netty实战入门——安全保证-创新互联

rpc 安全保证 空闲检测(应用层keep alive)

server端超过10s没收到client信息,连接断开
client超过5s没有写事件发生时,则发送 keep alive,防止连接被断开

成都创新互联是一家网站设计公司,集创意、互联网应用、软件技术为一体的创意网站建设服务商,主营产品:响应式网站、品牌网站建设营销型网站。我们专注企业品牌在网站中的整体树立,网络互动的体验,以及在手机等移动端的优质呈现。做网站、网站建设、移动互联产品、网络运营、VI设计、云产品.运维为核心业务。为用户提供一站式解决方案,我们深知市场的竞争激烈,认真对待每位客户,为客户提供赏析悦目的作品,网站的价值服务。

sever:

@Slf4j
public class ServerIdleCheckHandler extends IdleStateHandler {public ServerIdleCheckHandler() {super(10, 0, 0, TimeUnit.SECONDS);
    }

    @Override
    protected void channelIdle(ChannelHandlerContext ctx, IdleStateEvent evt) throws Exception {if (IdleStateEvent.READER_IDLE_STATE_EVENT.equals(evt)) {log.info(" No reading for more than 10 seconds, connection closed");
            ctx.close();
        }
        super.channelIdle(ctx, evt);
    }
}

client:

触发writeIdleEvent

public class ClientIdleCheckHandler extends IdleStateHandler {public ClientIdleCheckHandler() {super(0, 5, 0);
    }
}

处理writeIdleEvent,发送keepalive

@Sharable
@Slf4j
public class KeepaliveHandler extends ChannelInboundHandlerAdapter {@Override
    public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {if (IdleStateEvent.WRITER_IDLE_STATE_EVENT.equals(evt)) {log.info("write idle happen, so need to send keepalive");
            KeepaliveOperation keepaliveOperation = new KeepaliveOperation();
            RequestMessage requestMessage = new RequestMessage(IdUtil.nextId(), keepaliveOperation);
            ctx.writeAndFlush(requestMessage);
        }
        super.userEventTriggered(ctx, evt);
    }
}

添加到pipeLine

pipeline.addLast("idleChecker", new ClientIdleCheckHandler()); // 顺序不能变
pipeline.addLast("keepaliveHandler", keepaliveHandler);        // 保证ClientIdleCheckHandler触发的事件能被keepaliveHandler捕获
黑白名单
IpSubnetFilterRule ipSubnetFilterRule = new IpSubnetFilterRule("127.0.0.1", 8, IpFilterRuleType.REJECT);
IpSubnetFilter ipSubnetFilter = new IpSubnetFilter(ipSubnetFilterRule);
自定义授权
@Slf4j
@Sharable
public class AuthHandler extends SimpleChannelInboundHandler{@Override
    protected void channelRead0(ChannelHandlerContext ctx, RequestMessage msg) throws Exception {Operation messageBody = msg.getMessageBody();
        try {if (messageBody instanceof AuthOperation) {AuthOperation authOperation = AuthOperation.class.cast(messageBody);
                AuthOperationResult result = authOperation.execute();
                if (result.isPassAuth()) {log.info("successfully pass auth");
                } else {log.error("fail to pass auth");
                    ctx.close();
                }
            }
        } finally {ctx.pipeline().remove(this);
        }
    }
}
SSL

生成证书

SelfSignedCertificate certificate = new SelfSignedCertificate();
SslContext sslContext = SslContextBuilder.forServer(certificate.certificate(), certificate.privateKey()).build();

添加sslHandler到pipline

SslHandler sslHandler = sslContext.newHandler(ch.alloc());
pipeline.addLast("sslHandler", sslHandler);

你是否还在寻找稳定的海外服务器提供商?创新互联www.cdcxhl.cn海外机房具备T级流量清洗系统配攻击溯源,准确流量调度确保服务器高可用性,企业级服务器适合批量采购,新人活动首月15元起,快前往官网查看详情吧


文章标题:netty实战入门——安全保证-创新互联
文章起源:http://myzitong.com/article/dpdpgp.html