一些場景中,咱們要對websocket客戶端的ip進行校驗,若是是黑名單,或者不被容許的則不該該讓他訪問業務系統。html
筆者本地使用了兩個Websocket技術原型,一個基於Netty封裝的Websocket框架:YeautyYE/netty-websocket-spring-boot-starterjava
另一個是基於JSR-356 Java Api for websocket實現的框架,實現的客戶端不少,好比tomcat,spring也有對應的支持。git
由於使用Ognl解析對象時,會把對象數據放入一棵樹,在任意調試窗口監控能夠查看到類及屬性的層次關係。github
好比查詢Ip地址,咱們這裏選擇的樹路徑是web
#root->channel->remoteAddress
他返回的對象時InetSocketAddress的實例,獲得這個對象後,你能夠調用spring
.getAddress().getHostAddress()
方法得到最終的ip真實地址,固然你也可使用其餘表達式來得到
#root.channel.remoteAddress.holder.addr.holder.hostName
#root.channel.remoteAddress.holder.addr.hostName
這些表達式須要你本身去評估計算。express
封裝代碼以下:api
import lombok.extern.slf4j.Slf4j; import ognl.DefaultMemberAccess; import ognl.Ognl; import ognl.OgnlContext; import ognl.OgnlException; import org.yeauty.pojo.Session; @Slf4j public final class NettyWebsocketHelper { private NettyWebsocketHelper() { } private static OgnlContext context = new OgnlContext(); /** * set DefaultMemberAccess with allowed access into the context */ static { context.setMemberAccess(new DefaultMemberAccess(true)); } public static String getRemoteAddress(final Session session) { //.getAddress().getHostAddress() //.holder.addr.hostName //.holder.addr.holder.address //.holder.addr.holder.hostName //return (String) eval(session,"#root.channel.remoteAddress"); return eval(session, "#root.channel.remoteAddress.getAddress().getHostAddress()", String.class); } public static <T> T eval(final Object source, final String expression, Class<T> targetClass) { try { return (T) Ognl.getValue(expression, context, source); } catch (OgnlException e) { log.error("評估表達式出錯:{}", e); throw new IllegalAccessError("expression invalid"); } } public static Object eval(final Object source, final String expression) { Object value = null; try { value = Ognl.getValue(expression, context, source); log.info("return value :{}, class.name:{}", value, value.getClass().getName()); } catch (OgnlException e) { log.error("評估表達式出錯:{}", e); } return value; } }
使用方法:tomcat
/*** * 登陸ws服務器 * @param session * @param appId * @param apiKey * @throws InterruptedException */ private void onLogin(Session session, String appId, String apiKey) { String remoteAddress = NettyWebsocketHelper.getRemoteAddress(session); ApiService service = apiService.getService(appId, apiKey); if (Objects.isNull(service)) { session.sendText("appid無效"); session.close(); return; } final String serviceType = service.getServiceType(); final Integer serviceId = service.getId(); log.info("遠程IP:{}正在嘗試登陸到api服務器", remoteAddress); if (!checkWhiteList(serviceId, remoteAddress)) { session.sendText("禁止調用API接口的IP:".concat(remoteAddress)); session.close(); return; } }
調用結果服務器
2020-1-15日更新:
參考來源:https://stackoverflow.com/questions/22690907/client-socket-get-ip-java
/*** * 登陸ws服務器 * @param session * @param appId * @param apiKey * @throws InterruptedException */ private void onLogin(Session session, String appId, String apiKey) { String ip = resolveRemoteIp(session.remoteAddress()); log.info("遠程IP地址:{}",ip); } String resolveRemoteIp(SocketAddress socketAddress) { if (socketAddress instanceof InetSocketAddress) { InetAddress inetAddress = ((InetSocketAddress)socketAddress).getAddress(); if (inetAddress instanceof Inet4Address) { log.info("IPv4:{}",inetAddress); return inetAddress.getHostAddress(); }else if (inetAddress instanceof Inet6Address) { log.info("IPv6:{}",inetAddress); }else { log.error("Not an IP address."); return null; } } else { log.error("Not an internet protocol socket."); } return null; }