netty实战入门——安全保证-创新互联
rpc 安全保证
空闲检测(应用层keep alive)
文章标题:netty实战入门——安全保证-创新互联
文章起源:http://myzitong.com/article/dpdpgp.html
server端超过10s没收到client信息,连接断开
client超过5s没有写事件发生时,则发送 keep alive,防止连接被断开
sever:
@Slf4j
public class ServerIdleCheckHandler extends IdleStateHandler {public ServerIdleCheckHandler() {super(10, 0, 0, TimeUnit.SECONDS);
}
@Override
protected void channelIdle(ChannelHandlerContext ctx, IdleStateEvent evt) throws Exception {if (IdleStateEvent.READER_IDLE_STATE_EVENT.equals(evt)) {log.info(" No reading for more than 10 seconds, connection closed");
ctx.close();
}
super.channelIdle(ctx, evt);
}
}
client:
触发writeIdleEvent
public class ClientIdleCheckHandler extends IdleStateHandler {public ClientIdleCheckHandler() {super(0, 5, 0);
}
}
处理writeIdleEvent,发送keepalive
@Sharable
@Slf4j
public class KeepaliveHandler extends ChannelInboundHandlerAdapter {@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {if (IdleStateEvent.WRITER_IDLE_STATE_EVENT.equals(evt)) {log.info("write idle happen, so need to send keepalive");
KeepaliveOperation keepaliveOperation = new KeepaliveOperation();
RequestMessage requestMessage = new RequestMessage(IdUtil.nextId(), keepaliveOperation);
ctx.writeAndFlush(requestMessage);
}
super.userEventTriggered(ctx, evt);
}
}
添加到pipeLine
pipeline.addLast("idleChecker", new ClientIdleCheckHandler()); // 顺序不能变
pipeline.addLast("keepaliveHandler", keepaliveHandler); // 保证ClientIdleCheckHandler触发的事件能被keepaliveHandler捕获
黑白名单IpSubnetFilterRule ipSubnetFilterRule = new IpSubnetFilterRule("127.0.0.1", 8, IpFilterRuleType.REJECT);
IpSubnetFilter ipSubnetFilter = new IpSubnetFilter(ipSubnetFilterRule);
自定义授权@Slf4j
@Sharable
public class AuthHandler extends SimpleChannelInboundHandler{@Override
protected void channelRead0(ChannelHandlerContext ctx, RequestMessage msg) throws Exception {Operation messageBody = msg.getMessageBody();
try {if (messageBody instanceof AuthOperation) {AuthOperation authOperation = AuthOperation.class.cast(messageBody);
AuthOperationResult result = authOperation.execute();
if (result.isPassAuth()) {log.info("successfully pass auth");
} else {log.error("fail to pass auth");
ctx.close();
}
}
} finally {ctx.pipeline().remove(this);
}
}
}
SSL生成证书
SelfSignedCertificate certificate = new SelfSignedCertificate();
SslContext sslContext = SslContextBuilder.forServer(certificate.certificate(), certificate.privateKey()).build();
添加sslHandler到pipline
SslHandler sslHandler = sslContext.newHandler(ch.alloc());
pipeline.addLast("sslHandler", sslHandler);
你是否还在寻找稳定的海外服务器提供商?创新互联www.cdcxhl.cn海外机房具备T级流量清洗系统配攻击溯源,准确流量调度确保服务器高可用性,企业级服务器适合批量采购,新人活动首月15元起,快前往官网查看详情吧
文章标题:netty实战入门——安全保证-创新互联
文章起源:http://myzitong.com/article/dpdpgp.html