websocket中獲取客戶端通訊的真實IP

時間 2020-07-22

標籤 websocket 獲取客戶端通訊真實简体版

原文原文鏈接

一些場景中，咱們要對websocket客戶端的ip進行校驗，若是是黑名單，或者不被容許的則不該該讓他訪問業務系統。html

筆者本地使用了兩個Websocket技術原型，一個基於Netty封裝的Websocket框架：YeautyYE/netty-websocket-spring-boot-starterjava

另一個是基於JSR-356 Java Api for websocket實現的框架，實現的客戶端不少，好比tomcat，spring也有對應的支持。git

表達式得到方法

由於使用Ognl解析對象時，會把對象數據放入一棵樹，在任意調試窗口監控能夠查看到類及屬性的層次關係。github

好比查詢Ip地址，咱們這裏選擇的樹路徑是web

#root->channel->remoteAddress

他返回的對象時InetSocketAddress的實例，獲得這個對象後，你能夠調用spring

.getAddress().getHostAddress()

方法得到最終的ip真實地址，固然你也可使用其餘表達式來得到

#root.channel.remoteAddress.holder.addr.holder.hostName

#root.channel.remoteAddress.holder.addr.hostName

這些表達式須要你本身去評估計算。express

netty-websocket-spring-boot-starter

封裝代碼以下：api

import lombok.extern.slf4j.Slf4j; import ognl.DefaultMemberAccess; import ognl.Ognl; import ognl.OgnlContext; import ognl.OgnlException; import org.yeauty.pojo.Session;  @Slf4j public final class NettyWebsocketHelper { private NettyWebsocketHelper() { } private static OgnlContext context = new OgnlContext(); /** * set DefaultMemberAccess with allowed access into the context */
    static { context.setMemberAccess(new DefaultMemberAccess(true)); } public static String getRemoteAddress(final Session session) { //.getAddress().getHostAddress() //.holder.addr.hostName //.holder.addr.holder.address //.holder.addr.holder.hostName //return (String) eval(session,"#root.channel.remoteAddress");
        return eval(session, "#root.channel.remoteAddress.getAddress().getHostAddress()", String.class); } public static <T> T eval(final Object source, final String expression, Class<T> targetClass) { try { return (T) Ognl.getValue(expression, context, source); } catch (OgnlException e) { log.error("評估表達式出錯:{}", e); throw new IllegalAccessError("expression invalid"); } } public static Object eval(final Object source, final String expression) { Object value = null; try { value = Ognl.getValue(expression, context, source); log.info("return value :{}, class.name:{}", value, value.getClass().getName()); } catch (OgnlException e) { log.error("評估表達式出錯:{}", e); } return value; } }

使用方法：tomcat

/*** * 登陸ws服務器 * @param session * @param appId * @param apiKey * @throws InterruptedException */
    private void onLogin(Session session, String appId, String apiKey) { String remoteAddress = NettyWebsocketHelper.getRemoteAddress(session); ApiService service = apiService.getService(appId, apiKey); if (Objects.isNull(service)) { session.sendText("appid無效"); session.close(); return; } final String serviceType = service.getServiceType(); final Integer serviceId = service.getId(); log.info("遠程IP:{}正在嘗試登陸到api服務器", remoteAddress); if (!checkWhiteList(serviceId, remoteAddress)) { session.sendText("禁止調用API接口的IP:".concat(remoteAddress)); session.close(); return; } }

調用結果服務器

2020-1-15日更新：

參考來源：https://stackoverflow.com/questions/22690907/client-socket-get-ip-java

/*** * 登陸ws服務器 * @param session * @param appId * @param apiKey * @throws InterruptedException */
private void onLogin(Session session, String appId, String apiKey) { String ip = resolveRemoteIp(session.remoteAddress()); log.info("遠程IP地址:{}",ip); } String resolveRemoteIp(SocketAddress socketAddress) { if (socketAddress instanceof InetSocketAddress) { InetAddress inetAddress = ((InetSocketAddress)socketAddress).getAddress(); if (inetAddress instanceof Inet4Address) { log.info("IPv4:{}",inetAddress); return inetAddress.getHostAddress(); }else if (inetAddress instanceof Inet6Address) { log.info("IPv6:{}",inetAddress); }else { log.error("Not an IP address."); return null; } } else { log.error("Not an internet protocol socket."); } return null; }

JSR356

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。