功能篇:springboot实现防盗链功能

防盗链(Hotlink Protection)是一种防止其他网站直接链接到你网站的资源(如图片、视频等),从而节省带宽和保护内容的有效手段。在Spring Boot应用程序中实现防盗链功能,可以通过多种方式来达成,例如使用过滤器(Filter)、拦截器(Interceptor),或者通过配置Nginx等反向代理服务器。

以下是几种实现防盗链的方法:

1. 使用过滤器(Filter)

你可以创建一个自定义过滤器,在请求到达实际资源之前检查HTTP头中的`Referer`字段。如果`Referer`不在允许的域名列表中,则返回403 Forbidden响应或重定向到其他页面。

```java

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import java.io.IOException;

public class HotlinkProtectionFilter implements Filter {

private final String[] allowedDomains = {"yourdomain.com"};

@Override

public void init(FilterConfig filterConfig) throws ServletException {}

@Override

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

throws IOException, ServletException {

HttpServletRequest httpRequest = (HttpServletRequest) request;

String referer = httpRequest.getHeader("Referer");

// Allow if there's no Referer (like direct access or bookmarks)

if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) {

chain.doFilter(request, response);

} else {

HttpServletResponse httpResponse = (HttpServletResponse) response;

httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed");

}

}

@Override

public void destroy() {}

}

```

然后你需要将这个过滤器注册到Spring的上下文中:

```java

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

@Configuration

public class WebConfig {

@Bean

public FilterRegistrationBean<HotlinkProtectionFilter> loggingFilter(){

FilterRegistrationBean<HotlinkProtectionFilter> registrationBean = new FilterRegistrationBean<>();

registrationBean.setFilter(new HotlinkProtectionFilter());

registrationBean.addUrlPatterns("/resources/*"); // 替换为你的资源路径

return registrationBean;

}

}

```

2. 使用拦截器(Interceptor)

如果你更倾向于MVC模式,可以创建一个拦截器来执行相同的逻辑:

```java

import org.springframework.stereotype.Component;

import org.springframework.web.servlet.HandlerInterceptor;

import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@Component

public class HotlinkProtectionInterceptor implements HandlerInterceptor {

private final String[] allowedDomains = {"yourdomain.com"};

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

String referer = request.getHeader("Referer");

if (referer == null || Arrays.stream(allowedDomains).anyMatch(referer::contains)) {

return true;

} else {

response.sendError(HttpServletResponse.SC_FORBIDDEN, "Hotlinking not allowed");

return false;

}

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {}

@Override

public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {}

}

```

接着,需要注册该拦截器:

```java

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.servlet.config.annotation.InterceptorRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration

public class WebConfig implements WebMvcConfigurer {

@Autowired

private HotlinkProtectionInterceptor hotlinkProtectionInterceptor;

@Override

public void addInterceptors(InterceptorRegistry registry) {

registry.addInterceptor(hotlinkProtectionInterceptor).addPathPatterns("/resources/**");

}

}

```

3. 配置Nginx

如果你的应用程序是通过Nginx或其他反向代理服务器访问的,那么可以在Nginx配置文件中添加防盗链规则,这种方法通常更为高效:

```nginx

location /resources/ {

valid_referers none blocked yourdomain.com *.yourdomain.com;

if ($invalid_referer) {

return 403;

}

}

```

这三种方法都可以有效地防止其他网站直接链接到你的资源。选择哪种方法取决于你的具体需求和技术栈。

相关推荐
都叫我大帅哥25 分钟前
🌊 Redis Stream深度探险:从秒杀系统到面试通关
java·redis
都叫我大帅哥26 分钟前
Redis持久化全解析:从健忘症患者到记忆大师的逆袭
java·redis
程序猿阿越44 分钟前
Kafka源码(一)Controller选举与创建Topic
java·后端·源码
程序员爱钓鱼1 小时前
Go语言项目工程化 — 常见开发工具与 CI/CD 支持
开发语言·后端·golang·gin
程序无bug1 小时前
Spring6 当中 Bean 的生命周期的详细解析:有五步,有七步,有十步
java
二川bro1 小时前
飞算智造JavaAI:智能编程革命——AI重构Java开发新范式
java·人工智能·重构
Jiude1 小时前
MinIO 社区版被故意阉割,Web管理功能全面移除。我来试试国产RustFS
后端·docker·架构
Q_970956391 小时前
java+vue+SpringBoo校园失物招领网站(程序+数据库+报告+部署教程+答辩指导)
java·数据库·vue.js
仰望星空@脚踏实地1 小时前
Spring Boot Web 服务单元测试设计指南
spring boot·后端·单元测试