(); 
        } 
    } 
 
    private void filter(HttpServletRequest request, 
            HttpServletResponse response, FilterChain chain) 
            throws IOException, ServletException, InterruptedException { 
        response.setCharacterEncoding("UTF-8"); 
        request.setCharacterEncoding("UTF-8"); 
        // 获得用户的IP地址,根据用户IP地址来判断此用户是否刷新过于频繁 
        String userIP = NetUtil.getIpAddr(request); 
        Cache cache = Cache.getInstance(); 
        cache.increment(userIP); 
        if (cache.isUpCount(userIP)) { 
            Integer count = ipcount.get(userIP); 
            if (count != null) { 
                ipcount.put(userIP, count + 1); 
                System.out.println(ipcount.get(userIP)); 
            } else { 
                count = 0; 
                ipcount.put(userIP, count + 1); 
            } 
            if (ipcount.get(userIP) > 3) { 
                response.getWriter().println("很抱歉,您操作过于频繁."); 
                //403页面 
                ((HttpServletResponse) response) 
                        .sendError(HttpServletResponse.SC_FORBIDDEN); 
                /**
                 * 在这里可以使用quartz工作调度对map进行定时的清理,时被禁止的用户可以重新访问本页面
                 */ 
                return; 
            } 
            response.getWriter().println("操作频繁,请3秒后再试"); 
            return; 
        } 
        chain.doFilter(request, response); 
    } 
 
    @Override 
    public void destroy() { 
 
    } 
 
    @Override 
    public void init(FilterConfig config) throws ServletException {  
 
    } 
 
    private static class Cache { 
 
        private static final ConcurrentHashMap<String, CopyOnWriteArrayList<Long>> map = new ConcurrentHashMap<String, CopyOnWriteArrayList<Long>>(); 
        // 用户闲置时间 
        private static final long EXPIRE_TIME = 1000 * 5L; 
        // 用户频繁刷新次数上限,第六次就禁止刷新 www.zzzyk.com
        private static final int MAX_COUNT = 5; 
 
        private static final Cache cache = new Cache(); 
 
        private Cache() { 
            new Thread(new ClearCacheThread()).start(); 
        } 
 
        public static Cache getInstance() { 
            return cache; 
        } 
 
        // 每次刷新页面的时候就在缓存中增加一个刷新时间点(标识刷新次数) 
        public void increment(String key) { 
            CopyOnWriteArrayList<Long> list = map.get(key); 
            if (list == null) { 
                map.put(key, new CopyOnWriteArrayList
补充:综合编程 , 安全编程 ,
CopyRight © 2012 站长网 编程知识问答 www.zzzyk.com All Rights Reserved
部份技术文章来自网络,