pioneer
/
open-JSD-10008
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
485 KiB
 
 
Tree: 863cd92bb9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '863cd92bb9'
${ noResults }
open-JSD-10008/src/main/java/com/eco/plugin/xx/kdxfsso/utils/IPUtils.java

309 lines
9.9 KiB
Raw Blame History

package com.eco.plugin.xx.kdxfsso.utils;
import com.fr.data.NetworkHelper;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.stable.web.Device;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class IPUtils {
/**
* 私有IP:
* A类 10.0.0.0-10.255.255.255
* B类 172.16.0.0-172.31.255.255
* C类 192.168.0.0-192.168.255.255
*
* 127这个网段是环回地址
* localhost
*/
static List<Pattern> ipFilterRegexList = new ArrayList<>();
static {
Set<String> ipFilter = new HashSet<String>();
ipFilter.add("^10\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])"
+ "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" + "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
// B类地址范围: 172.16.0.0---172.31.255.255
ipFilter.add("^172\\.(1[6789]|2[0-9]|3[01])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\"
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
// C类地址范围: 192.168.0.0---192.168.255.255
ipFilter.add("^192\\.168\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\"
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
ipFilter.add("127.0.0.1");
ipFilter.add("0.0.0.0");
ipFilter.add("localhost");
for (String tmp : ipFilter) {
ipFilterRegexList.add(Pattern.compile(tmp));
}
}
// IP的正则,这个正则不能验证第一组数字为0的情况
private static Pattern pattern = Pattern
.compile("([1-9]\\d?|1\\d{2}|2[01]\\d|22[0-3])\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})");
/**
*
* getAvaliIpList:(根据IP白名单设置获取可用的IP列表).
*
* @date 2020-11-11 下午02:50:20
* @return
*/
private static Set<String> getAvaliIpList(String allowIp) {
Set<String> ipList = new HashSet<String>();
for (String allow : allowIp.replaceAll("\\s", "").split(",")) {
if (allow.indexOf("*") > -1) {
String[] ips = allow.split("\\.");
String[] from = new String[] { "0", "0", "0", "0" };
String[] end = new String[] { "255", "255", "255", "255" };
List<String> tem = new ArrayList<String>();
for (int i = 0; i < ips.length; i++)
if (ips[i].indexOf("*") > -1) {
//todo 直接用等于,不能正确获取类似192.168.**.*这种格式的ip段
tem = complete(ips[i]);
from[i] = null;
end[i] = null;
} else {
from[i] = ips[i];
end[i] = ips[i];
}
StringBuffer fromIP = new StringBuffer();
StringBuffer endIP = new StringBuffer();
for (int i = 0; i < 4; i++)
if (from[i] != null) {
fromIP.append(from[i]).append(".");
endIP.append(end[i]).append(".");
} else {
fromIP.append("[*].");
endIP.append("[*].");
}
fromIP.deleteCharAt(fromIP.length() - 1);
endIP.deleteCharAt(endIP.length() - 1);
for (String s : tem) {
String ip = fromIP.toString().replace("[*]",
s.split(";")[0])
+ "-"
+ endIP.toString().replace("[*]", s.split(";")[1]);
if (validate(ip)) {
ipList.add(ip);
}
}
} else {
if (validate(allow)) {
ipList.add(allow);
}
}
}
return ipList;
}
/**
* 对单个IP节点进行范围限定
*
* @param arg
* @return 返回限定后的IP范围,格式为List[10;19, 100;199]
*/
private static List<String> complete(String arg) {
List<String> com = new ArrayList<String>();
if (arg.length() == 1) {
com.add("0;255");
} else if (arg.length() == 2) {
String s1 = complete(arg, 1);
if (s1 != null)
com.add(s1);
String s2 = complete(arg, 2);
if (s2 != null)
com.add(s2);
} else {
String s1 = complete(arg, 1);
if (s1 != null)
com.add(s1);
}
return com;
}
private static String complete(String arg, int length) {
String from = "";
String end = "";
if (length == 1) {
from = arg.replace("*", "0");
end = arg.replace("*", "9");
} else {
from = arg.replace("*", "00");
end = arg.replace("*", "99");
}
if (Integer.valueOf(from) > 255)
return null;
if (Integer.valueOf(end) > 255)
end = "255";
return from + ";" + end;
}
/**
* 在添加至白名单时进行格式校验
*
* @param ip
* @return
*/
private static boolean validate(String ip) {
for (String s : ip.split("-"))
if (!pattern.matcher(s).matches()) {
return false;
}
return true;
}
/**
*
* checkLoginIP:(根据IP,及可用Ip列表来判断ip是否包含在白名单之中).
* @date 2017-4-17 下午03:01:03
* @param ip
* @param ipList
* @return
*/
private static boolean checkLoginIP(String ip, Set<String> ipList) {
if (ipList.isEmpty() || ipList.contains(ip))
return true;
else {
for (String allow : ipList) {
if (allow.indexOf("-") > -1) {
String[] from = allow.split("-")[0].split("\\.");
String[] end = allow.split("-")[1].split("\\.");
String[] tag = ip.split("\\.");
// 对IP从左到右进行逐段匹配
boolean check = true;
for (int i = 0; i < 4; i++) {
int s = Integer.valueOf(from[i]);
int t = Integer.valueOf(tag[i]);
int e = Integer.valueOf(end[i]);
if (!(s <= t && t <= e)) {
check = false;
break;
}
}
if (check) {
return true;
}
}
}
}
return false;
}
/**
*
* checkLoginIP:(根据IP地址,及IP白名单设置规则判断IP是否包含在白名单).
* @date 2017-4-17 下午03:01:37
* @param ip
* @param ipWhiteConfig
* @return
*/
public static boolean checkLoginIP(String ip,String ipWhiteConfig){
Set<String> ipList = getAvaliIpList(ipWhiteConfig);
return checkLoginIP(ip, ipList);
}
/**
* 获取真实IP 原逻辑
* @param request
* @return
*/
public static String getRealIp(HttpServletRequest request) {
// 这个一般是Nginx反向代理设置的参数
String ip = request.getHeader("X-Real-IP");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Forwarded-For");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
// 处理多IP的情况(只取最后一个IP)
if (ip != null && ip.contains(",")) {
String[] ipArray = ip.split(",");
ip = ipArray[ipArray.length-1];
}
return ip;
}
/**
* 判断IP是否内网IP
* @Title: ipIsInner
* @param ip
* @return: boolean
*/
public static boolean ipIsInner(String ip) {
FRUtils.FRLogInfo("ip:"+ip);
boolean isInnerIp = false;
for (Pattern tmp : ipFilterRegexList) {
Matcher matcher = tmp.matcher(ip);
if (matcher.find()) {
isInnerIp = true;
break;
}
}
return isInnerIp;
}
// token有效性检验
public static boolean checkTokenValid(HttpServletRequest req, String token) {
// 判断该token是否还保存在状态服务器中,也就是判断该token是否还有用
try {
Device device = NetworkHelper.getDevice(req);
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device));
return true;
} catch (Exception e) {
}
return false;
}
/**
* 判断是否是内网IP "192.168.1.1," + //设置单个IP的白名单
* "192.168.*.2," + //设置ip通配符,对一个ip段进行匹配
* "192.168.3.17-192.168.3.38"; //设置一个IP范围
* @param ip
* @return
*/
public static boolean isInnerIP(String ip,String ipWhite) throws IOException {
String ip4[]=ip.split("\\.");
if(ip4.length==4) {
return checkLoginIP(ip,ipWhite);
}else{
return false;
}
}
}