Quick Start - Access Control

2023-09-10

This section will introduce how to restrict interface access through annotations and learn related parameters for more precise control.

Step 1: Add Maven Dependency#

<dependency>
    <groupId>io.github.liuye744</groupId>
    <artifactId>simpleAuth-spring-boot-starter</artifactId>
    <version>1.4.7.RELEASE</version>
</dependency>

Step 2: Add Annotations to Controller#

Annotations can be added to the entire Controller or to individual functions within the Controller. If the access exceeds the limit, an AccessIsRestrictedException will be thrown.

@RestController
public class MyController {
    @GetMapping("say")
    // Allow only 5 accesses within 10 minutes, after which access will be forbidden for 10 minutes
    @SimpleLimit(value = 5, seconds = 600, ban = 600)
    public String say(){
        return "Hello World";
    }
}

Other Examples#

Use Case 1: Determine Whether to Record the Operation Based on the Return Value#

Record the operation only when "success" is returned; do not record the operation when other content is returned, and do not restrict access.

@RestController
public class MyController {
    @GetMapping("say")
    @SimpleLimit(effectiveStrategic = MyEffectiveStrategic.class)
    public String say(String str){
        if (str.length()>3 && str.length()<12){
            return "success";
        }else {
            return "fail";
        }
    }
}

public class MyEffectiveStrategic extends EffectiveStrategic {
    @Override
    public Boolean effective(HttpServletRequest request, ProceedingJoinPoint joinPoint, Object result) {
        String myResult = (String)result;
        // Return true to record, false not to record
        return "success".equals(myResult);
    }
}

Use Case 2: Different Operation Records for the Same Interface with Different Parameters#

Different access restrictions for different parameters passed (for example, wanting to restrict each resource to be liked only N times within a specified time period).

@RestController
public class MyController {
    @GetMapping("say")
    @SimpleLimit(signStrategic = MySignStrategic.class)
    public String say(String str){
        return "Hello World";
    }
}
public class MySignStrategic extends SignStrategic {
    @Override
    public String sign(HttpServletRequest request, ProceedingJoinPoint joinPoint) {
        final Object[] args = joinPoint.getArgs();
        final Signature signature = joinPoint.getSignature();
        // Append the parameters to the user's sign to ensure that each user has a different sign for different parameters
        StringBuilder sb = new StringBuilder();
        sb.append(signature);
        for (Object arg : args) {
            sb.append(arg.toString());
        }
        System.out.println(sb);
        return sb.toString();
    }
}

Or you can use the predefined DiffParameterSign strategy to achieve the same effect.

@RestController
public class MyController {
    @GetMapping("say")
    @SimpleLimit(signStrategic = DiffParameterSign.class)
    public String say(String str){
        return "Hello World";
    }
}

Use Case 3: Custom Access Control#

// Global access control
@Component
public class MyInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        final String addr = request.getRemoteAddr();
        // Use the user's address as the identifier, allowing only 2 accesses every 5 minutes (300s), after which access is forbidden for 10 minutes
        // The addRecord function returns true if access is allowed after the call, and false if access is forbidden
        return LimitInfoUtil.addRecord("GLOBAL_ACCESS_CONTROL", addr, 2, 300, 600);
    }
}
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new MyInterceptor()).addPathPatterns("/*");
    }
}